mirror of
https://github.com/containers/podman
synced 2024-10-21 01:34:37 +00:00
Merge pull request #13687 from rhatdan/VENDOR
Vendor in new opencontainers/selinux
This commit is contained in:
commit
cdbc33112e
|
@ -320,6 +320,10 @@ Print usage statement
|
|||
|
||||
Pass through HTTP Proxy environment variables.
|
||||
|
||||
#### **--identity-label**
|
||||
|
||||
Adds default identity label `io.buildah.version` if set. (default true).
|
||||
|
||||
#### **--ignorefile**
|
||||
|
||||
Path to an alternative .containerignore file.
|
||||
|
|
15
go.mod
15
go.mod
|
@ -11,13 +11,13 @@ require (
|
|||
github.com/container-orchestrated-devices/container-device-interface v0.3.0
|
||||
github.com/containernetworking/cni v1.0.1
|
||||
github.com/containernetworking/plugins v1.1.1
|
||||
github.com/containers/buildah v1.24.3-0.20220310160415-5ec70bf01ea5
|
||||
github.com/containers/common v0.47.5-0.20220323125147-7dc6e944d625
|
||||
github.com/containers/buildah v1.25.2-0.20220406205807-5b8e79118057
|
||||
github.com/containers/common v0.47.5-0.20220405040919-5d3a1effbf99
|
||||
github.com/containers/conmon v2.0.20+incompatible
|
||||
github.com/containers/image/v5 v5.20.1-0.20220310094651-0d8056ee346f
|
||||
github.com/containers/image/v5 v5.21.0
|
||||
github.com/containers/ocicrypt v1.1.3
|
||||
github.com/containers/psgo v1.7.2
|
||||
github.com/containers/storage v1.38.3-0.20220321121613-8e565392dd91
|
||||
github.com/containers/storage v1.39.1-0.20220330193934-f3200eb5a5d9
|
||||
github.com/coreos/go-systemd/v22 v22.3.2
|
||||
github.com/coreos/stream-metadata-go v0.0.0-20210225230131-70edb9eb47b3
|
||||
github.com/cyphar/filepath-securejoin v0.2.3
|
||||
|
@ -45,16 +45,15 @@ require (
|
|||
github.com/mrunalp/fileutils v0.5.0
|
||||
github.com/nxadm/tail v1.4.8
|
||||
github.com/onsi/ginkgo v1.16.5
|
||||
github.com/onsi/gomega v1.18.1
|
||||
github.com/onsi/gomega v1.19.0
|
||||
github.com/opencontainers/go-digest v1.0.0
|
||||
github.com/opencontainers/image-spec v1.0.3-0.20220114050600-8b9d41f48198
|
||||
github.com/opencontainers/runc v1.1.0
|
||||
github.com/opencontainers/runc v1.1.1
|
||||
github.com/opencontainers/runtime-spec v1.0.3-0.20211214071223-8958f93039ab
|
||||
github.com/opencontainers/runtime-tools v0.9.1-0.20220110225228-7e2d60f1e41f
|
||||
github.com/opencontainers/selinux v1.10.0
|
||||
github.com/opencontainers/selinux v1.10.1
|
||||
github.com/pkg/errors v0.9.1
|
||||
github.com/pmezard/go-difflib v1.0.0
|
||||
github.com/prometheus/client_golang v1.11.1 // indirect
|
||||
github.com/rootless-containers/rootlesskit v1.0.0
|
||||
github.com/sirupsen/logrus v1.8.1
|
||||
github.com/spf13/cobra v1.4.0
|
||||
|
|
53
go.sum
53
go.sum
|
@ -125,7 +125,6 @@ github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAE
|
|||
github.com/OpenPeeDeeP/depguard v1.0.1/go.mod h1:xsIw86fROiiwelg+jB2uM9PiKihMMmUx/1V+TNhjQvM=
|
||||
github.com/ProtonMail/go-crypto v0.0.0-20210428141323-04723f9f07d7/go.mod h1:z4/9nQmJSSwwds7ejkxaJwO37dru3geImFUdJlaLzQo=
|
||||
github.com/ProtonMail/go-crypto v0.0.0-20210920160938-87db9fbc61c7/go.mod h1:z4/9nQmJSSwwds7ejkxaJwO37dru3geImFUdJlaLzQo=
|
||||
github.com/ProtonMail/go-crypto v0.0.0-20211112122917-428f8eabeeb3/go.mod h1:z4/9nQmJSSwwds7ejkxaJwO37dru3geImFUdJlaLzQo=
|
||||
github.com/ProtonMail/go-crypto v0.0.0-20220113124808-70ae35bab23f/go.mod h1:z4/9nQmJSSwwds7ejkxaJwO37dru3geImFUdJlaLzQo=
|
||||
github.com/PuerkitoBio/purell v1.0.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
|
||||
github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
|
||||
|
@ -286,8 +285,9 @@ github.com/containerd/containerd v1.5.1/go.mod h1:0DOxVqwDy2iZvrZp2JUx/E+hS0UNTV
|
|||
github.com/containerd/containerd v1.5.7/go.mod h1:gyvv6+ugqY25TiXxcZC3L5yOeYgEw0QMhscqVp1AR9c=
|
||||
github.com/containerd/containerd v1.5.8/go.mod h1:YdFSv5bTFLpG2HIYmfqDpSYYTDX+mc5qtSuYx1YUb/s=
|
||||
github.com/containerd/containerd v1.5.9/go.mod h1:fvQqCfadDGga5HZyn3j4+dx56qj2I9YwBrlSdalvJYQ=
|
||||
github.com/containerd/containerd v1.6.1 h1:oa2uY0/0G+JX4X7hpGCYvkp9FjUancz56kSNnb1sG3o=
|
||||
github.com/containerd/containerd v1.6.1/go.mod h1:1nJz5xCZPusx6jJU8Frfct988y0NpumIq9ODB0kLtoE=
|
||||
github.com/containerd/containerd v1.6.2 h1:pcaPUGbYW8kBw6OgIZwIVIeEhdWVrBzsoCfVJ5BjrLU=
|
||||
github.com/containerd/containerd v1.6.2/go.mod h1:sidY30/InSE1j2vdD1ihtKoJz+lWdaXMdiAeIupaf+s=
|
||||
github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
|
||||
github.com/containerd/continuity v0.0.0-20190815185530-f2a389ac0a02/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
|
||||
github.com/containerd/continuity v0.0.0-20191127005431-f65d91d395eb/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
|
||||
|
@ -325,7 +325,6 @@ github.com/containerd/stargz-snapshotter/estargz v0.9.0/go.mod h1:aE5PCyhFMwR8sb
|
|||
github.com/containerd/stargz-snapshotter/estargz v0.10.1/go.mod h1:aE5PCyhFMwR8sbrErO5eM2GcvkyXTTJremG883D4qF0=
|
||||
github.com/containerd/stargz-snapshotter/estargz v0.11.0/go.mod h1:/KsZXsJRllMbTKFfG0miFQWViQKdI9+9aSXs+HN0+ac=
|
||||
github.com/containerd/stargz-snapshotter/estargz v0.11.1/go.mod h1:6VoPcf4M1wvnogWxqc4TqBWWErCS+R+ucnPZId2VbpQ=
|
||||
github.com/containerd/stargz-snapshotter/estargz v0.11.2/go.mod h1:rjbdAXaytDSIrAy2WAy2kUrJ4ehzDS0eUQLlIb5UCY0=
|
||||
github.com/containerd/stargz-snapshotter/estargz v0.11.3 h1:k2kN16Px6LYuv++qFqK+JTcYqc8bEVxzGpf8/gFBL5M=
|
||||
github.com/containerd/stargz-snapshotter/estargz v0.11.3/go.mod h1:7vRJIcImfY8bpifnMjt+HTJoQxASq7T28MYbP15/Nf0=
|
||||
github.com/containerd/ttrpc v0.0.0-20190828154514-0e0f228740de/go.mod h1:PvCDdDGpgqzQIzDW1TphrGLssLDZp2GuS+X5DkEJB8o=
|
||||
|
@ -353,19 +352,17 @@ github.com/containernetworking/plugins v0.9.1/go.mod h1:xP/idU2ldlzN6m4p5LmGiwRD
|
|||
github.com/containernetworking/plugins v1.0.1/go.mod h1:QHCfGpaTwYTbbH+nZXKVTxNBDZcxSOplJT5ico8/FLE=
|
||||
github.com/containernetworking/plugins v1.1.1 h1:+AGfFigZ5TiQH00vhR8qPeSatj53eNGz0C1d3wVYlHE=
|
||||
github.com/containernetworking/plugins v1.1.1/go.mod h1:Sr5TH/eBsGLXK/h71HeLfX19sZPp3ry5uHSkI4LPxV8=
|
||||
github.com/containers/buildah v1.24.3-0.20220310160415-5ec70bf01ea5 h1:RMJG1wCPQqZX7o9xGzpmR0U7NppgquSQunTi8qmP9Do=
|
||||
github.com/containers/buildah v1.24.3-0.20220310160415-5ec70bf01ea5/go.mod h1:C5+kt1nmYVf1N+/pk4WepycLD+m4lEIRgJQ0eXqhADo=
|
||||
github.com/containers/common v0.47.4/go.mod h1:HgX0mFXyB0Tbe2REEIp9x9CxET6iSzmHfwR6S/t2LZc=
|
||||
github.com/containers/common v0.47.5-0.20220323125147-7dc6e944d625 h1:5DjLA4CnjyBKyNgmzB1TDV2Rd3uTBPrLdlSQM0/Fw9c=
|
||||
github.com/containers/common v0.47.5-0.20220323125147-7dc6e944d625/go.mod h1:2BKzvlHRLfsdBTCu5IvIxhHS+RcH3J53UDh/DpWInJg=
|
||||
github.com/containers/buildah v1.25.2-0.20220406205807-5b8e79118057 h1:lKSxhMBpcHyyQrj2QJYzcm56uiSeibRdSL2KoppF6rg=
|
||||
github.com/containers/buildah v1.25.2-0.20220406205807-5b8e79118057/go.mod h1:iSoopbYRb6K4b5c3hXgXNkGTI/T085t2+XiGjceud94=
|
||||
github.com/containers/common v0.47.5-0.20220331143923-5f14ec785c18/go.mod h1:Vr2Fn6EdzD6JNAbz8L8bTv3uWLv2p31Ih2O3EAK6Hyc=
|
||||
github.com/containers/common v0.47.5-0.20220405040919-5d3a1effbf99 h1:l11SsRJ9tKgnmS+ltdzMrsc15TIFrOH/o8EE1FZ9jTo=
|
||||
github.com/containers/common v0.47.5-0.20220405040919-5d3a1effbf99/go.mod h1:0mfWn1RRdpBjXmiunOVLaJ1I86pQjXKAc8zuiAuUesk=
|
||||
github.com/containers/conmon v2.0.20+incompatible h1:YbCVSFSCqFjjVwHTPINGdMX1F6JXHGTUje2ZYobNrkg=
|
||||
github.com/containers/conmon v2.0.20+incompatible/go.mod h1:hgwZ2mtuDrppv78a/cOBNiCm6O0UMWGx1mu7P00nu5I=
|
||||
github.com/containers/image/v5 v5.19.1/go.mod h1:ewoo3u+TpJvGmsz64XgzbyTHwHtM94q7mgK/pX+v2SE=
|
||||
github.com/containers/image/v5 v5.19.2-0.20220224100137-1045fb70b094/go.mod h1:XoYK6kE0dpazFNcuS+a8lra+QfbC6s8tzv+cUuCrZpE=
|
||||
github.com/containers/image/v5 v5.20.0/go.mod h1:5UL1ooih6+USVYXk19r8ScQNsbTprhlJxrHezAu4OVE=
|
||||
github.com/containers/image/v5 v5.20.1-0.20220310094651-0d8056ee346f h1:ImqEKtpCKzTFPHip7pJgCifVcsL1X4KFAG/nSbcHL3U=
|
||||
github.com/containers/image/v5 v5.20.1-0.20220310094651-0d8056ee346f/go.mod h1:vNjDRRmRcuVp6r1JuLQRDhb/Zkj5uXedRjT9ZmjrG70=
|
||||
github.com/containers/libtrust v0.0.0-20190913040956-14b96171aa3b/go.mod h1:9rfv8iPl1ZP7aqh9YA68wnZv2NUDbXdcdPHVz0pFbPY=
|
||||
github.com/containers/image/v5 v5.20.1-0.20220404163228-d03e80fc66b3/go.mod h1:2nEPM0WuinC/0ssPsMv5Iy8YaRueUUTmTp3C7bn5uro=
|
||||
github.com/containers/image/v5 v5.21.0 h1:pDS3kjJBlaGDItKzjvJDqKXwyQs01gv54b6QuMuaH4g=
|
||||
github.com/containers/image/v5 v5.21.0/go.mod h1:2nEPM0WuinC/0ssPsMv5Iy8YaRueUUTmTp3C7bn5uro=
|
||||
github.com/containers/libtrust v0.0.0-20200511145503-9c3a6c22cd9a h1:spAGlqziZjCJL25C6F1zsQY05tfCKE9F5YwtEWWe6hU=
|
||||
github.com/containers/libtrust v0.0.0-20200511145503-9c3a6c22cd9a/go.mod h1:9rfv8iPl1ZP7aqh9YA68wnZv2NUDbXdcdPHVz0pFbPY=
|
||||
github.com/containers/ocicrypt v1.0.1/go.mod h1:MeJDzk1RJHv89LjsH0Sp5KTY3ZYkjXO/C+bKAeWFIrc=
|
||||
|
@ -380,9 +377,9 @@ github.com/containers/storage v1.37.0/go.mod h1:kqeJeS0b7DO2ZT1nVWs0XufrmPFbgV3c
|
|||
github.com/containers/storage v1.38.0/go.mod h1:lBzt28gAk5ADZuRtwdndRJyqX22vnRaXmlF+7ktfMYc=
|
||||
github.com/containers/storage v1.38.2/go.mod h1:INP0RPLHWBxx+pTsO5uiHlDUGHDFvWZPWprAbAlQWPQ=
|
||||
github.com/containers/storage v1.38.3-0.20220301151551-d06b0f81c0aa/go.mod h1:LkkL34WRi4dI4jt9Cp+ImdZi/P5i36glSHimT5CP5zM=
|
||||
github.com/containers/storage v1.38.3-0.20220308085612-93ce26691863/go.mod h1:uhf9mPUP+uYajC2/S0A9NaCVa2JJ6+1C254ue4Edv2g=
|
||||
github.com/containers/storage v1.38.3-0.20220321121613-8e565392dd91 h1:gEbkqcBM3XFbIz6L9bpJyUEcuDd8vi8jzyrneVS8At4=
|
||||
github.com/containers/storage v1.38.3-0.20220321121613-8e565392dd91/go.mod h1:UAD0cKLouN4BOQRgZut/nMjrh/EnTCjSNPgp4ZuGWMs=
|
||||
github.com/containers/storage v1.39.0/go.mod h1:UAD0cKLouN4BOQRgZut/nMjrh/EnTCjSNPgp4ZuGWMs=
|
||||
github.com/containers/storage v1.39.1-0.20220330193934-f3200eb5a5d9 h1:fA/2FemaDv+POCJgg+QGJm84gMEDBwL5H0lDeubDJoE=
|
||||
github.com/containers/storage v1.39.1-0.20220330193934-f3200eb5a5d9/go.mod h1:IMa2AfBI+Fxxk2hQqLTGhpJX6z2pZS1/I785QJeUwUY=
|
||||
github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
|
||||
github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
|
||||
github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
|
||||
|
@ -449,7 +446,6 @@ github.com/docker/distribution v2.8.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4Kfc
|
|||
github.com/docker/docker v1.4.2-0.20190924003213-a8608b5b67c7/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
|
||||
github.com/docker/docker v20.10.3-0.20220208084023-a5c757555091+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
|
||||
github.com/docker/docker v20.10.12+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
|
||||
github.com/docker/docker v20.10.13+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
|
||||
github.com/docker/docker v20.10.14+incompatible h1:+T9/PRYWNDo5SZl5qS1r9Mo/0Q8AwxKKPtu9S1yxM0w=
|
||||
github.com/docker/docker v20.10.14+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
|
||||
github.com/docker/docker-credential-helpers v0.6.3/go.mod h1:WRaJzqw3CTB9bk10avuGsjVBZsD05qeibJ1/TYlvc0Y=
|
||||
|
@ -694,6 +690,7 @@ github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLe
|
|||
github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
|
||||
github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
|
||||
github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
|
||||
github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
|
||||
github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
|
||||
github.com/google/pprof v0.0.0-20210609004039-a478d1d731e9/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
|
||||
github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
|
||||
|
@ -880,7 +877,6 @@ github.com/klauspost/compress v1.14.1/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47e
|
|||
github.com/klauspost/compress v1.14.2/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
|
||||
github.com/klauspost/compress v1.14.3/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
|
||||
github.com/klauspost/compress v1.14.4/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
|
||||
github.com/klauspost/compress v1.15.0/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
|
||||
github.com/klauspost/compress v1.15.1 h1:y9FcTHGyrebwfP0ZZqFiaxTaiDnUrGkJkI+f583BL1A=
|
||||
github.com/klauspost/compress v1.15.1/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
|
||||
github.com/klauspost/pgzip v1.2.5 h1:qnWYvvKqedOF2ulHpMG72XQol4ILEJ8k2wwRl/Km8oE=
|
||||
|
@ -914,8 +910,8 @@ github.com/linuxkit/virtsock v0.0.0-20201010232012-f8cee7dfc7a3/go.mod h1:3r6x7q
|
|||
github.com/logrusorgru/aurora v0.0.0-20181002194514-a7b3b318ed4e/go.mod h1:7rIyQOR62GCctdiQpZ/zOJlFyk6y+94wXzv6RNZgaR4=
|
||||
github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0/go.mod h1:zJYVVT2jmtg6P3p1VtQj7WsuWi/y4VnjVBn7F8KPB3I=
|
||||
github.com/lyft/protoc-gen-star v0.5.3/go.mod h1:V0xaHgaf5oCCqmcxYcWiDfTiKsZsRc87/1qhoTACD8w=
|
||||
github.com/magefile/mage v1.11.0/go.mod h1:z5UZb/iS3GoOSn0JgWuiw7dxlurVYTu+/jHXqQg881A=
|
||||
github.com/magefile/mage v1.12.1/go.mod h1:z5UZb/iS3GoOSn0JgWuiw7dxlurVYTu+/jHXqQg881A=
|
||||
github.com/magefile/mage v1.13.0/go.mod h1:z5UZb/iS3GoOSn0JgWuiw7dxlurVYTu+/jHXqQg881A=
|
||||
github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
|
||||
github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
|
||||
github.com/magiconair/properties v1.8.5/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60=
|
||||
|
@ -1069,6 +1065,8 @@ github.com/onsi/ginkgo v1.14.0/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9k
|
|||
github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vvnwo0=
|
||||
github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE=
|
||||
github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU=
|
||||
github.com/onsi/ginkgo/v2 v2.1.3 h1:e/3Cwtogj0HA+25nMP1jCMDIf8RtRYbGwGGuBIFztkc=
|
||||
github.com/onsi/ginkgo/v2 v2.1.3/go.mod h1:vw5CSIxN1JObi/U8gcbwft7ZxR2dgaR70JSE3/PpL4c=
|
||||
github.com/onsi/gomega v1.16.0 h1:6gjqkI8iiRHMvdccRJM8rVKjCWk6ZIm6FTm3ddIe4/c=
|
||||
github.com/onsi/gomega v1.16.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY=
|
||||
github.com/opencontainers/go-digest v0.0.0-20170106003457-a6d0ee40d420/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
|
||||
|
@ -1091,8 +1089,9 @@ github.com/opencontainers/runc v1.0.0-rc9/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rm
|
|||
github.com/opencontainers/runc v1.0.0-rc93/go.mod h1:3NOsor4w32B2tC0Zbl8Knk4Wg84SM2ImC1fxBuqJ/H0=
|
||||
github.com/opencontainers/runc v1.0.2/go.mod h1:aTaHFFwQXuA71CiyxOdFFIorAoemI04suvGRQFzWTD0=
|
||||
github.com/opencontainers/runc v1.0.3/go.mod h1:aTaHFFwQXuA71CiyxOdFFIorAoemI04suvGRQFzWTD0=
|
||||
github.com/opencontainers/runc v1.1.0 h1:O9+X96OcDjkmmZyfaG996kV7yq8HsoU2h1XRRQcefG8=
|
||||
github.com/opencontainers/runc v1.1.0/go.mod h1:Tj1hFw6eFWp/o33uxGf5yF2BX5yz2Z6iptFpuvbbKqc=
|
||||
github.com/opencontainers/runc v1.1.1 h1:PJ9DSs2sVwE0iVr++pAHE6QkS9tzcVWozlPifdwMgrU=
|
||||
github.com/opencontainers/runc v1.1.1/go.mod h1:Tj1hFw6eFWp/o33uxGf5yF2BX5yz2Z6iptFpuvbbKqc=
|
||||
github.com/opencontainers/runtime-spec v0.1.2-0.20190507144316-5b71a03e2700/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
|
||||
github.com/opencontainers/runtime-spec v1.0.1/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
|
||||
github.com/opencontainers/runtime-spec v1.0.2-0.20190207185410-29686dbc5559/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
|
||||
|
@ -1112,12 +1111,12 @@ github.com/opencontainers/selinux v1.8.0/go.mod h1:RScLhm78qiWa2gbVCcGkC7tCGdgk3
|
|||
github.com/opencontainers/selinux v1.8.2/go.mod h1:MUIHuUEvKB1wtJjQdOyYRgOnLD2xAPP8dBsCoU0KuF8=
|
||||
github.com/opencontainers/selinux v1.8.5/go.mod h1:HTvjPFoGMbpQsG886e3lQwnsRWtE4TC1OF3OUvG9FAo=
|
||||
github.com/opencontainers/selinux v1.9.1/go.mod h1:2i0OySw99QjzBBQByd1Gr9gSjvuho1lHsJxIJ3gGbJI=
|
||||
github.com/opencontainers/selinux v1.10.0 h1:rAiKF8hTcgLI3w0DHm6i0ylVVcOrlgR1kK99DRLDhyU=
|
||||
github.com/opencontainers/selinux v1.10.0/go.mod h1:2i0OySw99QjzBBQByd1Gr9gSjvuho1lHsJxIJ3gGbJI=
|
||||
github.com/openshift/imagebuilder v1.2.2 h1:++jWWMkTVJKP2MIjTPaTk2MqwWIOYYlDaQbZyLlLBh0=
|
||||
github.com/openshift/imagebuilder v1.2.2/go.mod h1:TRYHe4CH9U6nkDjxjBNM5klrLbJBrRbpJE5SaRwUBsQ=
|
||||
github.com/opencontainers/selinux v1.10.1 h1:09LIPVRP3uuZGQvgR+SgMSNBd1Eb3vlRbGqQpoHsF8w=
|
||||
github.com/opencontainers/selinux v1.10.1/go.mod h1:2i0OySw99QjzBBQByd1Gr9gSjvuho1lHsJxIJ3gGbJI=
|
||||
github.com/openshift/imagebuilder v1.2.3 h1:jvA7mESJdclRKkTe3Yl6UWlliFNVW6mLY8RI+Rrfhfo=
|
||||
github.com/openshift/imagebuilder v1.2.3/go.mod h1:TRYHe4CH9U6nkDjxjBNM5klrLbJBrRbpJE5SaRwUBsQ=
|
||||
github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o=
|
||||
github.com/ostreedev/ostree-go v0.0.0-20190702140239-759a8c1ac913/go.mod h1:J6OG6YJVEWopen4avK3VNQSnALmmjvniMmni/YFYAwc=
|
||||
github.com/ostreedev/ostree-go v0.0.0-20210805093236-719684c64e4f h1:/UDgs8FGMqwnHagNDPGOlts35QkhAZ8by3DR7nMih7M=
|
||||
github.com/ostreedev/ostree-go v0.0.0-20210805093236-719684c64e4f/go.mod h1:J6OG6YJVEWopen4avK3VNQSnALmmjvniMmni/YFYAwc=
|
||||
github.com/otiai10/copy v1.2.0/go.mod h1:rrF5dJ5F0t/EWSYODDu4j9/vEeYHMkc8jt0zJChqQWw=
|
||||
|
@ -1310,10 +1309,9 @@ github.com/stretchr/testify v1.7.1 h1:5TQK59W5E3v0r2duFAb7P95B6hEeOyEnHRa8MjYSMT
|
|||
github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
|
||||
github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
|
||||
github.com/sylabs/release-tools v0.1.0/go.mod h1:pqP/z/11/rYMQ0OM/Nn7TxGijw7KfZwW9UolD/J1TUo=
|
||||
github.com/sylabs/sif/v2 v2.3.1/go.mod h1:NnvveH62GiibimL00MrI6YYcZfb7DnZMcRo/40giY+0=
|
||||
github.com/sylabs/sif/v2 v2.3.2/go.mod h1:IrLX2pzmQ2O4qgv5iy3HdKJcBNYds9DTMd9Je8A9tX4=
|
||||
github.com/sylabs/sif/v2 v2.4.0 h1:ikDJvXoXG1s4AChO4xSq5zxskw/bc2crTbBYN7bet5U=
|
||||
github.com/sylabs/sif/v2 v2.4.0/go.mod h1:IrLX2pzmQ2O4qgv5iy3HdKJcBNYds9DTMd9Je8A9tX4=
|
||||
github.com/sylabs/sif/v2 v2.4.2 h1:L4jcqeOF33JfSnH+8GJKC7/ooVpzpZ2K7wotGG4ZzqQ=
|
||||
github.com/sylabs/sif/v2 v2.4.2/go.mod h1:6gQvzNKRIqr4FS08XBfHpkpnxv9b7h58GLkSJ1zdK9A=
|
||||
github.com/sylvia7788/contextcheck v1.0.4/go.mod h1:vuPKJMQ7MQ91ZTqfdyreNKwZjyUg6KO+IebVyQDedZQ=
|
||||
github.com/syndtr/gocapability v0.0.0-20170704070218-db04d3cc01c8/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww=
|
||||
github.com/syndtr/gocapability v0.0.0-20180916011248-d98352740cb2/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww=
|
||||
|
@ -1381,7 +1379,6 @@ github.com/willf/bitset v1.1.11/go.mod h1:83CECat5yLh5zVOf4P1ErAgKA5UDvKtgyUABdr
|
|||
github.com/xanzy/ssh-agent v0.3.0/go.mod h1:3s9xbODqPuuhK9JV1R321M/FlMZSBvE5aY6eAcqrDh0=
|
||||
github.com/xanzy/ssh-agent v0.3.1/go.mod h1:QIE4lCeL7nkC25x+yA3LBIYfwCc1TFziCtG7cBAac6w=
|
||||
github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
|
||||
github.com/xeipuuv/gojsonpointer v0.0.0-20190809123943-df4f5c81cb3b/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
|
||||
github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb h1:zGWFAtiMcyryUHoUjUJX0/lt1H2+i2Ka2n+D3DImSNo=
|
||||
github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
|
||||
github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHovont7NscjpAxXsDA8S8BMYve8Y5+7cuRE7R0=
|
||||
|
|
|
@ -95,6 +95,7 @@ func BuildImage(w http.ResponseWriter, r *http.Request) {
|
|||
ForceRm bool `schema:"forcerm"`
|
||||
From string `schema:"from"`
|
||||
HTTPProxy bool `schema:"httpproxy"`
|
||||
IdentityLabel bool `schema:"identitylabel"`
|
||||
Ignore bool `schema:"ignore"`
|
||||
Isolation string `schema:"isolation"`
|
||||
Jobs int `schema:"jobs"` // nolint
|
||||
|
@ -126,10 +127,11 @@ func BuildImage(w http.ResponseWriter, r *http.Request) {
|
|||
UnsetEnvs []string `schema:"unsetenv"`
|
||||
Secrets string `schema:"secrets"`
|
||||
}{
|
||||
Dockerfile: "Dockerfile",
|
||||
Registry: "docker.io",
|
||||
Rm: true,
|
||||
ShmSize: 64 * 1024 * 1024,
|
||||
Dockerfile: "Dockerfile",
|
||||
IdentityLabel: true,
|
||||
Registry: "docker.io",
|
||||
Rm: true,
|
||||
ShmSize: 64 * 1024 * 1024,
|
||||
}
|
||||
|
||||
decoder := r.Context().Value(api.DecoderKey).(*schema.Decoder)
|
||||
|
@ -522,6 +524,7 @@ func BuildImage(w http.ResponseWriter, r *http.Request) {
|
|||
DNSSearch: dnssearch,
|
||||
DNSServers: dnsservers,
|
||||
HTTPProxy: query.HTTPProxy,
|
||||
IdentityLabel: types.NewOptionalBool(query.IdentityLabel),
|
||||
LabelOpts: labelOpts,
|
||||
Memory: query.Memory,
|
||||
MemorySwap: query.MemSwap,
|
||||
|
|
|
@ -19,6 +19,7 @@ import (
|
|||
"strings"
|
||||
|
||||
"github.com/containers/buildah/define"
|
||||
"github.com/containers/image/v5/types"
|
||||
"github.com/containers/podman/v4/pkg/auth"
|
||||
"github.com/containers/podman/v4/pkg/bindings"
|
||||
"github.com/containers/podman/v4/pkg/domain/entities"
|
||||
|
@ -250,6 +251,12 @@ func Build(ctx context.Context, containerFiles []string, options entities.BuildO
|
|||
|
||||
params.Set("pullpolicy", options.PullPolicy.String())
|
||||
|
||||
switch options.CommonBuildOpts.IdentityLabel {
|
||||
case types.OptionalBoolTrue:
|
||||
params.Set("identitylabel", "1")
|
||||
case types.OptionalBoolFalse:
|
||||
params.Set("identitylabel", "0")
|
||||
}
|
||||
if options.Quiet {
|
||||
params.Set("q", "1")
|
||||
}
|
||||
|
|
|
@ -136,10 +136,6 @@ errmsg "no such file or directory" \
|
|||
|
||||
###############################################################################
|
||||
# BEGIN tests that don't make sense under podman due to fundamental differences
|
||||
|
||||
skip "N/A under podman" \
|
||||
"bud-flags-order-verification"
|
||||
|
||||
# TODO
|
||||
# Some of the podman tests in CI expects exit code 125, which might not be true
|
||||
# since exit code from runtime is relayed as it is without any modification both
|
||||
|
@ -152,6 +148,9 @@ skip "N/A under podman" \
|
|||
skip "podman CI expects all exit code to be 125 this test has anomaly behaviour" \
|
||||
"bud with --add-host"
|
||||
|
||||
skip "podman CI expects all exit code to be 125 this test has anomaly behaviour" \
|
||||
"bud - invalid runtime flags test"
|
||||
|
||||
skip "does not work under podman" \
|
||||
"bud without any arguments should succeed"
|
||||
|
||||
|
@ -181,6 +180,9 @@ skip "buildah runs with --cgroup-manager=cgroupfs, podman with systemd" \
|
|||
###############################################################################
|
||||
# BEGIN tests which are skipped because they make no sense under podman-remote
|
||||
|
||||
skip_if_remote "--runtime-flags does not work with podman-remote" \
|
||||
"bud - invalid runtime flags test"
|
||||
|
||||
skip_if_remote "--target does not work with podman-remote" \
|
||||
"bud-target"
|
||||
|
||||
|
|
59
vendor/github.com/containers/buildah/CHANGELOG.md
generated
vendored
59
vendor/github.com/containers/buildah/CHANGELOG.md
generated
vendored
|
@ -2,6 +2,65 @@
|
|||
|
||||
# Changelog
|
||||
|
||||
## v1.25.1 (2022-03-30)
|
||||
|
||||
buildah: create WORKDIR with USER permissions
|
||||
vendor: update github.com/openshift/imagebuilder
|
||||
copier: attempt to open the dir before adding it
|
||||
Updated dependabot to get updates for GitHub actions.
|
||||
Switch most calls to filepath.Walk to filepath.WalkDir
|
||||
build: allow --no-cache and --layers so build cache can be overrided
|
||||
build(deps): bump github.com/onsi/gomega from 1.18.1 to 1.19.0
|
||||
Bump to v1.26.0-dev
|
||||
build(deps): bump github.com/golangci/golangci-lint in /tests/tools
|
||||
|
||||
## v1.25.0 (2022-03-25)
|
||||
|
||||
install: drop RHEL/CentOS 7 doc
|
||||
build(deps): bump github.com/containers/common from 0.47.4 to 0.47.5
|
||||
Bump c/storage to v1.39.0 in main
|
||||
Add a test for CVE-2022-27651
|
||||
build(deps): bump github.com/docker/docker
|
||||
Bump github.com/prometheus/client_golang to v1.11.1
|
||||
[CI:DOCS] man pages: sort flags, and keep them that way
|
||||
build(deps): bump github.com/containerd/containerd from 1.6.1 to 1.6.2
|
||||
Don't pollute
|
||||
network setup: increase timeout to 4 minutes
|
||||
do not set the inheritable capabilities
|
||||
build(deps): bump github.com/golangci/golangci-lint in /tests/tools
|
||||
build(deps): bump github.com/containers/ocicrypt from 1.1.2 to 1.1.3
|
||||
parse: convert exposed GetVolumes to internal only
|
||||
buildkit: mount=type=cache support locking external cache store
|
||||
.in support: improve error message when cpp is not installed
|
||||
buildah image: install cpp
|
||||
build(deps): bump github.com/stretchr/testify from 1.7.0 to 1.7.1
|
||||
build(deps): bump github.com/spf13/cobra from 1.3.0 to 1.4.0
|
||||
build(deps): bump github.com/docker/docker
|
||||
Add --no-hosts flag to eliminate use of /etc/hosts within containers
|
||||
test: remove skips for rootless users
|
||||
test: unshare mount/umount if test is_rootless
|
||||
tests/copy: read correct containers.conf
|
||||
build(deps): bump github.com/docker/distribution
|
||||
cirrus: add seperate task and matrix for rootless
|
||||
tests: skip tests for rootless which need unshare
|
||||
buildah: test rootless integration
|
||||
vendor: bump c/storage to main/93ce26691863
|
||||
build(deps): bump github.com/fsouza/go-dockerclient from 1.7.9 to 1.7.10
|
||||
tests/copy: initialize the network, too
|
||||
[CI:DOCS] remove references to Kubic for CentOS and Ubuntu
|
||||
build(deps): bump github.com/containerd/containerd from 1.6.0 to 1.6.1
|
||||
use c/image/pkg/blobcache
|
||||
vendor c/image/v5@v5.20.0
|
||||
add: ensure the context directory is an absolute path
|
||||
executor: docker builds must inherit healthconfig from base if any
|
||||
docs: Remove Containerfile and containeringore
|
||||
build(deps): bump github.com/fsouza/go-dockerclient from 1.7.8 to 1.7.9
|
||||
helpers.bash: Use correct syntax
|
||||
speed up combination-namespaces test
|
||||
build(deps): bump github.com/golangci/golangci-lint in /tests/tools
|
||||
Bump back to 1.25.0-dev
|
||||
build(deps): bump github.com/containerd/containerd from 1.5.9 to 1.6.0
|
||||
|
||||
## v1.24.2 (2022-02-16)
|
||||
|
||||
Increase subuid/subgid to 65535
|
||||
|
|
34
vendor/github.com/containers/buildah/add.go
generated
vendored
34
vendor/github.com/containers/buildah/add.go
generated
vendored
|
@ -655,3 +655,37 @@ func (b *Builder) userForCopy(mountPoint string, userspec string) (uint32, uint3
|
|||
}
|
||||
return owner.UID, owner.GID, nil
|
||||
}
|
||||
|
||||
// EnsureContainerPathAs creates the specified directory owned by USER
|
||||
// with the file mode set to MODE.
|
||||
func (b *Builder) EnsureContainerPathAs(path, user string, mode *os.FileMode) error {
|
||||
mountPoint, err := b.Mount(b.MountLabel)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
defer func() {
|
||||
if err2 := b.Unmount(); err2 != nil {
|
||||
logrus.Errorf("error unmounting container: %v", err2)
|
||||
}
|
||||
}()
|
||||
|
||||
uid, gid := uint32(0), uint32(0)
|
||||
if user != "" {
|
||||
if uidForCopy, gidForCopy, err := b.userForCopy(mountPoint, user); err == nil {
|
||||
uid = uidForCopy
|
||||
gid = gidForCopy
|
||||
}
|
||||
}
|
||||
|
||||
destUIDMap, destGIDMap := convertRuntimeIDMaps(b.IDMappingOptions.UIDMap, b.IDMappingOptions.GIDMap)
|
||||
|
||||
idPair := &idtools.IDPair{UID: int(uid), GID: int(gid)}
|
||||
opts := copier.MkdirOptions{
|
||||
ChmodNew: mode,
|
||||
ChownNew: idPair,
|
||||
UIDMap: destUIDMap,
|
||||
GIDMap: destGIDMap,
|
||||
}
|
||||
return copier.Mkdir(mountPoint, filepath.Join(mountPoint, path), opts)
|
||||
|
||||
}
|
||||
|
|
57
vendor/github.com/containers/buildah/changelog.txt
generated
vendored
57
vendor/github.com/containers/buildah/changelog.txt
generated
vendored
|
@ -1,3 +1,60 @@
|
|||
- Changelog for v1.25.1 (2022-03-30)
|
||||
* buildah: create WORKDIR with USER permissions
|
||||
* vendor: update github.com/openshift/imagebuilder
|
||||
* copier: attempt to open the dir before adding it
|
||||
* Updated dependabot to get updates for GitHub actions.
|
||||
* Switch most calls to filepath.Walk to filepath.WalkDir
|
||||
* build: allow --no-cache and --layers so build cache can be overrided
|
||||
* build(deps): bump github.com/onsi/gomega from 1.18.1 to 1.19.0
|
||||
* Bump to v1.26.0-dev
|
||||
* build(deps): bump github.com/golangci/golangci-lint in /tests/tools
|
||||
|
||||
- Changelog for v1.25.0 (2022-03-25)
|
||||
* install: drop RHEL/CentOS 7 doc
|
||||
* build(deps): bump github.com/containers/common from 0.47.4 to 0.47.5
|
||||
* Bump c/storage to v1.39.0 in main
|
||||
* Add a test for CVE-2022-27651
|
||||
* build(deps): bump github.com/docker/docker
|
||||
* Bump github.com/prometheus/client_golang to v1.11.1
|
||||
* [CI:DOCS] man pages: sort flags, and keep them that way
|
||||
* build(deps): bump github.com/containerd/containerd from 1.6.1 to 1.6.2
|
||||
* Don't pollute
|
||||
* network setup: increase timeout to 4 minutes
|
||||
* do not set the inheritable capabilities
|
||||
* build(deps): bump github.com/golangci/golangci-lint in /tests/tools
|
||||
* build(deps): bump github.com/containers/ocicrypt from 1.1.2 to 1.1.3
|
||||
* parse: convert exposed GetVolumes to internal only
|
||||
* buildkit: mount=type=cache support locking external cache store
|
||||
* .in support: improve error message when cpp is not installed
|
||||
* buildah image: install cpp
|
||||
* build(deps): bump github.com/stretchr/testify from 1.7.0 to 1.7.1
|
||||
* build(deps): bump github.com/spf13/cobra from 1.3.0 to 1.4.0
|
||||
* build(deps): bump github.com/docker/docker
|
||||
* Add --no-hosts flag to eliminate use of /etc/hosts within containers
|
||||
* test: remove skips for rootless users
|
||||
* test: unshare mount/umount if test is_rootless
|
||||
* tests/copy: read correct containers.conf
|
||||
* build(deps): bump github.com/docker/distribution
|
||||
* cirrus: add seperate task and matrix for rootless
|
||||
* tests: skip tests for rootless which need unshare
|
||||
* buildah: test rootless integration
|
||||
* vendor: bump c/storage to main/93ce26691863
|
||||
* build(deps): bump github.com/fsouza/go-dockerclient from 1.7.9 to 1.7.10
|
||||
* tests/copy: initialize the network, too
|
||||
* [CI:DOCS] remove references to Kubic for CentOS and Ubuntu
|
||||
* build(deps): bump github.com/containerd/containerd from 1.6.0 to 1.6.1
|
||||
* use c/image/pkg/blobcache
|
||||
* vendor c/image/v5@v5.20.0
|
||||
* add: ensure the context directory is an absolute path
|
||||
* executor: docker builds must inherit healthconfig from base if any
|
||||
* docs: Remove Containerfile and containeringore
|
||||
* build(deps): bump github.com/fsouza/go-dockerclient from 1.7.8 to 1.7.9
|
||||
* helpers.bash: Use correct syntax
|
||||
* speed up combination-namespaces test
|
||||
* build(deps): bump github.com/golangci/golangci-lint in /tests/tools
|
||||
* Bump back to 1.25.0-dev
|
||||
* build(deps): bump github.com/containerd/containerd from 1.5.9 to 1.6.0
|
||||
|
||||
- Changelog for v1.24.2 (2022-02-16)
|
||||
* Increase subuid/subgid to 65535
|
||||
* history: only add proxy vars to history if specified
|
||||
|
|
57
vendor/github.com/containers/buildah/chroot/run.go
generated
vendored
57
vendor/github.com/containers/buildah/chroot/run.go
generated
vendored
|
@ -10,6 +10,7 @@ import (
|
|||
"io/ioutil"
|
||||
"os"
|
||||
"os/exec"
|
||||
"os/signal"
|
||||
"path/filepath"
|
||||
"runtime"
|
||||
"strconv"
|
||||
|
@ -159,10 +160,24 @@ func RunUsingChroot(spec *specs.Spec, bundlePath, homeDir string, stdin io.Reade
|
|||
|
||||
// Start the grandparent subprocess.
|
||||
cmd := unshare.Command(runUsingChrootCommand)
|
||||
setPdeathsig(cmd.Cmd)
|
||||
cmd.Stdin, cmd.Stdout, cmd.Stderr = stdin, stdout, stderr
|
||||
cmd.Dir = "/"
|
||||
cmd.Env = []string{fmt.Sprintf("LOGLEVEL=%d", logrus.GetLevel())}
|
||||
|
||||
interrupted := make(chan os.Signal, 100)
|
||||
cmd.Hook = func(int) error {
|
||||
signal.Notify(interrupted, syscall.SIGHUP, syscall.SIGINT, syscall.SIGTERM)
|
||||
go func() {
|
||||
for receivedSignal := range interrupted {
|
||||
if err := cmd.Process.Signal(receivedSignal); err != nil {
|
||||
logrus.Infof("%v while attempting to forward %v to child process", err, receivedSignal)
|
||||
}
|
||||
}
|
||||
}()
|
||||
return nil
|
||||
}
|
||||
|
||||
logrus.Debugf("Running %#v in %#v", cmd.Cmd, cmd)
|
||||
confwg.Add(1)
|
||||
go func() {
|
||||
|
@ -173,6 +188,8 @@ func RunUsingChroot(spec *specs.Spec, bundlePath, homeDir string, stdin io.Reade
|
|||
cmd.ExtraFiles = append([]*os.File{preader}, cmd.ExtraFiles...)
|
||||
err = cmd.Run()
|
||||
confwg.Wait()
|
||||
signal.Stop(interrupted)
|
||||
close(interrupted)
|
||||
if err == nil {
|
||||
return conferr
|
||||
}
|
||||
|
@ -571,6 +588,7 @@ func runUsingChroot(spec *specs.Spec, bundlePath string, ctty *os.File, stdin io
|
|||
|
||||
// Start the parent subprocess.
|
||||
cmd := unshare.Command(append([]string{runUsingChrootExecCommand}, spec.Process.Args...)...)
|
||||
setPdeathsig(cmd.Cmd)
|
||||
cmd.Stdin, cmd.Stdout, cmd.Stderr = stdin, stdout, stderr
|
||||
cmd.Dir = "/"
|
||||
cmd.Env = []string{fmt.Sprintf("LOGLEVEL=%d", logrus.GetLevel())}
|
||||
|
@ -593,10 +611,19 @@ func runUsingChroot(spec *specs.Spec, bundlePath string, ctty *os.File, stdin io
|
|||
}
|
||||
cmd.OOMScoreAdj = spec.Process.OOMScoreAdj
|
||||
cmd.ExtraFiles = append([]*os.File{preader}, cmd.ExtraFiles...)
|
||||
interrupted := make(chan os.Signal, 100)
|
||||
cmd.Hook = func(int) error {
|
||||
for _, f := range closeOnceRunning {
|
||||
f.Close()
|
||||
}
|
||||
signal.Notify(interrupted, syscall.SIGHUP, syscall.SIGINT, syscall.SIGTERM)
|
||||
go func() {
|
||||
for receivedSignal := range interrupted {
|
||||
if err := cmd.Process.Signal(receivedSignal); err != nil {
|
||||
logrus.Infof("%v while attempting to forward %v to child process", err, receivedSignal)
|
||||
}
|
||||
}
|
||||
}()
|
||||
return nil
|
||||
}
|
||||
|
||||
|
@ -609,6 +636,8 @@ func runUsingChroot(spec *specs.Spec, bundlePath string, ctty *os.File, stdin io
|
|||
}()
|
||||
err = cmd.Run()
|
||||
confwg.Wait()
|
||||
signal.Stop(interrupted)
|
||||
close(interrupted)
|
||||
if err != nil {
|
||||
if exitError, ok := err.(*exec.ExitError); ok {
|
||||
if waitStatus, ok := exitError.ProcessState.Sys().(syscall.WaitStatus); ok {
|
||||
|
@ -792,11 +821,27 @@ func runUsingChrootExecMain() {
|
|||
|
||||
// Actually run the specified command.
|
||||
cmd := exec.Command(args[0], args[1:]...)
|
||||
setPdeathsig(cmd)
|
||||
cmd.Env = options.Spec.Process.Env
|
||||
cmd.Stdin, cmd.Stdout, cmd.Stderr = os.Stdin, os.Stdout, os.Stderr
|
||||
cmd.Dir = cwd
|
||||
logrus.Debugf("Running %#v (PATH = %q)", cmd, os.Getenv("PATH"))
|
||||
if err = cmd.Run(); err != nil {
|
||||
interrupted := make(chan os.Signal, 100)
|
||||
if err = cmd.Start(); err != nil {
|
||||
fmt.Fprintf(os.Stderr, "process failed to start with error: %v", err)
|
||||
}
|
||||
go func() {
|
||||
for range interrupted {
|
||||
if err := cmd.Process.Signal(syscall.SIGKILL); err != nil {
|
||||
logrus.Infof("%v while attempting to send SIGKILL to child process", err)
|
||||
}
|
||||
}
|
||||
}()
|
||||
signal.Notify(interrupted, syscall.SIGHUP, syscall.SIGINT, syscall.SIGTERM)
|
||||
err = cmd.Wait()
|
||||
signal.Stop(interrupted)
|
||||
close(interrupted)
|
||||
if err != nil {
|
||||
if exitError, ok := err.(*exec.ExitError); ok {
|
||||
if waitStatus, ok := exitError.ProcessState.Sys().(syscall.WaitStatus); ok {
|
||||
if waitStatus.Exited() {
|
||||
|
@ -897,7 +942,7 @@ func setCapabilities(spec *specs.Spec, keepCaps ...string) error {
|
|||
capMap := map[capability.CapType][]string{
|
||||
capability.BOUNDING: spec.Process.Capabilities.Bounding,
|
||||
capability.EFFECTIVE: spec.Process.Capabilities.Effective,
|
||||
capability.INHERITABLE: spec.Process.Capabilities.Inheritable,
|
||||
capability.INHERITABLE: []string{},
|
||||
capability.PERMITTED: spec.Process.Capabilities.Permitted,
|
||||
capability.AMBIENT: spec.Process.Capabilities.Ambient,
|
||||
}
|
||||
|
@ -1419,3 +1464,11 @@ func setupChrootBindMounts(spec *specs.Spec, bundlePath string) (undoBinds func(
|
|||
}
|
||||
return undoBinds, nil
|
||||
}
|
||||
|
||||
// setPdeathsig sets a parent-death signal for the process
|
||||
func setPdeathsig(cmd *exec.Cmd) {
|
||||
if cmd.SysProcAttr == nil {
|
||||
cmd.SysProcAttr = &syscall.SysProcAttr{}
|
||||
}
|
||||
cmd.SysProcAttr.Pdeathsig = syscall.SIGKILL
|
||||
}
|
||||
|
|
28
vendor/github.com/containers/buildah/copier/copier.go
generated
vendored
28
vendor/github.com/containers/buildah/copier/copier.go
generated
vendored
|
@ -6,6 +6,7 @@ import (
|
|||
"encoding/json"
|
||||
"fmt"
|
||||
"io"
|
||||
"io/fs"
|
||||
"io/ioutil"
|
||||
"net"
|
||||
"os"
|
||||
|
@ -1179,10 +1180,10 @@ func copierHandlerGet(bulkWriter io.Writer, req request, pm *fileutils.PatternMa
|
|||
// we don't expand any of the contents that are archives
|
||||
options := req.GetOptions
|
||||
options.ExpandArchives = false
|
||||
walkfn := func(path string, info os.FileInfo, err error) error {
|
||||
walkfn := func(path string, d fs.DirEntry, err error) error {
|
||||
if err != nil {
|
||||
if options.IgnoreUnreadable && errorIsPermission(err) {
|
||||
if info != nil && info.IsDir() {
|
||||
if info != nil && d.IsDir() {
|
||||
return filepath.SkipDir
|
||||
}
|
||||
return nil
|
||||
|
@ -1192,8 +1193,8 @@ func copierHandlerGet(bulkWriter io.Writer, req request, pm *fileutils.PatternMa
|
|||
}
|
||||
return errors.Wrapf(err, "copier: get: error reading %q", path)
|
||||
}
|
||||
if info.Mode()&os.ModeType == os.ModeSocket {
|
||||
logrus.Warningf("copier: skipping socket %q", info.Name())
|
||||
if d.Type() == os.ModeSocket {
|
||||
logrus.Warningf("copier: skipping socket %q", d.Name())
|
||||
return nil
|
||||
}
|
||||
// compute the path of this item
|
||||
|
@ -1216,7 +1217,7 @@ func copierHandlerGet(bulkWriter io.Writer, req request, pm *fileutils.PatternMa
|
|||
return err
|
||||
}
|
||||
if skip {
|
||||
if info.IsDir() {
|
||||
if d.IsDir() {
|
||||
// if there are no "include
|
||||
// this anyway" patterns at
|
||||
// all, we don't need to
|
||||
|
@ -1254,17 +1255,21 @@ func copierHandlerGet(bulkWriter io.Writer, req request, pm *fileutils.PatternMa
|
|||
}
|
||||
// if it's a symlink, read its target
|
||||
symlinkTarget := ""
|
||||
if info.Mode()&os.ModeType == os.ModeSymlink {
|
||||
if d.Type() == os.ModeSymlink {
|
||||
target, err := os.Readlink(path)
|
||||
if err != nil {
|
||||
return errors.Wrapf(err, "copier: get: readlink(%q(%q))", rel, path)
|
||||
}
|
||||
symlinkTarget = target
|
||||
}
|
||||
info, err := d.Info()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
// if it's a directory and we're staying on one device, and it's on a
|
||||
// different device than the one we started from, skip its contents
|
||||
var ok error
|
||||
if info.Mode().IsDir() && req.GetOptions.NoCrossDevice {
|
||||
if d.IsDir() && req.GetOptions.NoCrossDevice {
|
||||
if !sameDevice(topInfo, info) {
|
||||
ok = filepath.SkipDir
|
||||
}
|
||||
|
@ -1282,7 +1287,7 @@ func copierHandlerGet(bulkWriter io.Writer, req request, pm *fileutils.PatternMa
|
|||
return ok
|
||||
}
|
||||
// walk the directory tree, checking/adding items individually
|
||||
if err := filepath.Walk(item, walkfn); err != nil {
|
||||
if err := filepath.WalkDir(item, walkfn); err != nil {
|
||||
return errors.Wrapf(err, "copier: get: %q(%q)", queue[i], item)
|
||||
}
|
||||
itemsCopied++
|
||||
|
@ -1461,6 +1466,13 @@ func copierHandlerGetOne(srcfi os.FileInfo, symlinkTarget, name, contentPath str
|
|||
return errors.Wrapf(err, "error opening file for adding its contents to archive")
|
||||
}
|
||||
defer f.Close()
|
||||
} else if hdr.Typeflag == tar.TypeDir {
|
||||
// open the directory file first to make sure we can access it.
|
||||
f, err = os.Open(contentPath)
|
||||
if err != nil {
|
||||
return errors.Wrapf(err, "error opening directory for adding its contents to archive")
|
||||
}
|
||||
defer f.Close()
|
||||
}
|
||||
// output the header
|
||||
if err = tw.WriteHeader(hdr); err != nil {
|
||||
|
|
2
vendor/github.com/containers/buildah/define/build.go
generated
vendored
2
vendor/github.com/containers/buildah/define/build.go
generated
vendored
|
@ -29,6 +29,8 @@ type CommonBuildOptions struct {
|
|||
CPUSetMems string
|
||||
// HTTPProxy determines whether *_proxy env vars from the build host are passed into the container.
|
||||
HTTPProxy bool
|
||||
// IdentityLabel if set ensures that default `io.buildah.version` label is not applied to build image.
|
||||
IdentityLabel types.OptionalBool
|
||||
// Memory is the upper limit (in bytes) on how much memory running containers can use.
|
||||
Memory int64
|
||||
// DNSSearch is the list of DNS search domains to add to the build container's /etc/resolv.conf
|
||||
|
|
2
vendor/github.com/containers/buildah/define/types.go
generated
vendored
2
vendor/github.com/containers/buildah/define/types.go
generated
vendored
|
@ -29,7 +29,7 @@ const (
|
|||
Package = "buildah"
|
||||
// Version for the Package. Bump version in contrib/rpm/buildah.spec
|
||||
// too.
|
||||
Version = "1.25.0-dev"
|
||||
Version = "1.26.0-dev"
|
||||
|
||||
// DefaultRuntime if containers.conf fails.
|
||||
DefaultRuntime = "runc"
|
||||
|
|
27
vendor/github.com/containers/buildah/go.mod
generated
vendored
27
vendor/github.com/containers/buildah/go.mod
generated
vendored
|
@ -3,14 +3,14 @@ module github.com/containers/buildah
|
|||
go 1.13
|
||||
|
||||
require (
|
||||
github.com/containerd/containerd v1.6.1
|
||||
github.com/containerd/containerd v1.6.2
|
||||
github.com/containernetworking/cni v1.0.1
|
||||
github.com/containers/common v0.47.4
|
||||
github.com/containers/image/v5 v5.20.0
|
||||
github.com/containers/ocicrypt v1.1.2
|
||||
github.com/containers/storage v1.38.3-0.20220308085612-93ce26691863
|
||||
github.com/containers/common v0.47.5-0.20220331143923-5f14ec785c18
|
||||
github.com/containers/image/v5 v5.20.1-0.20220404163228-d03e80fc66b3
|
||||
github.com/containers/ocicrypt v1.1.3
|
||||
github.com/containers/storage v1.39.1-0.20220330193934-f3200eb5a5d9
|
||||
github.com/docker/distribution v2.8.1+incompatible
|
||||
github.com/docker/docker v20.10.12+incompatible
|
||||
github.com/docker/docker v20.10.14+incompatible
|
||||
github.com/docker/go-units v0.4.0
|
||||
github.com/docker/libnetwork v0.8.0-dev.2.0.20190625141545-5a177b73e316
|
||||
github.com/fsouza/go-dockerclient v1.7.10
|
||||
|
@ -20,25 +20,26 @@ require (
|
|||
github.com/konsorten/go-windows-terminal-sequences v1.0.3 // indirect
|
||||
github.com/mattn/go-shellwords v1.0.12
|
||||
github.com/onsi/ginkgo v1.16.5
|
||||
github.com/onsi/gomega v1.18.1
|
||||
github.com/onsi/gomega v1.19.0
|
||||
github.com/opencontainers/go-digest v1.0.0
|
||||
github.com/opencontainers/image-spec v1.0.3-0.20211202193544-a5463b7f9c84
|
||||
github.com/opencontainers/runc v1.1.0
|
||||
github.com/opencontainers/runc v1.1.1
|
||||
github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417
|
||||
github.com/opencontainers/runtime-tools v0.9.0
|
||||
github.com/opencontainers/selinux v1.10.0
|
||||
github.com/openshift/imagebuilder v1.2.2
|
||||
github.com/opencontainers/selinux v1.10.1
|
||||
github.com/openshift/imagebuilder v1.2.3
|
||||
github.com/pkg/errors v0.9.1
|
||||
github.com/prometheus/client_golang v1.11.1 // indirect
|
||||
github.com/seccomp/libseccomp-golang v0.9.2-0.20210429002308-3879420cc921
|
||||
github.com/sirupsen/logrus v1.8.1
|
||||
github.com/spf13/cobra v1.3.0
|
||||
github.com/spf13/cobra v1.4.0
|
||||
github.com/spf13/pflag v1.0.5
|
||||
github.com/stretchr/testify v1.7.0
|
||||
github.com/stretchr/testify v1.7.1
|
||||
github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635
|
||||
go.etcd.io/bbolt v1.3.6
|
||||
golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3
|
||||
golang.org/x/sync v0.0.0-20210220032951-036812b2e83c
|
||||
golang.org/x/sys v0.0.0-20220128215802-99c3d69c2c27
|
||||
golang.org/x/sys v0.0.0-20220227234510-4e6760a101f9
|
||||
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211
|
||||
)
|
||||
|
||||
|
|
94
vendor/github.com/containers/buildah/go.sum
generated
vendored
94
vendor/github.com/containers/buildah/go.sum
generated
vendored
|
@ -108,7 +108,6 @@ github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMo
|
|||
github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
|
||||
github.com/ProtonMail/go-crypto v0.0.0-20210428141323-04723f9f07d7/go.mod h1:z4/9nQmJSSwwds7ejkxaJwO37dru3geImFUdJlaLzQo=
|
||||
github.com/ProtonMail/go-crypto v0.0.0-20210920160938-87db9fbc61c7/go.mod h1:z4/9nQmJSSwwds7ejkxaJwO37dru3geImFUdJlaLzQo=
|
||||
github.com/ProtonMail/go-crypto v0.0.0-20211112122917-428f8eabeeb3/go.mod h1:z4/9nQmJSSwwds7ejkxaJwO37dru3geImFUdJlaLzQo=
|
||||
github.com/ProtonMail/go-crypto v0.0.0-20220113124808-70ae35bab23f/go.mod h1:z4/9nQmJSSwwds7ejkxaJwO37dru3geImFUdJlaLzQo=
|
||||
github.com/PuerkitoBio/purell v1.0.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
|
||||
github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
|
||||
|
@ -241,8 +240,9 @@ github.com/containerd/containerd v1.5.1/go.mod h1:0DOxVqwDy2iZvrZp2JUx/E+hS0UNTV
|
|||
github.com/containerd/containerd v1.5.7/go.mod h1:gyvv6+ugqY25TiXxcZC3L5yOeYgEw0QMhscqVp1AR9c=
|
||||
github.com/containerd/containerd v1.5.8/go.mod h1:YdFSv5bTFLpG2HIYmfqDpSYYTDX+mc5qtSuYx1YUb/s=
|
||||
github.com/containerd/containerd v1.5.9/go.mod h1:fvQqCfadDGga5HZyn3j4+dx56qj2I9YwBrlSdalvJYQ=
|
||||
github.com/containerd/containerd v1.6.1 h1:oa2uY0/0G+JX4X7hpGCYvkp9FjUancz56kSNnb1sG3o=
|
||||
github.com/containerd/containerd v1.6.1/go.mod h1:1nJz5xCZPusx6jJU8Frfct988y0NpumIq9ODB0kLtoE=
|
||||
github.com/containerd/containerd v1.6.2 h1:pcaPUGbYW8kBw6OgIZwIVIeEhdWVrBzsoCfVJ5BjrLU=
|
||||
github.com/containerd/containerd v1.6.2/go.mod h1:sidY30/InSE1j2vdD1ihtKoJz+lWdaXMdiAeIupaf+s=
|
||||
github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
|
||||
github.com/containerd/continuity v0.0.0-20190815185530-f2a389ac0a02/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
|
||||
github.com/containerd/continuity v0.0.0-20191127005431-f65d91d395eb/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
|
||||
|
@ -278,8 +278,9 @@ github.com/containerd/nri v0.1.0/go.mod h1:lmxnXF6oMkbqs39FiCt1s0R2HSMhcLel9vNL3
|
|||
github.com/containerd/stargz-snapshotter/estargz v0.4.1/go.mod h1:x7Q9dg9QYb4+ELgxmo4gBUeJB0tl5dqH1Sdz0nJU1QM=
|
||||
github.com/containerd/stargz-snapshotter/estargz v0.9.0/go.mod h1:aE5PCyhFMwR8sbrErO5eM2GcvkyXTTJremG883D4qF0=
|
||||
github.com/containerd/stargz-snapshotter/estargz v0.11.0/go.mod h1:/KsZXsJRllMbTKFfG0miFQWViQKdI9+9aSXs+HN0+ac=
|
||||
github.com/containerd/stargz-snapshotter/estargz v0.11.2 h1:0P0vWmfrEeTtZ4BBRrpuyu/HxR9HPBLfeljGOra5f6g=
|
||||
github.com/containerd/stargz-snapshotter/estargz v0.11.2/go.mod h1:rjbdAXaytDSIrAy2WAy2kUrJ4ehzDS0eUQLlIb5UCY0=
|
||||
github.com/containerd/stargz-snapshotter/estargz v0.11.1/go.mod h1:6VoPcf4M1wvnogWxqc4TqBWWErCS+R+ucnPZId2VbpQ=
|
||||
github.com/containerd/stargz-snapshotter/estargz v0.11.3 h1:k2kN16Px6LYuv++qFqK+JTcYqc8bEVxzGpf8/gFBL5M=
|
||||
github.com/containerd/stargz-snapshotter/estargz v0.11.3/go.mod h1:7vRJIcImfY8bpifnMjt+HTJoQxASq7T28MYbP15/Nf0=
|
||||
github.com/containerd/ttrpc v0.0.0-20190828154514-0e0f228740de/go.mod h1:PvCDdDGpgqzQIzDW1TphrGLssLDZp2GuS+X5DkEJB8o=
|
||||
github.com/containerd/ttrpc v0.0.0-20190828172938-92c8520ef9f8/go.mod h1:PvCDdDGpgqzQIzDW1TphrGLssLDZp2GuS+X5DkEJB8o=
|
||||
github.com/containerd/ttrpc v0.0.0-20191028202541-4f1b8fe65a5c/go.mod h1:LPm1u0xBw8r8NOKoOdNMeVHSawSsltak+Ihv+etqsE8=
|
||||
|
@ -302,25 +303,28 @@ github.com/containernetworking/cni v1.0.1 h1:9OIL/sZmMYDBe+G8svzILAlulUpaDTUjeAb
|
|||
github.com/containernetworking/cni v1.0.1/go.mod h1:AKuhXbN5EzmD4yTNtfSsX3tPcmtrBI6QcRV0NiNt15Y=
|
||||
github.com/containernetworking/plugins v0.8.6/go.mod h1:qnw5mN19D8fIwkqW7oHHYDHVlzhJpcY6TQxn/fUyDDM=
|
||||
github.com/containernetworking/plugins v0.9.1/go.mod h1:xP/idU2ldlzN6m4p5LmGiwRDjeJr6FLK6vuiUwoH7P8=
|
||||
github.com/containernetworking/plugins v1.0.1 h1:wwCfYbTCj5FC0EJgyzyjTXmqysOiJE9r712Z+2KVZAk=
|
||||
github.com/containernetworking/plugins v1.0.1/go.mod h1:QHCfGpaTwYTbbH+nZXKVTxNBDZcxSOplJT5ico8/FLE=
|
||||
github.com/containers/common v0.47.4 h1:kS202Z/bTQIM/pwyuJ+lF8143Uli6AB9Q9OVR0xa9CM=
|
||||
github.com/containers/common v0.47.4/go.mod h1:HgX0mFXyB0Tbe2REEIp9x9CxET6iSzmHfwR6S/t2LZc=
|
||||
github.com/containers/image/v5 v5.19.1/go.mod h1:ewoo3u+TpJvGmsz64XgzbyTHwHtM94q7mgK/pX+v2SE=
|
||||
github.com/containers/image/v5 v5.20.0 h1:BYFMRvYqmEHnHo0sjTbnLbj0fzkGLDx6P57lszm30B4=
|
||||
github.com/containers/image/v5 v5.20.0/go.mod h1:5UL1ooih6+USVYXk19r8ScQNsbTprhlJxrHezAu4OVE=
|
||||
github.com/containers/libtrust v0.0.0-20190913040956-14b96171aa3b/go.mod h1:9rfv8iPl1ZP7aqh9YA68wnZv2NUDbXdcdPHVz0pFbPY=
|
||||
github.com/containernetworking/plugins v1.1.1 h1:+AGfFigZ5TiQH00vhR8qPeSatj53eNGz0C1d3wVYlHE=
|
||||
github.com/containernetworking/plugins v1.1.1/go.mod h1:Sr5TH/eBsGLXK/h71HeLfX19sZPp3ry5uHSkI4LPxV8=
|
||||
github.com/containers/common v0.47.5-0.20220331143923-5f14ec785c18 h1:Hp4ccfzcFpS2SAha0cfYcF6ofkaEFmgsuRSxBDK8W0Y=
|
||||
github.com/containers/common v0.47.5-0.20220331143923-5f14ec785c18/go.mod h1:Vr2Fn6EdzD6JNAbz8L8bTv3uWLv2p31Ih2O3EAK6Hyc=
|
||||
github.com/containers/image/v5 v5.19.2-0.20220224100137-1045fb70b094/go.mod h1:XoYK6kE0dpazFNcuS+a8lra+QfbC6s8tzv+cUuCrZpE=
|
||||
github.com/containers/image/v5 v5.20.1-0.20220404163228-d03e80fc66b3 h1:5oH8xNWulK0r7hfga9RsEZfh2JJXSn1UfSc6uPBgcP8=
|
||||
github.com/containers/image/v5 v5.20.1-0.20220404163228-d03e80fc66b3/go.mod h1:2nEPM0WuinC/0ssPsMv5Iy8YaRueUUTmTp3C7bn5uro=
|
||||
github.com/containers/libtrust v0.0.0-20200511145503-9c3a6c22cd9a h1:spAGlqziZjCJL25C6F1zsQY05tfCKE9F5YwtEWWe6hU=
|
||||
github.com/containers/libtrust v0.0.0-20200511145503-9c3a6c22cd9a/go.mod h1:9rfv8iPl1ZP7aqh9YA68wnZv2NUDbXdcdPHVz0pFbPY=
|
||||
github.com/containers/ocicrypt v1.0.1/go.mod h1:MeJDzk1RJHv89LjsH0Sp5KTY3ZYkjXO/C+bKAeWFIrc=
|
||||
github.com/containers/ocicrypt v1.1.0/go.mod h1:b8AOe0YR67uU8OqfVNcznfFpAzu3rdgUV4GP9qXPfu4=
|
||||
github.com/containers/ocicrypt v1.1.1/go.mod h1:Dm55fwWm1YZAjYRaJ94z2mfZikIyIN4B0oB3dj3jFxY=
|
||||
github.com/containers/ocicrypt v1.1.2 h1:Ez+GAMP/4GLix5Ywo/fL7O0nY771gsBIigiqUm1aXz0=
|
||||
github.com/containers/ocicrypt v1.1.2/go.mod h1:Dm55fwWm1YZAjYRaJ94z2mfZikIyIN4B0oB3dj3jFxY=
|
||||
github.com/containers/ocicrypt v1.1.3 h1:uMxn2wTb4nDR7GqG3rnZSfpJXqWURfzZ7nKydzIeKpA=
|
||||
github.com/containers/ocicrypt v1.1.3/go.mod h1:xpdkbVAuaH3WzbEabUd5yDsl9SwJA5pABH85425Es2g=
|
||||
github.com/containers/storage v1.37.0/go.mod h1:kqeJeS0b7DO2ZT1nVWs0XufrmPFbgV3c+Q/45RlH6r4=
|
||||
github.com/containers/storage v1.38.2/go.mod h1:INP0RPLHWBxx+pTsO5uiHlDUGHDFvWZPWprAbAlQWPQ=
|
||||
github.com/containers/storage v1.38.3-0.20220308085612-93ce26691863 h1:10k6Dl+Bm9zgsxP7qv0mnrhd7+XlCmgQWKgkydwZ7vQ=
|
||||
github.com/containers/storage v1.38.3-0.20220308085612-93ce26691863/go.mod h1:uhf9mPUP+uYajC2/S0A9NaCVa2JJ6+1C254ue4Edv2g=
|
||||
github.com/containers/storage v1.38.3-0.20220301151551-d06b0f81c0aa/go.mod h1:LkkL34WRi4dI4jt9Cp+ImdZi/P5i36glSHimT5CP5zM=
|
||||
github.com/containers/storage v1.39.0/go.mod h1:UAD0cKLouN4BOQRgZut/nMjrh/EnTCjSNPgp4ZuGWMs=
|
||||
github.com/containers/storage v1.39.1-0.20220330193934-f3200eb5a5d9 h1:fA/2FemaDv+POCJgg+QGJm84gMEDBwL5H0lDeubDJoE=
|
||||
github.com/containers/storage v1.39.1-0.20220330193934-f3200eb5a5d9/go.mod h1:IMa2AfBI+Fxxk2hQqLTGhpJX6z2pZS1/I785QJeUwUY=
|
||||
github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
|
||||
github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
|
||||
github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
|
||||
|
@ -374,8 +378,9 @@ github.com/docker/distribution v2.8.1+incompatible h1:Q50tZOPR6T/hjNsyc9g8/syEs6
|
|||
github.com/docker/distribution v2.8.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
|
||||
github.com/docker/docker v1.4.2-0.20190924003213-a8608b5b67c7/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
|
||||
github.com/docker/docker v20.10.3-0.20220208084023-a5c757555091+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
|
||||
github.com/docker/docker v20.10.12+incompatible h1:CEeNmFM0QZIsJCZKMkZx0ZcahTiewkrgiwfYD+dfl1U=
|
||||
github.com/docker/docker v20.10.12+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
|
||||
github.com/docker/docker v20.10.14+incompatible h1:+T9/PRYWNDo5SZl5qS1r9Mo/0Q8AwxKKPtu9S1yxM0w=
|
||||
github.com/docker/docker v20.10.14+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
|
||||
github.com/docker/docker-credential-helpers v0.6.3/go.mod h1:WRaJzqw3CTB9bk10avuGsjVBZsD05qeibJ1/TYlvc0Y=
|
||||
github.com/docker/docker-credential-helpers v0.6.4 h1:axCks+yV+2MR3/kZhAmy07yC56WZ2Pwu/fKWtKuZB0o=
|
||||
github.com/docker/docker-credential-helpers v0.6.4/go.mod h1:ofX3UI0Gz1TteYBjtgs07O36Pyasyp66D2uKT7H8W1c=
|
||||
|
@ -482,8 +487,9 @@ github.com/godbus/dbus v0.0.0-20190422162347-ade71ed3457e h1:BWhy2j3IXJhjCbC68Fp
|
|||
github.com/godbus/dbus v0.0.0-20190422162347-ade71ed3457e/go.mod h1:bBOAhwG1umN6/6ZUMtDFBMQR8jRg9O75tm9K00oMsK4=
|
||||
github.com/godbus/dbus/v5 v5.0.3/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
|
||||
github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
|
||||
github.com/godbus/dbus/v5 v5.0.6 h1:mkgN1ofwASrYnJ5W6U/BxG15eXXXjirgZc7CLqkcaro=
|
||||
github.com/godbus/dbus/v5 v5.0.6/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
|
||||
github.com/godbus/dbus/v5 v5.1.0 h1:4KLkAxT3aOY8Li4FRJe/KvhoNFFxo0m6fNuFUO8QJUk=
|
||||
github.com/godbus/dbus/v5 v5.1.0/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
|
||||
github.com/gogo/googleapis v1.2.0/go.mod h1:Njal3psf3qN6dwBtQfUmBZh2ybovJ0tlu3o/AC7HYjU=
|
||||
github.com/gogo/googleapis v1.4.0/go.mod h1:5YRNX2z1oM5gXdAkurHa942MDgEJyk02w4OecKY87+c=
|
||||
github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
|
||||
|
@ -696,9 +702,10 @@ github.com/klauspost/compress v1.11.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYs
|
|||
github.com/klauspost/compress v1.11.13/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
|
||||
github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
|
||||
github.com/klauspost/compress v1.14.2/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
|
||||
github.com/klauspost/compress v1.14.3/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
|
||||
github.com/klauspost/compress v1.14.4/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
|
||||
github.com/klauspost/compress v1.15.0 h1:xqfchp4whNFxn5A4XFyyYtitiWI8Hy5EW59jEwcyL6U=
|
||||
github.com/klauspost/compress v1.15.0/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
|
||||
github.com/klauspost/compress v1.15.1 h1:y9FcTHGyrebwfP0ZZqFiaxTaiDnUrGkJkI+f583BL1A=
|
||||
github.com/klauspost/compress v1.15.1/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
|
||||
github.com/klauspost/pgzip v1.2.5 h1:qnWYvvKqedOF2ulHpMG72XQol4ILEJ8k2wwRl/Km8oE=
|
||||
github.com/klauspost/pgzip v1.2.5/go.mod h1:Ch1tH69qFZu15pkjo5kYi6mth2Zzwzt50oCQKQE9RUs=
|
||||
github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
|
||||
|
@ -718,8 +725,8 @@ github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
|
|||
github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
|
||||
github.com/linuxkit/virtsock v0.0.0-20201010232012-f8cee7dfc7a3/go.mod h1:3r6x7q95whyfWQpmGZTu3gk3v2YkMi05HEzl7Tf7YEo=
|
||||
github.com/lyft/protoc-gen-star v0.5.3/go.mod h1:V0xaHgaf5oCCqmcxYcWiDfTiKsZsRc87/1qhoTACD8w=
|
||||
github.com/magefile/mage v1.11.0/go.mod h1:z5UZb/iS3GoOSn0JgWuiw7dxlurVYTu+/jHXqQg881A=
|
||||
github.com/magefile/mage v1.12.1/go.mod h1:z5UZb/iS3GoOSn0JgWuiw7dxlurVYTu+/jHXqQg881A=
|
||||
github.com/magefile/mage v1.13.0/go.mod h1:z5UZb/iS3GoOSn0JgWuiw7dxlurVYTu+/jHXqQg881A=
|
||||
github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
|
||||
github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
|
||||
github.com/magiconair/properties v1.8.5/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60=
|
||||
|
@ -758,8 +765,9 @@ github.com/maxbrunsfeld/counterfeiter/v6 v6.2.2/go.mod h1:eD9eIE7cdwcMi9rYluz88J
|
|||
github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg=
|
||||
github.com/miekg/dns v1.1.26/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKjuso=
|
||||
github.com/miekg/dns v1.1.41/go.mod h1:p6aan82bvRIyn+zDIv9xYNUpwa73JcSh9BKwknJysuI=
|
||||
github.com/miekg/pkcs11 v1.0.3 h1:iMwmD7I5225wv84WxIG/bmxz9AXjWvTWIbM/TYHvWtw=
|
||||
github.com/miekg/pkcs11 v1.0.3/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs=
|
||||
github.com/miekg/pkcs11 v1.1.1 h1:Ugu9pdy6vAYku5DEpVWVFPYnzV+bxB+iRdbuFSu7TvU=
|
||||
github.com/miekg/pkcs11 v1.1.1/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs=
|
||||
github.com/mistifyio/go-zfs v2.1.2-0.20190413222219-f784269be439+incompatible h1:aKW/4cBs+yK6gpqU3K/oIwk9Q/XICqd3zOX/UFuvqmk=
|
||||
github.com/mistifyio/go-zfs v2.1.2-0.20190413222219-f784269be439+incompatible/go.mod h1:8AuVvqP/mXw1px98n46wfvcGfQ4ci2FwoAjKYxuo3Z4=
|
||||
github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc=
|
||||
|
@ -805,6 +813,7 @@ github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRW
|
|||
github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
|
||||
github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw=
|
||||
github.com/ncw/swift v1.0.47/go.mod h1:23YIA4yWVnGwv2dQlN4bB7egfYX6YLn0Yo/S6zZO/ZM=
|
||||
github.com/networkplumbing/go-nft v0.2.0/go.mod h1:HnnM+tYvlGAsMU7yoYwXEVLLiDW9gdMmb5HoGcwpuQs=
|
||||
github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
|
||||
github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A=
|
||||
github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE=
|
||||
|
@ -825,8 +834,8 @@ github.com/onsi/ginkgo v1.14.0/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9k
|
|||
github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vvnwo0=
|
||||
github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE=
|
||||
github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU=
|
||||
github.com/onsi/ginkgo/v2 v2.0.0 h1:CcuG/HvWNkkaqCUpJifQY8z7qEMBJya6aLPx6ftGyjQ=
|
||||
github.com/onsi/ginkgo/v2 v2.0.0/go.mod h1:vw5CSIxN1JObi/U8gcbwft7ZxR2dgaR70JSE3/PpL4c=
|
||||
github.com/onsi/ginkgo/v2 v2.1.3 h1:e/3Cwtogj0HA+25nMP1jCMDIf8RtRYbGwGGuBIFztkc=
|
||||
github.com/onsi/ginkgo/v2 v2.1.3/go.mod h1:vw5CSIxN1JObi/U8gcbwft7ZxR2dgaR70JSE3/PpL4c=
|
||||
github.com/onsi/gomega v0.0.0-20151007035656-2152b45fa28a/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
|
||||
github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
|
||||
github.com/onsi/gomega v1.5.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
|
||||
|
@ -837,8 +846,8 @@ github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1y
|
|||
github.com/onsi/gomega v1.10.3/go.mod h1:V9xEwhxec5O8UDM77eCW8vLymOMltsqPVYWrpDsH8xc=
|
||||
github.com/onsi/gomega v1.15.0/go.mod h1:cIuvLEne0aoVhAgh/O6ac0Op8WWw9H6eYCriF+tEHG0=
|
||||
github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY=
|
||||
github.com/onsi/gomega v1.18.1 h1:M1GfJqGRrBrrGGsbxzV5dqM2U2ApXefZCQpkukxYRLE=
|
||||
github.com/onsi/gomega v1.18.1/go.mod h1:0q+aL8jAiMXy9hbwj2mr5GziHiwhAIQpFmmtT5hitRs=
|
||||
github.com/onsi/gomega v1.19.0 h1:4ieX6qQjPP/BfC3mpsAtIGGlxTWPeA3Inl/7DtXw1tw=
|
||||
github.com/onsi/gomega v1.19.0/go.mod h1:LY+I3pBVzYsTBU1AnDwOSxaYi9WoWiqgwooUqq9yPro=
|
||||
github.com/opencontainers/go-digest v0.0.0-20170106003457-a6d0ee40d420/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
|
||||
github.com/opencontainers/go-digest v0.0.0-20180430190053-c9281466c8b2/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
|
||||
github.com/opencontainers/go-digest v1.0.0-rc1/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
|
||||
|
@ -854,8 +863,9 @@ github.com/opencontainers/runc v1.0.0-rc9/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rm
|
|||
github.com/opencontainers/runc v1.0.0-rc93/go.mod h1:3NOsor4w32B2tC0Zbl8Knk4Wg84SM2ImC1fxBuqJ/H0=
|
||||
github.com/opencontainers/runc v1.0.2/go.mod h1:aTaHFFwQXuA71CiyxOdFFIorAoemI04suvGRQFzWTD0=
|
||||
github.com/opencontainers/runc v1.0.3/go.mod h1:aTaHFFwQXuA71CiyxOdFFIorAoemI04suvGRQFzWTD0=
|
||||
github.com/opencontainers/runc v1.1.0 h1:O9+X96OcDjkmmZyfaG996kV7yq8HsoU2h1XRRQcefG8=
|
||||
github.com/opencontainers/runc v1.1.0/go.mod h1:Tj1hFw6eFWp/o33uxGf5yF2BX5yz2Z6iptFpuvbbKqc=
|
||||
github.com/opencontainers/runc v1.1.1 h1:PJ9DSs2sVwE0iVr++pAHE6QkS9tzcVWozlPifdwMgrU=
|
||||
github.com/opencontainers/runc v1.1.1/go.mod h1:Tj1hFw6eFWp/o33uxGf5yF2BX5yz2Z6iptFpuvbbKqc=
|
||||
github.com/opencontainers/runtime-spec v0.1.2-0.20190507144316-5b71a03e2700/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
|
||||
github.com/opencontainers/runtime-spec v1.0.1/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
|
||||
github.com/opencontainers/runtime-spec v1.0.2-0.20190207185410-29686dbc5559/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
|
||||
|
@ -870,12 +880,12 @@ github.com/opencontainers/selinux v1.6.0/go.mod h1:VVGKuOLlE7v4PJyT6h7mNWvq1rzqi
|
|||
github.com/opencontainers/selinux v1.8.0/go.mod h1:RScLhm78qiWa2gbVCcGkC7tCGdgk3ogry1nUQF8Evvo=
|
||||
github.com/opencontainers/selinux v1.8.2/go.mod h1:MUIHuUEvKB1wtJjQdOyYRgOnLD2xAPP8dBsCoU0KuF8=
|
||||
github.com/opencontainers/selinux v1.8.5/go.mod h1:HTvjPFoGMbpQsG886e3lQwnsRWtE4TC1OF3OUvG9FAo=
|
||||
github.com/opencontainers/selinux v1.10.0 h1:rAiKF8hTcgLI3w0DHm6i0ylVVcOrlgR1kK99DRLDhyU=
|
||||
github.com/opencontainers/selinux v1.10.0/go.mod h1:2i0OySw99QjzBBQByd1Gr9gSjvuho1lHsJxIJ3gGbJI=
|
||||
github.com/openshift/imagebuilder v1.2.2 h1:++jWWMkTVJKP2MIjTPaTk2MqwWIOYYlDaQbZyLlLBh0=
|
||||
github.com/openshift/imagebuilder v1.2.2/go.mod h1:TRYHe4CH9U6nkDjxjBNM5klrLbJBrRbpJE5SaRwUBsQ=
|
||||
github.com/opencontainers/selinux v1.10.1 h1:09LIPVRP3uuZGQvgR+SgMSNBd1Eb3vlRbGqQpoHsF8w=
|
||||
github.com/opencontainers/selinux v1.10.1/go.mod h1:2i0OySw99QjzBBQByd1Gr9gSjvuho1lHsJxIJ3gGbJI=
|
||||
github.com/openshift/imagebuilder v1.2.3 h1:jvA7mESJdclRKkTe3Yl6UWlliFNVW6mLY8RI+Rrfhfo=
|
||||
github.com/openshift/imagebuilder v1.2.3/go.mod h1:TRYHe4CH9U6nkDjxjBNM5klrLbJBrRbpJE5SaRwUBsQ=
|
||||
github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o=
|
||||
github.com/ostreedev/ostree-go v0.0.0-20190702140239-759a8c1ac913/go.mod h1:J6OG6YJVEWopen4avK3VNQSnALmmjvniMmni/YFYAwc=
|
||||
github.com/ostreedev/ostree-go v0.0.0-20210805093236-719684c64e4f h1:/UDgs8FGMqwnHagNDPGOlts35QkhAZ8by3DR7nMih7M=
|
||||
github.com/ostreedev/ostree-go v0.0.0-20210805093236-719684c64e4f/go.mod h1:J6OG6YJVEWopen4avK3VNQSnALmmjvniMmni/YFYAwc=
|
||||
github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
|
||||
|
@ -905,8 +915,9 @@ github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5Fsn
|
|||
github.com/prometheus/client_golang v1.1.0/go.mod h1:I1FGZT9+L76gKKOs5djB6ezCbFQP1xR9D75/vuwEF3g=
|
||||
github.com/prometheus/client_golang v1.4.0/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU=
|
||||
github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M=
|
||||
github.com/prometheus/client_golang v1.11.0 h1:HNkLOAEQMIDv/K+04rukrLx6ch7msSRwf3/SASFAGtQ=
|
||||
github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0=
|
||||
github.com/prometheus/client_golang v1.11.1 h1:+4eQaD7vAZ6DsfsxB15hbE0odUjGI5ARs9yskGu1v4s=
|
||||
github.com/prometheus/client_golang v1.11.1/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0=
|
||||
github.com/prometheus/client_model v0.0.0-20171117100541-99fa1f4be8e5/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
|
||||
github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
|
||||
github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
|
||||
|
@ -980,8 +991,9 @@ github.com/spf13/cobra v0.0.2-0.20171109065643-2da4a54c5cee/go.mod h1:1l0Ry5zgKv
|
|||
github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ=
|
||||
github.com/spf13/cobra v1.0.0/go.mod h1:/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE=
|
||||
github.com/spf13/cobra v1.1.3/go.mod h1:pGADOWyqRD/YMrPZigI/zbliZ2wVD/23d+is3pSWzOo=
|
||||
github.com/spf13/cobra v1.3.0 h1:R7cSvGu+Vv+qX0gW5R/85dx2kmmJT5z5NM8ifdYjdn0=
|
||||
github.com/spf13/cobra v1.3.0/go.mod h1:BrRVncBjOJa/eUcVVm9CE+oC6as8k+VYr4NY7WCi9V4=
|
||||
github.com/spf13/cobra v1.4.0 h1:y+wJpx64xcgO1V+RcnwW0LEHxTKRi2ZDPSBjWnrg88Q=
|
||||
github.com/spf13/cobra v1.4.0/go.mod h1:Wo4iy3BUC+X2Fybo0PDqwJIv3dNRiZLHQymsfxlB84g=
|
||||
github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo=
|
||||
github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo=
|
||||
github.com/spf13/pflag v0.0.0-20170130214245-9ff6c6923cff/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
|
||||
|
@ -1006,13 +1018,14 @@ github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UV
|
|||
github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
|
||||
github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
|
||||
github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
|
||||
github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
|
||||
github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
|
||||
github.com/stretchr/testify v1.7.1 h1:5TQK59W5E3v0r2duFAb7P95B6hEeOyEnHRa8MjYSMTY=
|
||||
github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
|
||||
github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
|
||||
github.com/sylabs/release-tools v0.1.0/go.mod h1:pqP/z/11/rYMQ0OM/Nn7TxGijw7KfZwW9UolD/J1TUo=
|
||||
github.com/sylabs/sif/v2 v2.3.1/go.mod h1:NnvveH62GiibimL00MrI6YYcZfb7DnZMcRo/40giY+0=
|
||||
github.com/sylabs/sif/v2 v2.3.2 h1:Kj60dUcE3TSM8Px4TaIbX7PUafB1QGhUi70Fz5Gf7iU=
|
||||
github.com/sylabs/sif/v2 v2.3.2/go.mod h1:IrLX2pzmQ2O4qgv5iy3HdKJcBNYds9DTMd9Je8A9tX4=
|
||||
github.com/sylabs/sif/v2 v2.4.2 h1:L4jcqeOF33JfSnH+8GJKC7/ooVpzpZ2K7wotGG4ZzqQ=
|
||||
github.com/sylabs/sif/v2 v2.4.2/go.mod h1:6gQvzNKRIqr4FS08XBfHpkpnxv9b7h58GLkSJ1zdK9A=
|
||||
github.com/syndtr/gocapability v0.0.0-20170704070218-db04d3cc01c8/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww=
|
||||
github.com/syndtr/gocapability v0.0.0-20180916011248-d98352740cb2/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww=
|
||||
github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 h1:kdXcSzyDtseVEc4yCz2qF8ZrQvIDBJLl4S1c3GCXmoI=
|
||||
|
@ -1052,7 +1065,6 @@ github.com/willf/bitset v1.1.11/go.mod h1:83CECat5yLh5zVOf4P1ErAgKA5UDvKtgyUABdr
|
|||
github.com/xanzy/ssh-agent v0.3.0/go.mod h1:3s9xbODqPuuhK9JV1R321M/FlMZSBvE5aY6eAcqrDh0=
|
||||
github.com/xanzy/ssh-agent v0.3.1/go.mod h1:QIE4lCeL7nkC25x+yA3LBIYfwCc1TFziCtG7cBAac6w=
|
||||
github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
|
||||
github.com/xeipuuv/gojsonpointer v0.0.0-20190809123943-df4f5c81cb3b/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
|
||||
github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb h1:zGWFAtiMcyryUHoUjUJX0/lt1H2+i2Ka2n+D3DImSNo=
|
||||
github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
|
||||
github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHovont7NscjpAxXsDA8S8BMYve8Y5+7cuRE7R0=
|
||||
|
@ -1248,8 +1260,9 @@ golang.org/x/net v0.0.0-20210929193557-e81a3d93ecf6/go.mod h1:9nx3DQGgdP8bBQD5qx
|
|||
golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
|
||||
golang.org/x/net v0.0.0-20211209124913-491a49abca63/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
|
||||
golang.org/x/net v0.0.0-20211216030914-fe4d6282115f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
|
||||
golang.org/x/net v0.0.0-20220114011407-0dd24b26b47d h1:1n1fc535VhN8SYtD4cDUyNlfpAF2ROMM9+11equK3hs=
|
||||
golang.org/x/net v0.0.0-20220114011407-0dd24b26b47d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
|
||||
golang.org/x/net v0.0.0-20220225172249-27dd8689420f h1:oA4XRj0qtSt8Yo1Zms0CUlsT3KG69V2UGQWPBxujDmc=
|
||||
golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
|
||||
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
|
||||
golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
|
||||
golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
|
||||
|
@ -1396,8 +1409,9 @@ golang.org/x/sys v0.0.0-20211124211545-fe61309f8881/go.mod h1:oPkhp1MJrh7nUepCBc
|
|||
golang.org/x/sys v0.0.0-20211205182925-97ca703d548d/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.0.0-20220128215802-99c3d69c2c27 h1:XDXtA5hveEEV8JB2l7nhMTp3t3cHp9ZpwcdjqyEWLlo=
|
||||
golang.org/x/sys v0.0.0-20220128215802-99c3d69c2c27/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.0.0-20220227234510-4e6760a101f9 h1:nhht2DYV/Sn3qOayu8lM+cU1ii9sTLUeBQwQQfUHtrs=
|
||||
golang.org/x/sys v0.0.0-20220227234510-4e6760a101f9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
|
||||
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
|
||||
golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
|
||||
|
@ -1604,8 +1618,9 @@ google.golang.org/genproto v0.0.0-20211118181313-81c1377c94b1/go.mod h1:5CzLGKJ6
|
|||
google.golang.org/genproto v0.0.0-20211129164237-f09f9a12af12/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
|
||||
google.golang.org/genproto v0.0.0-20211203200212-54befc351ae9/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
|
||||
google.golang.org/genproto v0.0.0-20211206160659-862468c7d6e0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
|
||||
google.golang.org/genproto v0.0.0-20211208223120-3a66f561d7aa h1:I0YcKz0I7OAhddo7ya8kMnvprhcWM045PmkBdMO9zN0=
|
||||
google.golang.org/genproto v0.0.0-20211208223120-3a66f561d7aa/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
|
||||
google.golang.org/genproto v0.0.0-20220304144024-325a89244dc8 h1:U9V52f6rAgINH7kT+musA1qF8kWyVOxzF8eYuOVuFwQ=
|
||||
google.golang.org/genproto v0.0.0-20220304144024-325a89244dc8/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI=
|
||||
google.golang.org/grpc v0.0.0-20160317175043-d3ddb4469d5a/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw=
|
||||
google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
|
||||
google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
|
||||
|
@ -1637,8 +1652,9 @@ google.golang.org/grpc v1.39.1/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnD
|
|||
google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34=
|
||||
google.golang.org/grpc v1.40.1/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34=
|
||||
google.golang.org/grpc v1.42.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU=
|
||||
google.golang.org/grpc v1.43.0 h1:Eeu7bZtDZ2DpRCsLhUlcrLnvYaMK1Gz86a+hMVvELmM=
|
||||
google.golang.org/grpc v1.43.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU=
|
||||
google.golang.org/grpc v1.44.0 h1:weqSxi/TMs1SqFRMHCtBgXRs8k3X39QIDEZ0pRcttUg=
|
||||
google.golang.org/grpc v1.44.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU=
|
||||
google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw=
|
||||
google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
|
||||
google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
|
||||
|
|
4
vendor/github.com/containers/buildah/imagebuildah/build.go
generated
vendored
4
vendor/github.com/containers/buildah/imagebuildah/build.go
generated
vendored
|
@ -431,8 +431,8 @@ func preprocessContainerfileContents(logger *logrus.Logger, containerfile string
|
|||
cppCommand := "cpp"
|
||||
cppPath, err := exec.LookPath(cppCommand)
|
||||
if err != nil {
|
||||
if os.IsNotExist(err) {
|
||||
err = errors.Errorf("error: %s support requires %s to be installed", containerfile, cppPath)
|
||||
if errors.Is(err, exec.ErrNotFound) {
|
||||
err = fmt.Errorf("error: %v: .in support requires %s to be installed", err, cppCommand)
|
||||
}
|
||||
return nil, err
|
||||
}
|
||||
|
|
10
vendor/github.com/containers/buildah/imagebuildah/stage_executor.go
generated
vendored
10
vendor/github.com/containers/buildah/imagebuildah/stage_executor.go
generated
vendored
|
@ -1519,7 +1519,9 @@ func (s *StageExecutor) commit(ctx context.Context, createdBy string, emptyLayer
|
|||
s.builder.SetLabel(label[0], "")
|
||||
}
|
||||
}
|
||||
s.builder.SetLabel(buildah.BuilderIdentityAnnotation, define.Version)
|
||||
if s.executor.commonBuildOptions.IdentityLabel == types.OptionalBoolUndefined || s.executor.commonBuildOptions.IdentityLabel == types.OptionalBoolTrue {
|
||||
s.builder.SetLabel(buildah.BuilderIdentityAnnotation, define.Version)
|
||||
}
|
||||
for _, annotationSpec := range s.executor.annotations {
|
||||
annotation := strings.SplitN(annotationSpec, "=", 2)
|
||||
if len(annotation) > 1 {
|
||||
|
@ -1570,5 +1572,9 @@ func (s *StageExecutor) commit(ctx context.Context, createdBy string, emptyLayer
|
|||
}
|
||||
|
||||
func (s *StageExecutor) EnsureContainerPath(path string) error {
|
||||
return copier.Mkdir(s.mountPoint, filepath.Join(s.mountPoint, path), copier.MkdirOptions{})
|
||||
return s.builder.EnsureContainerPathAs(path, "", nil)
|
||||
}
|
||||
|
||||
func (s *StageExecutor) EnsureContainerPathAs(path, user string, mode *os.FileMode) error {
|
||||
return s.builder.EnsureContainerPathAs(path, user, mode)
|
||||
}
|
||||
|
|
9
vendor/github.com/containers/buildah/install.md
generated
vendored
9
vendor/github.com/containers/buildah/install.md
generated
vendored
|
@ -208,9 +208,7 @@ Then to install Buildah on Fedora follow the steps in this example:
|
|||
|
||||
### RHEL, CentOS
|
||||
|
||||
In RHEL and CentOS 7, ensure that you are subscribed to the `rhel-7-server-rpms`,
|
||||
`rhel-7-server-extras-rpms`, `rhel-7-server-optional-rpms` and `EPEL` repositories, then
|
||||
run this command:
|
||||
In RHEL and CentOS, run this command to install the build dependencies:
|
||||
|
||||
```
|
||||
yum -y install \
|
||||
|
@ -232,11 +230,6 @@ run this command:
|
|||
|
||||
The build steps for Buildah on RHEL or CentOS are the same as for Fedora, above.
|
||||
|
||||
*NOTE:* Buildah on RHEL or CentOS version 7.* is not supported running as non-root due to
|
||||
these systems not having newuidmap or newgidmap installed. It is possible to pull
|
||||
the shadow-utils source RPM from Fedora 29 and build and install from that in order to
|
||||
run Buildah as non-root on these systems.
|
||||
|
||||
### openSUSE
|
||||
|
||||
On openSUSE Tumbleweed, install go via `zypper in go`, then run this command:
|
||||
|
|
248
vendor/github.com/containers/buildah/internal/parse/parse.go
generated
vendored
248
vendor/github.com/containers/buildah/internal/parse/parse.go
generated
vendored
|
@ -14,6 +14,7 @@ import (
|
|||
"github.com/containers/image/v5/types"
|
||||
"github.com/containers/storage"
|
||||
"github.com/containers/storage/pkg/idtools"
|
||||
"github.com/containers/storage/pkg/lockfile"
|
||||
specs "github.com/opencontainers/runtime-spec/specs-go"
|
||||
"github.com/pkg/errors"
|
||||
)
|
||||
|
@ -28,13 +29,16 @@ const (
|
|||
// mount=type=cache must create a persistent directory on host so its available for all consecutive builds.
|
||||
// Lifecycle of following directory will be inherited from how host machine treats temporary directory
|
||||
BuildahCacheDir = "buildah-cache"
|
||||
// mount=type=cache allows users to lock a cache store while its being used by another build
|
||||
BuildahCacheLockfile = "buildah-cache-lockfile"
|
||||
)
|
||||
|
||||
var (
|
||||
errBadMntOption = errors.New("invalid mount option")
|
||||
errBadOptionArg = errors.New("must provide an argument for option")
|
||||
errBadVolDest = errors.New("must set volume destination")
|
||||
errBadVolSrc = errors.New("must set volume source")
|
||||
errBadMntOption = errors.New("invalid mount option")
|
||||
errBadOptionArg = errors.New("must provide an argument for option")
|
||||
errBadVolDest = errors.New("must set volume destination")
|
||||
errBadVolSrc = errors.New("must set volume source")
|
||||
errDuplicateDest = errors.Errorf("duplicate mount destination")
|
||||
)
|
||||
|
||||
// GetBindMount parses a single bind mount entry from the --mount flag.
|
||||
|
@ -175,9 +179,10 @@ func GetBindMount(ctx *types.SystemContext, args []string, contextDir string, st
|
|||
}
|
||||
|
||||
// GetCacheMount parses a single cache mount entry from the --mount flag.
|
||||
func GetCacheMount(args []string, store storage.Store, imageMountLabel string, additionalMountPoints map[string]internal.StageMountDetails) (specs.Mount, error) {
|
||||
func GetCacheMount(args []string, store storage.Store, imageMountLabel string, additionalMountPoints map[string]internal.StageMountDetails) (specs.Mount, []string, error) {
|
||||
var err error
|
||||
var mode uint64
|
||||
lockedTargets := make([]string, 0)
|
||||
var (
|
||||
setDest bool
|
||||
setShared bool
|
||||
|
@ -195,6 +200,8 @@ func GetCacheMount(args []string, store storage.Store, imageMountLabel string, a
|
|||
uid := 0
|
||||
//buidkit parity: cache directory defaults to gid 0 if not specified
|
||||
gid := 0
|
||||
// sharing mode
|
||||
sharing := "shared"
|
||||
|
||||
for _, val := range args {
|
||||
kv := strings.SplitN(val, "=", 2)
|
||||
|
@ -212,66 +219,68 @@ func GetCacheMount(args []string, store storage.Store, imageMountLabel string, a
|
|||
case "shared", "rshared", "private", "rprivate", "slave", "rslave", "Z", "z", "U":
|
||||
newMount.Options = append(newMount.Options, kv[0])
|
||||
setShared = true
|
||||
case "sharing":
|
||||
sharing = kv[1]
|
||||
case "bind-propagation":
|
||||
if len(kv) == 1 {
|
||||
return newMount, errors.Wrapf(errBadOptionArg, kv[0])
|
||||
return newMount, lockedTargets, errors.Wrapf(errBadOptionArg, kv[0])
|
||||
}
|
||||
newMount.Options = append(newMount.Options, kv[1])
|
||||
case "id":
|
||||
if len(kv) == 1 {
|
||||
return newMount, errors.Wrapf(errBadOptionArg, kv[0])
|
||||
return newMount, lockedTargets, errors.Wrapf(errBadOptionArg, kv[0])
|
||||
}
|
||||
id = kv[1]
|
||||
case "from":
|
||||
if len(kv) == 1 {
|
||||
return newMount, errors.Wrapf(errBadOptionArg, kv[0])
|
||||
return newMount, lockedTargets, errors.Wrapf(errBadOptionArg, kv[0])
|
||||
}
|
||||
fromStage = kv[1]
|
||||
case "target", "dst", "destination":
|
||||
if len(kv) == 1 {
|
||||
return newMount, errors.Wrapf(errBadOptionArg, kv[0])
|
||||
return newMount, lockedTargets, errors.Wrapf(errBadOptionArg, kv[0])
|
||||
}
|
||||
if err := parse.ValidateVolumeCtrDir(kv[1]); err != nil {
|
||||
return newMount, err
|
||||
return newMount, lockedTargets, err
|
||||
}
|
||||
newMount.Destination = kv[1]
|
||||
setDest = true
|
||||
case "src", "source":
|
||||
if len(kv) == 1 {
|
||||
return newMount, errors.Wrapf(errBadOptionArg, kv[0])
|
||||
return newMount, lockedTargets, errors.Wrapf(errBadOptionArg, kv[0])
|
||||
}
|
||||
newMount.Source = kv[1]
|
||||
case "mode":
|
||||
if len(kv) == 1 {
|
||||
return newMount, errors.Wrapf(errBadOptionArg, kv[0])
|
||||
return newMount, lockedTargets, errors.Wrapf(errBadOptionArg, kv[0])
|
||||
}
|
||||
mode, err = strconv.ParseUint(kv[1], 8, 32)
|
||||
if err != nil {
|
||||
return newMount, errors.Wrapf(err, "Unable to parse cache mode")
|
||||
return newMount, lockedTargets, errors.Wrapf(err, "Unable to parse cache mode")
|
||||
}
|
||||
case "uid":
|
||||
if len(kv) == 1 {
|
||||
return newMount, errors.Wrapf(errBadOptionArg, kv[0])
|
||||
return newMount, lockedTargets, errors.Wrapf(errBadOptionArg, kv[0])
|
||||
}
|
||||
uid, err = strconv.Atoi(kv[1])
|
||||
if err != nil {
|
||||
return newMount, errors.Wrapf(err, "Unable to parse cache uid")
|
||||
return newMount, lockedTargets, errors.Wrapf(err, "Unable to parse cache uid")
|
||||
}
|
||||
case "gid":
|
||||
if len(kv) == 1 {
|
||||
return newMount, errors.Wrapf(errBadOptionArg, kv[0])
|
||||
return newMount, lockedTargets, errors.Wrapf(errBadOptionArg, kv[0])
|
||||
}
|
||||
gid, err = strconv.Atoi(kv[1])
|
||||
if err != nil {
|
||||
return newMount, errors.Wrapf(err, "Unable to parse cache gid")
|
||||
return newMount, lockedTargets, errors.Wrapf(err, "Unable to parse cache gid")
|
||||
}
|
||||
default:
|
||||
return newMount, errors.Wrapf(errBadMntOption, kv[0])
|
||||
return newMount, lockedTargets, errors.Wrapf(errBadMntOption, kv[0])
|
||||
}
|
||||
}
|
||||
|
||||
if !setDest {
|
||||
return newMount, errBadVolDest
|
||||
return newMount, lockedTargets, errBadVolDest
|
||||
}
|
||||
|
||||
if fromStage != "" {
|
||||
|
@ -288,7 +297,7 @@ func GetCacheMount(args []string, store storage.Store, imageMountLabel string, a
|
|||
// Cache does not supports using image so if not stage found
|
||||
// return with error
|
||||
if mountPoint == "" {
|
||||
return newMount, fmt.Errorf("no stage found with name %s", fromStage)
|
||||
return newMount, lockedTargets, fmt.Errorf("no stage found with name %s", fromStage)
|
||||
}
|
||||
// path should be /contextDir/specified path
|
||||
newMount.Source = filepath.Join(mountPoint, filepath.Clean(string(filepath.Separator)+newMount.Source))
|
||||
|
@ -304,7 +313,7 @@ func GetCacheMount(args []string, store storage.Store, imageMountLabel string, a
|
|||
// create cache on host if not present
|
||||
err = os.MkdirAll(cacheParent, os.FileMode(0755))
|
||||
if err != nil {
|
||||
return newMount, errors.Wrapf(err, "Unable to create build cache directory")
|
||||
return newMount, lockedTargets, errors.Wrapf(err, "Unable to create build cache directory")
|
||||
}
|
||||
|
||||
if id != "" {
|
||||
|
@ -319,10 +328,28 @@ func GetCacheMount(args []string, store storage.Store, imageMountLabel string, a
|
|||
//buildkit parity: change uid and gid if specified otheriwise keep `0`
|
||||
err = idtools.MkdirAllAndChownNew(newMount.Source, os.FileMode(mode), idPair)
|
||||
if err != nil {
|
||||
return newMount, errors.Wrapf(err, "Unable to change uid,gid of cache directory")
|
||||
return newMount, lockedTargets, errors.Wrapf(err, "Unable to change uid,gid of cache directory")
|
||||
}
|
||||
}
|
||||
|
||||
switch sharing {
|
||||
case "locked":
|
||||
// lock parent cache
|
||||
lockfile, err := lockfile.GetLockfile(filepath.Join(newMount.Source, BuildahCacheLockfile))
|
||||
if err != nil {
|
||||
return newMount, lockedTargets, errors.Wrapf(err, "Unable to acquire lock when sharing mode is locked")
|
||||
}
|
||||
// Will be unlocked after the RUN step is executed.
|
||||
lockfile.Lock()
|
||||
lockedTargets = append(lockedTargets, filepath.Join(newMount.Source, BuildahCacheLockfile))
|
||||
case "shared":
|
||||
// do nothing since default is `shared`
|
||||
break
|
||||
default:
|
||||
// error out for unknown values
|
||||
return newMount, lockedTargets, errors.Wrapf(err, "Unrecognized value %q for field `sharing`", sharing)
|
||||
}
|
||||
|
||||
// buildkit parity: default sharing should be shared
|
||||
// unless specified
|
||||
if !setShared {
|
||||
|
@ -338,11 +365,184 @@ func GetCacheMount(args []string, store storage.Store, imageMountLabel string, a
|
|||
|
||||
opts, err := parse.ValidateVolumeOpts(newMount.Options)
|
||||
if err != nil {
|
||||
return newMount, err
|
||||
return newMount, lockedTargets, err
|
||||
}
|
||||
newMount.Options = opts
|
||||
|
||||
return newMount, nil
|
||||
return newMount, lockedTargets, nil
|
||||
}
|
||||
|
||||
// ValidateVolumeMountHostDir validates the host path of buildah --volume
|
||||
func ValidateVolumeMountHostDir(hostDir string) error {
|
||||
if !filepath.IsAbs(hostDir) {
|
||||
return errors.Errorf("invalid host path, must be an absolute path %q", hostDir)
|
||||
}
|
||||
if _, err := os.Stat(hostDir); err != nil {
|
||||
return errors.WithStack(err)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// RevertEscapedColon converts "\:" to ":"
|
||||
func RevertEscapedColon(source string) string {
|
||||
return strings.ReplaceAll(source, "\\:", ":")
|
||||
}
|
||||
|
||||
// SplitStringWithColonEscape splits string into slice by colon. Backslash-escaped colon (i.e. "\:") will not be regarded as separator
|
||||
func SplitStringWithColonEscape(str string) []string {
|
||||
result := make([]string, 0, 3)
|
||||
sb := &strings.Builder{}
|
||||
for idx, r := range str {
|
||||
if r == ':' {
|
||||
// the colon is backslash-escaped
|
||||
if idx-1 > 0 && str[idx-1] == '\\' {
|
||||
sb.WriteRune(r)
|
||||
} else {
|
||||
// os.Stat will fail if path contains escaped colon
|
||||
result = append(result, RevertEscapedColon(sb.String()))
|
||||
sb.Reset()
|
||||
}
|
||||
} else {
|
||||
sb.WriteRune(r)
|
||||
}
|
||||
}
|
||||
if sb.Len() > 0 {
|
||||
result = append(result, RevertEscapedColon(sb.String()))
|
||||
}
|
||||
return result
|
||||
}
|
||||
|
||||
func getVolumeMounts(volumes []string) (map[string]specs.Mount, error) {
|
||||
finalVolumeMounts := make(map[string]specs.Mount)
|
||||
|
||||
for _, volume := range volumes {
|
||||
volumeMount, err := Volume(volume)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if _, ok := finalVolumeMounts[volumeMount.Destination]; ok {
|
||||
return nil, errors.Wrapf(errDuplicateDest, volumeMount.Destination)
|
||||
}
|
||||
finalVolumeMounts[volumeMount.Destination] = volumeMount
|
||||
}
|
||||
return finalVolumeMounts, nil
|
||||
}
|
||||
|
||||
// Volume parses the input of --volume
|
||||
func Volume(volume string) (specs.Mount, error) {
|
||||
mount := specs.Mount{}
|
||||
arr := SplitStringWithColonEscape(volume)
|
||||
if len(arr) < 2 {
|
||||
return mount, errors.Errorf("incorrect volume format %q, should be host-dir:ctr-dir[:option]", volume)
|
||||
}
|
||||
if err := ValidateVolumeMountHostDir(arr[0]); err != nil {
|
||||
return mount, err
|
||||
}
|
||||
if err := parse.ValidateVolumeCtrDir(arr[1]); err != nil {
|
||||
return mount, err
|
||||
}
|
||||
mountOptions := ""
|
||||
if len(arr) > 2 {
|
||||
mountOptions = arr[2]
|
||||
if _, err := parse.ValidateVolumeOpts(strings.Split(arr[2], ",")); err != nil {
|
||||
return mount, err
|
||||
}
|
||||
}
|
||||
mountOpts := strings.Split(mountOptions, ",")
|
||||
mount.Source = arr[0]
|
||||
mount.Destination = arr[1]
|
||||
mount.Type = "rbind"
|
||||
mount.Options = mountOpts
|
||||
return mount, nil
|
||||
}
|
||||
|
||||
// GetVolumes gets the volumes from --volume and --mount
|
||||
func GetVolumes(ctx *types.SystemContext, store storage.Store, volumes []string, mounts []string, contextDir string) ([]specs.Mount, []string, []string, error) {
|
||||
unifiedMounts, mountedImages, lockedTargets, err := getMounts(ctx, store, mounts, contextDir)
|
||||
if err != nil {
|
||||
return nil, mountedImages, lockedTargets, err
|
||||
}
|
||||
volumeMounts, err := getVolumeMounts(volumes)
|
||||
if err != nil {
|
||||
return nil, mountedImages, lockedTargets, err
|
||||
}
|
||||
for dest, mount := range volumeMounts {
|
||||
if _, ok := unifiedMounts[dest]; ok {
|
||||
return nil, mountedImages, lockedTargets, errors.Wrapf(errDuplicateDest, dest)
|
||||
}
|
||||
unifiedMounts[dest] = mount
|
||||
}
|
||||
|
||||
finalMounts := make([]specs.Mount, 0, len(unifiedMounts))
|
||||
for _, mount := range unifiedMounts {
|
||||
finalMounts = append(finalMounts, mount)
|
||||
}
|
||||
return finalMounts, mountedImages, lockedTargets, nil
|
||||
}
|
||||
|
||||
// getMounts takes user-provided input from the --mount flag and creates OCI
|
||||
// spec mounts.
|
||||
// buildah run --mount type=bind,src=/etc/resolv.conf,target=/etc/resolv.conf ...
|
||||
// buildah run --mount type=tmpfs,target=/dev/shm ...
|
||||
func getMounts(ctx *types.SystemContext, store storage.Store, mounts []string, contextDir string) (map[string]specs.Mount, []string, []string, error) {
|
||||
finalMounts := make(map[string]specs.Mount)
|
||||
mountedImages := make([]string, 0)
|
||||
lockedTargets := make([]string, 0)
|
||||
|
||||
errInvalidSyntax := errors.Errorf("incorrect mount format: should be --mount type=<bind|tmpfs>,[src=<host-dir>,]target=<ctr-dir>[,options]")
|
||||
|
||||
// TODO(vrothberg): the manual parsing can be replaced with a regular expression
|
||||
// to allow a more robust parsing of the mount format and to give
|
||||
// precise errors regarding supported format versus supported options.
|
||||
for _, mount := range mounts {
|
||||
arr := strings.SplitN(mount, ",", 2)
|
||||
if len(arr) < 2 {
|
||||
return nil, mountedImages, lockedTargets, errors.Wrapf(errInvalidSyntax, "%q", mount)
|
||||
}
|
||||
kv := strings.Split(arr[0], "=")
|
||||
// TODO: type is not explicitly required in Docker.
|
||||
// If not specified, it defaults to "volume".
|
||||
if len(kv) != 2 || kv[0] != "type" {
|
||||
return nil, mountedImages, lockedTargets, errors.Wrapf(errInvalidSyntax, "%q", mount)
|
||||
}
|
||||
|
||||
tokens := strings.Split(arr[1], ",")
|
||||
switch kv[1] {
|
||||
case TypeBind:
|
||||
mount, image, err := GetBindMount(ctx, tokens, contextDir, store, "", nil)
|
||||
if err != nil {
|
||||
return nil, mountedImages, lockedTargets, err
|
||||
}
|
||||
if _, ok := finalMounts[mount.Destination]; ok {
|
||||
return nil, mountedImages, lockedTargets, errors.Wrapf(errDuplicateDest, mount.Destination)
|
||||
}
|
||||
finalMounts[mount.Destination] = mount
|
||||
mountedImages = append(mountedImages, image)
|
||||
case TypeCache:
|
||||
mount, lockedPaths, err := GetCacheMount(tokens, store, "", nil)
|
||||
lockedTargets = lockedPaths
|
||||
if err != nil {
|
||||
return nil, mountedImages, lockedTargets, err
|
||||
}
|
||||
if _, ok := finalMounts[mount.Destination]; ok {
|
||||
return nil, mountedImages, lockedTargets, errors.Wrapf(errDuplicateDest, mount.Destination)
|
||||
}
|
||||
finalMounts[mount.Destination] = mount
|
||||
case TypeTmpfs:
|
||||
mount, err := GetTmpfsMount(tokens)
|
||||
if err != nil {
|
||||
return nil, mountedImages, lockedTargets, err
|
||||
}
|
||||
if _, ok := finalMounts[mount.Destination]; ok {
|
||||
return nil, mountedImages, lockedTargets, errors.Wrapf(errDuplicateDest, mount.Destination)
|
||||
}
|
||||
finalMounts[mount.Destination] = mount
|
||||
default:
|
||||
return nil, mountedImages, lockedTargets, errors.Errorf("invalid filesystem type %q", kv[1])
|
||||
}
|
||||
}
|
||||
|
||||
return finalMounts, mountedImages, lockedTargets, nil
|
||||
}
|
||||
|
||||
// GetTmpfsMount parses a single tmpfs mount entry from the --mount flag
|
||||
|
|
10
vendor/github.com/containers/buildah/new.go
generated
vendored
10
vendor/github.com/containers/buildah/new.go
generated
vendored
|
@ -15,6 +15,7 @@ import (
|
|||
"github.com/containers/image/v5/transports"
|
||||
"github.com/containers/image/v5/types"
|
||||
"github.com/containers/storage"
|
||||
"github.com/containers/storage/pkg/stringid"
|
||||
digest "github.com/opencontainers/go-digest"
|
||||
v1 "github.com/opencontainers/image-spec/specs-go/v1"
|
||||
"github.com/openshift/imagebuilder"
|
||||
|
@ -48,6 +49,15 @@ func getImageName(name string, img *storage.Image) string {
|
|||
|
||||
func imageNamePrefix(imageName string) string {
|
||||
prefix := imageName
|
||||
if d, err := digest.Parse(imageName); err == nil {
|
||||
prefix = d.Encoded()
|
||||
if len(prefix) > 12 {
|
||||
prefix = prefix[:12]
|
||||
}
|
||||
}
|
||||
if stringid.ValidateID(prefix) == nil {
|
||||
prefix = stringid.TruncateID(prefix)
|
||||
}
|
||||
s := strings.Split(prefix, ":")
|
||||
if len(s) > 0 {
|
||||
prefix = s[0]
|
||||
|
|
2
vendor/github.com/containers/buildah/pkg/cli/common.go
generated
vendored
2
vendor/github.com/containers/buildah/pkg/cli/common.go
generated
vendored
|
@ -74,6 +74,7 @@ type BudResults struct {
|
|||
PullAlways bool
|
||||
PullNever bool
|
||||
Quiet bool
|
||||
IdentityLabel bool
|
||||
Rm bool
|
||||
Runtime string
|
||||
RuntimeFlags []string
|
||||
|
@ -227,6 +228,7 @@ func GetBudFlags(flags *BudResults) pflag.FlagSet {
|
|||
panic(fmt.Sprintf("error marking the pull-never flag as hidden: %v", err))
|
||||
}
|
||||
fs.BoolVarP(&flags.Quiet, "quiet", "q", false, "refrain from announcing build instructions and image read/write progress")
|
||||
fs.BoolVar(&flags.IdentityLabel, "identity-label", true, "add default identity label (default true)")
|
||||
fs.BoolVar(&flags.Rm, "rm", true, "Remove intermediate containers after a successful build")
|
||||
// "runtime" definition moved to avoid name collision in podman build. Defined in cmd/buildah/build.go.
|
||||
fs.StringSliceVar(&flags.RuntimeFlags, "runtime-flag", []string{}, "add global flags for the container runtime")
|
||||
|
|
210
vendor/github.com/containers/buildah/pkg/parse/parse.go
generated
vendored
210
vendor/github.com/containers/buildah/pkg/parse/parse.go
generated
vendored
|
@ -19,7 +19,6 @@ import (
|
|||
"github.com/containers/buildah/pkg/sshagent"
|
||||
"github.com/containers/common/pkg/parse"
|
||||
"github.com/containers/image/v5/types"
|
||||
"github.com/containers/storage"
|
||||
"github.com/containers/storage/pkg/idtools"
|
||||
"github.com/containers/storage/pkg/unshare"
|
||||
units "github.com/docker/go-units"
|
||||
|
@ -48,10 +47,6 @@ const (
|
|||
BuildahCacheDir = "buildah-cache"
|
||||
)
|
||||
|
||||
var (
|
||||
errDuplicateDest = errors.Errorf("duplicate mount destination")
|
||||
)
|
||||
|
||||
// CommonBuildOptions parses the build options from the bud cli
|
||||
func CommonBuildOptions(c *cobra.Command) (*define.CommonBuildOptions, error) {
|
||||
return CommonBuildOptionsFromFlagSet(c.Flags(), c.Flag)
|
||||
|
@ -141,6 +136,7 @@ func CommonBuildOptionsFromFlagSet(flags *pflag.FlagSet, findFlagFunc func(name
|
|||
cpuQuota, _ := flags.GetInt64("cpu-quota")
|
||||
cpuShares, _ := flags.GetUint64("cpu-shares")
|
||||
httpProxy, _ := flags.GetBool("http-proxy")
|
||||
identityLabel, _ := flags.GetBool("identity-label")
|
||||
|
||||
ulimit := []string{}
|
||||
if flags.Changed("ulimit") {
|
||||
|
@ -151,25 +147,26 @@ func CommonBuildOptionsFromFlagSet(flags *pflag.FlagSet, findFlagFunc func(name
|
|||
sshsources, _ := flags.GetStringArray("ssh")
|
||||
|
||||
commonOpts := &define.CommonBuildOptions{
|
||||
AddHost: addHost,
|
||||
CPUPeriod: cpuPeriod,
|
||||
CPUQuota: cpuQuota,
|
||||
CPUSetCPUs: findFlagFunc("cpuset-cpus").Value.String(),
|
||||
CPUSetMems: findFlagFunc("cpuset-mems").Value.String(),
|
||||
CPUShares: cpuShares,
|
||||
CgroupParent: findFlagFunc("cgroup-parent").Value.String(),
|
||||
DNSOptions: dnsOptions,
|
||||
DNSSearch: dnsSearch,
|
||||
DNSServers: dnsServers,
|
||||
HTTPProxy: httpProxy,
|
||||
Memory: memoryLimit,
|
||||
MemorySwap: memorySwap,
|
||||
NoHosts: noHosts,
|
||||
ShmSize: findFlagFunc("shm-size").Value.String(),
|
||||
Ulimit: ulimit,
|
||||
Volumes: volumes,
|
||||
Secrets: secrets,
|
||||
SSHSources: sshsources,
|
||||
AddHost: addHost,
|
||||
CPUPeriod: cpuPeriod,
|
||||
CPUQuota: cpuQuota,
|
||||
CPUSetCPUs: findFlagFunc("cpuset-cpus").Value.String(),
|
||||
CPUSetMems: findFlagFunc("cpuset-mems").Value.String(),
|
||||
CPUShares: cpuShares,
|
||||
CgroupParent: findFlagFunc("cgroup-parent").Value.String(),
|
||||
DNSOptions: dnsOptions,
|
||||
DNSSearch: dnsSearch,
|
||||
DNSServers: dnsServers,
|
||||
HTTPProxy: httpProxy,
|
||||
IdentityLabel: types.NewOptionalBool(identityLabel),
|
||||
Memory: memoryLimit,
|
||||
MemorySwap: memorySwap,
|
||||
NoHosts: noHosts,
|
||||
ShmSize: findFlagFunc("shm-size").Value.String(),
|
||||
Ulimit: ulimit,
|
||||
Volumes: volumes,
|
||||
Secrets: secrets,
|
||||
SSHSources: sshsources,
|
||||
}
|
||||
securityOpts, _ := flags.GetStringArray("security-opt")
|
||||
if err := parseSecurityOpts(securityOpts, commonOpts); err != nil {
|
||||
|
@ -222,59 +219,12 @@ func parseSecurityOpts(securityOpts []string, commonOpts *define.CommonBuildOpti
|
|||
|
||||
// Split string into slice by colon. Backslash-escaped colon (i.e. "\:") will not be regarded as separator
|
||||
func SplitStringWithColonEscape(str string) []string {
|
||||
result := make([]string, 0, 3)
|
||||
sb := &strings.Builder{}
|
||||
for idx, r := range str {
|
||||
if r == ':' {
|
||||
// the colon is backslash-escaped
|
||||
if idx-1 > 0 && str[idx-1] == '\\' {
|
||||
sb.WriteRune(r)
|
||||
} else {
|
||||
// os.Stat will fail if path contains escaped colon
|
||||
result = append(result, revertEscapedColon(sb.String()))
|
||||
sb.Reset()
|
||||
}
|
||||
} else {
|
||||
sb.WriteRune(r)
|
||||
}
|
||||
}
|
||||
if sb.Len() > 0 {
|
||||
result = append(result, revertEscapedColon(sb.String()))
|
||||
}
|
||||
return result
|
||||
}
|
||||
|
||||
// Convert "\:" to ":"
|
||||
func revertEscapedColon(source string) string {
|
||||
return strings.ReplaceAll(source, "\\:", ":")
|
||||
return internalParse.SplitStringWithColonEscape(str)
|
||||
}
|
||||
|
||||
// Volume parses the input of --volume
|
||||
func Volume(volume string) (specs.Mount, error) {
|
||||
mount := specs.Mount{}
|
||||
arr := SplitStringWithColonEscape(volume)
|
||||
if len(arr) < 2 {
|
||||
return mount, errors.Errorf("incorrect volume format %q, should be host-dir:ctr-dir[:option]", volume)
|
||||
}
|
||||
if err := validateVolumeMountHostDir(arr[0]); err != nil {
|
||||
return mount, err
|
||||
}
|
||||
if err := parse.ValidateVolumeCtrDir(arr[1]); err != nil {
|
||||
return mount, err
|
||||
}
|
||||
mountOptions := ""
|
||||
if len(arr) > 2 {
|
||||
mountOptions = arr[2]
|
||||
if _, err := parse.ValidateVolumeOpts(strings.Split(arr[2], ",")); err != nil {
|
||||
return mount, err
|
||||
}
|
||||
}
|
||||
mountOpts := strings.Split(mountOptions, ",")
|
||||
mount.Source = arr[0]
|
||||
mount.Destination = arr[1]
|
||||
mount.Type = "rbind"
|
||||
mount.Options = mountOpts
|
||||
return mount, nil
|
||||
return internalParse.Volume(volume)
|
||||
}
|
||||
|
||||
// Volumes validates the host and container paths passed in to the --volume flag
|
||||
|
@ -290,125 +240,11 @@ func Volumes(volumes []string) error {
|
|||
return nil
|
||||
}
|
||||
|
||||
func getVolumeMounts(volumes []string) (map[string]specs.Mount, error) {
|
||||
finalVolumeMounts := make(map[string]specs.Mount)
|
||||
|
||||
for _, volume := range volumes {
|
||||
volumeMount, err := Volume(volume)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if _, ok := finalVolumeMounts[volumeMount.Destination]; ok {
|
||||
return nil, errors.Wrapf(errDuplicateDest, volumeMount.Destination)
|
||||
}
|
||||
finalVolumeMounts[volumeMount.Destination] = volumeMount
|
||||
}
|
||||
return finalVolumeMounts, nil
|
||||
}
|
||||
|
||||
// GetVolumes gets the volumes from --volume and --mount
|
||||
func GetVolumes(ctx *types.SystemContext, store storage.Store, volumes []string, mounts []string, contextDir string) ([]specs.Mount, []string, error) {
|
||||
unifiedMounts, mountedImages, err := getMounts(ctx, store, mounts, contextDir)
|
||||
if err != nil {
|
||||
return nil, mountedImages, err
|
||||
}
|
||||
volumeMounts, err := getVolumeMounts(volumes)
|
||||
if err != nil {
|
||||
return nil, mountedImages, err
|
||||
}
|
||||
for dest, mount := range volumeMounts {
|
||||
if _, ok := unifiedMounts[dest]; ok {
|
||||
return nil, mountedImages, errors.Wrapf(errDuplicateDest, dest)
|
||||
}
|
||||
unifiedMounts[dest] = mount
|
||||
}
|
||||
|
||||
finalMounts := make([]specs.Mount, 0, len(unifiedMounts))
|
||||
for _, mount := range unifiedMounts {
|
||||
finalMounts = append(finalMounts, mount)
|
||||
}
|
||||
return finalMounts, mountedImages, nil
|
||||
}
|
||||
|
||||
// getMounts takes user-provided input from the --mount flag and creates OCI
|
||||
// spec mounts.
|
||||
// buildah run --mount type=bind,src=/etc/resolv.conf,target=/etc/resolv.conf ...
|
||||
// buildah run --mount type=tmpfs,target=/dev/shm ...
|
||||
func getMounts(ctx *types.SystemContext, store storage.Store, mounts []string, contextDir string) (map[string]specs.Mount, []string, error) {
|
||||
finalMounts := make(map[string]specs.Mount)
|
||||
mountedImages := make([]string, 0)
|
||||
|
||||
errInvalidSyntax := errors.Errorf("incorrect mount format: should be --mount type=<bind|tmpfs>,[src=<host-dir>,]target=<ctr-dir>[,options]")
|
||||
|
||||
// TODO(vrothberg): the manual parsing can be replaced with a regular expression
|
||||
// to allow a more robust parsing of the mount format and to give
|
||||
// precise errors regarding supported format versus supported options.
|
||||
for _, mount := range mounts {
|
||||
arr := strings.SplitN(mount, ",", 2)
|
||||
if len(arr) < 2 {
|
||||
return nil, mountedImages, errors.Wrapf(errInvalidSyntax, "%q", mount)
|
||||
}
|
||||
kv := strings.Split(arr[0], "=")
|
||||
// TODO: type is not explicitly required in Docker.
|
||||
// If not specified, it defaults to "volume".
|
||||
if len(kv) != 2 || kv[0] != "type" {
|
||||
return nil, mountedImages, errors.Wrapf(errInvalidSyntax, "%q", mount)
|
||||
}
|
||||
|
||||
tokens := strings.Split(arr[1], ",")
|
||||
switch kv[1] {
|
||||
case TypeBind:
|
||||
mount, image, err := internalParse.GetBindMount(ctx, tokens, contextDir, store, "", nil)
|
||||
if err != nil {
|
||||
return nil, mountedImages, err
|
||||
}
|
||||
if _, ok := finalMounts[mount.Destination]; ok {
|
||||
return nil, mountedImages, errors.Wrapf(errDuplicateDest, mount.Destination)
|
||||
}
|
||||
finalMounts[mount.Destination] = mount
|
||||
mountedImages = append(mountedImages, image)
|
||||
case TypeCache:
|
||||
mount, err := internalParse.GetCacheMount(tokens, store, "", nil)
|
||||
if err != nil {
|
||||
return nil, mountedImages, err
|
||||
}
|
||||
if _, ok := finalMounts[mount.Destination]; ok {
|
||||
return nil, mountedImages, errors.Wrapf(errDuplicateDest, mount.Destination)
|
||||
}
|
||||
finalMounts[mount.Destination] = mount
|
||||
case TypeTmpfs:
|
||||
mount, err := internalParse.GetTmpfsMount(tokens)
|
||||
if err != nil {
|
||||
return nil, mountedImages, err
|
||||
}
|
||||
if _, ok := finalMounts[mount.Destination]; ok {
|
||||
return nil, mountedImages, errors.Wrapf(errDuplicateDest, mount.Destination)
|
||||
}
|
||||
finalMounts[mount.Destination] = mount
|
||||
default:
|
||||
return nil, mountedImages, errors.Errorf("invalid filesystem type %q", kv[1])
|
||||
}
|
||||
}
|
||||
|
||||
return finalMounts, mountedImages, nil
|
||||
}
|
||||
|
||||
// ValidateVolumeHostDir validates a volume mount's source directory
|
||||
func ValidateVolumeHostDir(hostDir string) error {
|
||||
return parse.ValidateVolumeHostDir(hostDir)
|
||||
}
|
||||
|
||||
// validates the host path of buildah --volume
|
||||
func validateVolumeMountHostDir(hostDir string) error {
|
||||
if !filepath.IsAbs(hostDir) {
|
||||
return errors.Errorf("invalid host path, must be an absolute path %q", hostDir)
|
||||
}
|
||||
if _, err := os.Stat(hostDir); err != nil {
|
||||
return errors.WithStack(err)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// ValidateVolumeCtrDir validates a volume mount's destination directory.
|
||||
func ValidateVolumeCtrDir(ctrDir string) error {
|
||||
return parse.ValidateVolumeCtrDir(ctrDir)
|
||||
|
|
2
vendor/github.com/containers/buildah/run.go
generated
vendored
2
vendor/github.com/containers/buildah/run.go
generated
vendored
|
@ -175,4 +175,6 @@ type runMountArtifacts struct {
|
|||
Agents []*sshagent.AgentServer
|
||||
// SSHAuthSock is the path to the ssh auth sock inside the container
|
||||
SSHAuthSock string
|
||||
// LockedTargets to be unlocked if there are any.
|
||||
LockedTargets []string
|
||||
}
|
||||
|
|
174
vendor/github.com/containers/buildah/run_linux.go
generated
vendored
174
vendor/github.com/containers/buildah/run_linux.go
generated
vendored
|
@ -12,6 +12,7 @@ import (
|
|||
"net"
|
||||
"os"
|
||||
"os/exec"
|
||||
"os/signal"
|
||||
"path/filepath"
|
||||
"runtime"
|
||||
"strconv"
|
||||
|
@ -43,6 +44,7 @@ import (
|
|||
"github.com/containers/storage"
|
||||
"github.com/containers/storage/pkg/idtools"
|
||||
"github.com/containers/storage/pkg/ioutils"
|
||||
"github.com/containers/storage/pkg/lockfile"
|
||||
"github.com/containers/storage/pkg/reexec"
|
||||
"github.com/containers/storage/pkg/stringid"
|
||||
"github.com/containers/storage/pkg/unshare"
|
||||
|
@ -190,16 +192,19 @@ func (b *Builder) Run(command []string, options RunOptions) error {
|
|||
return err
|
||||
}
|
||||
|
||||
// Figure out who owns files that will appear to be owned by UID/GID 0 in the container.
|
||||
rootUID, rootGID, err := util.GetHostRootIDs(spec)
|
||||
if err != nil {
|
||||
return err
|
||||
uid, gid := spec.Process.User.UID, spec.Process.User.GID
|
||||
if spec.Linux != nil {
|
||||
uid, gid, err = util.GetHostIDs(spec.Linux.UIDMappings, spec.Linux.GIDMappings, uid, gid)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
rootIDPair := &idtools.IDPair{UID: int(rootUID), GID: int(rootGID)}
|
||||
|
||||
idPair := &idtools.IDPair{UID: int(uid), GID: int(gid)}
|
||||
|
||||
mode := os.FileMode(0755)
|
||||
coptions := copier.MkdirOptions{
|
||||
ChownNew: rootIDPair,
|
||||
ChownNew: idPair,
|
||||
ChmodNew: &mode,
|
||||
}
|
||||
if err := copier.Mkdir(mountPoint, filepath.Join(mountPoint, spec.Process.Cwd), coptions); err != nil {
|
||||
|
@ -210,6 +215,13 @@ func (b *Builder) Run(command []string, options RunOptions) error {
|
|||
namespaceOptions := append(b.NamespaceOptions, options.NamespaceOptions...)
|
||||
volumes := b.Volumes()
|
||||
|
||||
// Figure out who owns files that will appear to be owned by UID/GID 0 in the container.
|
||||
rootUID, rootGID, err := util.GetHostRootIDs(spec)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
rootIDPair := &idtools.IDPair{UID: int(rootUID), GID: int(rootGID)}
|
||||
|
||||
if !options.NoHosts && !contains(volumes, "/etc/hosts") {
|
||||
hostFile, err := b.generateHosts(path, spec.Hostname, b.CommonBuildOpts.AddHost, rootIDPair)
|
||||
if err != nil {
|
||||
|
@ -243,7 +255,7 @@ func (b *Builder) Run(command []string, options RunOptions) error {
|
|||
rootless = 1
|
||||
}
|
||||
// Populate the .containerenv with container information
|
||||
containerenv := fmt.Sprintf(`\
|
||||
containerenv := fmt.Sprintf(`
|
||||
engine="buildah-%s"
|
||||
name=%q
|
||||
id=%q
|
||||
|
@ -289,9 +301,7 @@ rootless=%d
|
|||
case define.IsolationOCI:
|
||||
var moreCreateArgs []string
|
||||
if options.NoPivot {
|
||||
moreCreateArgs = []string{"--no-pivot"}
|
||||
} else {
|
||||
moreCreateArgs = nil
|
||||
moreCreateArgs = append(moreCreateArgs, "--no-pivot")
|
||||
}
|
||||
err = b.runUsingRuntimeSubproc(isolation, options, configureNetwork, configureNetworks, moreCreateArgs, spec, mountPoint, path, define.Package+"-"+filepath.Base(path))
|
||||
case IsolationChroot:
|
||||
|
@ -828,7 +838,7 @@ func runUsingRuntime(options RunOptions, configureNetwork bool, moreCreateArgs [
|
|||
if err = unix.Pipe(finishCopy); err != nil {
|
||||
return 1, errors.Wrapf(err, "error creating pipe for notifying to stop stdio")
|
||||
}
|
||||
finishedCopy := make(chan struct{})
|
||||
finishedCopy := make(chan struct{}, 1)
|
||||
var pargs []string
|
||||
if spec.Process != nil {
|
||||
pargs = spec.Process.Args
|
||||
|
@ -884,22 +894,27 @@ func runUsingRuntime(options RunOptions, configureNetwork bool, moreCreateArgs [
|
|||
pidFile := filepath.Join(bundlePath, "pid")
|
||||
args := append(append(append(runtimeArgs, "create", "--bundle", bundlePath, "--pid-file", pidFile), moreCreateArgs...), containerName)
|
||||
create := exec.Command(runtime, args...)
|
||||
setPdeathsig(create)
|
||||
create.Dir = bundlePath
|
||||
stdin, stdout, stderr := getCreateStdio()
|
||||
create.Stdin, create.Stdout, create.Stderr = stdin, stdout, stderr
|
||||
if create.SysProcAttr == nil {
|
||||
create.SysProcAttr = &syscall.SysProcAttr{}
|
||||
}
|
||||
|
||||
args = append(options.Args, "start", containerName)
|
||||
start := exec.Command(runtime, args...)
|
||||
setPdeathsig(start)
|
||||
start.Dir = bundlePath
|
||||
start.Stderr = os.Stderr
|
||||
|
||||
args = append(options.Args, "kill", containerName)
|
||||
kill := exec.Command(runtime, args...)
|
||||
kill.Dir = bundlePath
|
||||
kill.Stderr = os.Stderr
|
||||
kill := func(signal string) *exec.Cmd {
|
||||
args := append(options.Args, "kill", containerName)
|
||||
if signal != "" {
|
||||
args = append(args, signal)
|
||||
}
|
||||
kill := exec.Command(runtime, args...)
|
||||
kill.Dir = bundlePath
|
||||
kill.Stderr = os.Stderr
|
||||
return kill
|
||||
}
|
||||
|
||||
args = append(options.Args, "delete", containerName)
|
||||
del := exec.Command(runtime, args...)
|
||||
|
@ -980,13 +995,23 @@ func runUsingRuntime(options RunOptions, configureNetwork bool, moreCreateArgs [
|
|||
}
|
||||
defer func() {
|
||||
if atomic.LoadUint32(&stopped) == 0 {
|
||||
if err2 := kill.Run(); err2 != nil {
|
||||
options.Logger.Infof("error from %s stopping container: %v", runtime, err2)
|
||||
if err := kill("").Run(); err != nil {
|
||||
options.Logger.Infof("error from %s stopping container: %v", runtime, err)
|
||||
}
|
||||
atomic.StoreUint32(&stopped, 1)
|
||||
}
|
||||
}()
|
||||
|
||||
// Wait for the container to exit.
|
||||
interrupted := make(chan os.Signal, 100)
|
||||
go func() {
|
||||
for range interrupted {
|
||||
if err := kill("SIGKILL").Run(); err != nil {
|
||||
logrus.Errorf("%v sending SIGKILL", err)
|
||||
}
|
||||
}
|
||||
}()
|
||||
signal.Notify(interrupted, syscall.SIGHUP, syscall.SIGINT, syscall.SIGTERM)
|
||||
for {
|
||||
now := time.Now()
|
||||
var state specs.State
|
||||
|
@ -1025,6 +1050,8 @@ func runUsingRuntime(options RunOptions, configureNetwork bool, moreCreateArgs [
|
|||
break
|
||||
}
|
||||
}
|
||||
signal.Stop(interrupted)
|
||||
close(interrupted)
|
||||
|
||||
// Close the writing end of the stop-handling-stdio notification pipe.
|
||||
unix.Close(finishCopy[1])
|
||||
|
@ -1111,6 +1138,7 @@ func setupRootlessNetwork(pid int) (teardown func(), err error) {
|
|||
}
|
||||
|
||||
cmd := exec.Command(slirp4netns, "--mtu", "65520", "-r", "3", "-c", strconv.Itoa(pid), "tap0")
|
||||
setPdeathsig(cmd)
|
||||
cmd.Stdin, cmd.Stdout, cmd.Stderr = nil, nil, nil
|
||||
cmd.ExtraFiles = []*os.File{rootlessSlirpSyncW}
|
||||
|
||||
|
@ -1228,6 +1256,7 @@ func runCopyStdio(logger *logrus.Logger, stdio *sync.WaitGroup, copyPipes bool,
|
|||
}
|
||||
stdio.Done()
|
||||
finishedCopy <- struct{}{}
|
||||
close(finishedCopy)
|
||||
}()
|
||||
// Map describing where data on an incoming descriptor should go.
|
||||
relayMap := make(map[int]int)
|
||||
|
@ -1964,9 +1993,6 @@ func setupCapAdd(g *generate.Generator, caps ...string) error {
|
|||
if err := g.AddProcessCapabilityEffective(cap); err != nil {
|
||||
return errors.Wrapf(err, "error adding %q to the effective capability set", cap)
|
||||
}
|
||||
if err := g.AddProcessCapabilityInheritable(cap); err != nil {
|
||||
return errors.Wrapf(err, "error adding %q to the inheritable capability set", cap)
|
||||
}
|
||||
if err := g.AddProcessCapabilityPermitted(cap); err != nil {
|
||||
return errors.Wrapf(err, "error adding %q to the permitted capability set", cap)
|
||||
}
|
||||
|
@ -1985,9 +2011,6 @@ func setupCapDrop(g *generate.Generator, caps ...string) error {
|
|||
if err := g.DropProcessCapabilityEffective(cap); err != nil {
|
||||
return errors.Wrapf(err, "error removing %q from the effective capability set", cap)
|
||||
}
|
||||
if err := g.DropProcessCapabilityInheritable(cap); err != nil {
|
||||
return errors.Wrapf(err, "error removing %q from the inheritable capability set", cap)
|
||||
}
|
||||
if err := g.DropProcessCapabilityPermitted(cap); err != nil {
|
||||
return errors.Wrapf(err, "error removing %q from the permitted capability set", cap)
|
||||
}
|
||||
|
@ -2232,6 +2255,7 @@ func (b *Builder) runUsingRuntimeSubproc(isolation define.Isolation, options Run
|
|||
return errors.Wrapf(conferr, "error encoding configuration for %q", runUsingRuntimeCommand)
|
||||
}
|
||||
cmd := reexec.Command(runUsingRuntimeCommand)
|
||||
setPdeathsig(cmd)
|
||||
cmd.Dir = bundlePath
|
||||
cmd.Stdin = options.Stdin
|
||||
if cmd.Stdin == nil {
|
||||
|
@ -2260,23 +2284,23 @@ func (b *Builder) runUsingRuntimeSubproc(isolation define.Isolation, options Run
|
|||
}()
|
||||
|
||||
// create network configuration pipes
|
||||
var containerCreateR, containerCreateW *os.File
|
||||
var containerStartR, containerStartW *os.File
|
||||
var containerCreateR, containerCreateW fileCloser
|
||||
var containerStartR, containerStartW fileCloser
|
||||
if configureNetwork {
|
||||
containerCreateR, containerCreateW, err = os.Pipe()
|
||||
containerCreateR.file, containerCreateW.file, err = os.Pipe()
|
||||
if err != nil {
|
||||
return errors.Wrapf(err, "error creating container create pipe")
|
||||
}
|
||||
defer containerCreateR.Close()
|
||||
defer containerCreateW.Close()
|
||||
|
||||
containerStartR, containerStartW, err = os.Pipe()
|
||||
containerStartR.file, containerStartW.file, err = os.Pipe()
|
||||
if err != nil {
|
||||
return errors.Wrapf(err, "error creating container create pipe")
|
||||
}
|
||||
defer containerStartR.Close()
|
||||
defer containerStartW.Close()
|
||||
cmd.ExtraFiles = []*os.File{containerCreateW, containerStartR}
|
||||
cmd.ExtraFiles = []*os.File{containerCreateW.file, containerStartR.file}
|
||||
}
|
||||
|
||||
cmd.ExtraFiles = append([]*os.File{preader}, cmd.ExtraFiles...)
|
||||
|
@ -2286,8 +2310,20 @@ func (b *Builder) runUsingRuntimeSubproc(isolation define.Isolation, options Run
|
|||
return errors.Wrapf(err, "error while starting runtime")
|
||||
}
|
||||
|
||||
interrupted := make(chan os.Signal, 100)
|
||||
go func() {
|
||||
for receivedSignal := range interrupted {
|
||||
if err := cmd.Process.Signal(receivedSignal); err != nil {
|
||||
logrus.Infof("%v while attempting to forward %v to child process", err, receivedSignal)
|
||||
}
|
||||
}
|
||||
}()
|
||||
signal.Notify(interrupted, syscall.SIGHUP, syscall.SIGINT, syscall.SIGTERM)
|
||||
|
||||
if configureNetwork {
|
||||
if err := waitForSync(containerCreateR); err != nil {
|
||||
// we already passed the fd to the child, now close the writer so we do not hang if the child closes it
|
||||
containerCreateW.Close()
|
||||
if err := waitForSync(containerCreateR.file); err != nil {
|
||||
// we do not want to return here since we want to capture the exit code from the child via cmd.Wait()
|
||||
// close the pipes here so that the child will not hang forever
|
||||
containerCreateR.Close()
|
||||
|
@ -2313,16 +2349,19 @@ func (b *Builder) runUsingRuntimeSubproc(isolation define.Isolation, options Run
|
|||
}
|
||||
|
||||
logrus.Debug("network namespace successfully setup, send start message to child")
|
||||
_, err = containerStartW.Write([]byte{1})
|
||||
_, err = containerStartW.file.Write([]byte{1})
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if err := cmd.Wait(); err != nil {
|
||||
return errors.Wrapf(err, "error while running runtime")
|
||||
}
|
||||
confwg.Wait()
|
||||
signal.Stop(interrupted)
|
||||
close(interrupted)
|
||||
if err == nil {
|
||||
return conferr
|
||||
}
|
||||
|
@ -2332,9 +2371,25 @@ func (b *Builder) runUsingRuntimeSubproc(isolation define.Isolation, options Run
|
|||
return err
|
||||
}
|
||||
|
||||
// waitForSync waits for a maximum of 5 seconds to read something from the file
|
||||
// fileCloser is a helper struct to prevent closing the file twice in the code
|
||||
// users must call (fileCloser).Close() and not fileCloser.File.Close()
|
||||
type fileCloser struct {
|
||||
file *os.File
|
||||
closed bool
|
||||
}
|
||||
|
||||
func (f *fileCloser) Close() {
|
||||
if !f.closed {
|
||||
if err := f.file.Close(); err != nil {
|
||||
logrus.Errorf("failed to close file: %v", err)
|
||||
}
|
||||
f.closed = true
|
||||
}
|
||||
}
|
||||
|
||||
// waitForSync waits for a maximum of 4 minutes to read something from the file
|
||||
func waitForSync(pipeR *os.File) error {
|
||||
if err := pipeR.SetDeadline(time.Now().Add(5 * time.Second)); err != nil {
|
||||
if err := pipeR.SetDeadline(time.Now().Add(4 * time.Minute)); err != nil {
|
||||
return err
|
||||
}
|
||||
b := make([]byte, 16)
|
||||
|
@ -2448,6 +2503,7 @@ func (b *Builder) runSetupRunMounts(context *imagetypes.SystemContext, mounts []
|
|||
sshCount := 0
|
||||
defaultSSHSock := ""
|
||||
tokens := []string{}
|
||||
lockedTargets := []string{}
|
||||
for _, mount := range mounts {
|
||||
arr := strings.SplitN(mount, ",", 2)
|
||||
|
||||
|
@ -2506,12 +2562,13 @@ func (b *Builder) runSetupRunMounts(context *imagetypes.SystemContext, mounts []
|
|||
finalMounts = append(finalMounts, *mount)
|
||||
mountTargets = append(mountTargets, mount.Destination)
|
||||
case "cache":
|
||||
mount, err := b.getCacheMount(tokens, rootUID, rootGID, processUID, processGID, stageMountPoints)
|
||||
mount, lockedPaths, err := b.getCacheMount(tokens, rootUID, rootGID, processUID, processGID, stageMountPoints)
|
||||
if err != nil {
|
||||
return nil, nil, err
|
||||
}
|
||||
finalMounts = append(finalMounts, *mount)
|
||||
mountTargets = append(mountTargets, mount.Destination)
|
||||
lockedTargets = lockedPaths
|
||||
default:
|
||||
return nil, nil, errors.Errorf("invalid mount type %q", kv[1])
|
||||
}
|
||||
|
@ -2522,6 +2579,7 @@ func (b *Builder) runSetupRunMounts(context *imagetypes.SystemContext, mounts []
|
|||
Agents: agents,
|
||||
MountedImages: mountImages,
|
||||
SSHAuthSock: defaultSSHSock,
|
||||
LockedTargets: lockedTargets,
|
||||
}
|
||||
return finalMounts, artifacts, nil
|
||||
}
|
||||
|
@ -2557,18 +2615,18 @@ func (b *Builder) getTmpfsMount(tokens []string, rootUID, rootGID, processUID, p
|
|||
return &volumes[0], nil
|
||||
}
|
||||
|
||||
func (b *Builder) getCacheMount(tokens []string, rootUID, rootGID, processUID, processGID int, stageMountPoints map[string]internal.StageMountDetails) (*spec.Mount, error) {
|
||||
func (b *Builder) getCacheMount(tokens []string, rootUID, rootGID, processUID, processGID int, stageMountPoints map[string]internal.StageMountDetails) (*spec.Mount, []string, error) {
|
||||
var optionMounts []specs.Mount
|
||||
mount, err := internalParse.GetCacheMount(tokens, b.store, b.MountLabel, stageMountPoints)
|
||||
mount, lockedTargets, err := internalParse.GetCacheMount(tokens, b.store, b.MountLabel, stageMountPoints)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
return nil, lockedTargets, err
|
||||
}
|
||||
optionMounts = append(optionMounts, mount)
|
||||
volumes, err := b.runSetupVolumeMounts(b.MountLabel, nil, optionMounts, rootUID, rootGID, processUID, processGID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
return nil, lockedTargets, err
|
||||
}
|
||||
return &volumes[0], nil
|
||||
return &volumes[0], lockedTargets, nil
|
||||
}
|
||||
|
||||
func getSecretMount(tokens []string, secrets map[string]define.Secret, mountlabel string, containerWorkingDir string, uidmap []spec.LinuxIDMapping, gidmap []spec.LinuxIDMapping) (*spec.Mount, string, error) {
|
||||
|
@ -2850,6 +2908,32 @@ func (b *Builder) cleanupRunMounts(context *imagetypes.SystemContext, mountpoint
|
|||
prevErr = err
|
||||
}
|
||||
}
|
||||
// unlock if any locked files from this RUN statement
|
||||
for _, path := range artifacts.LockedTargets {
|
||||
_, err := os.Stat(path)
|
||||
if err != nil {
|
||||
// Lockfile not found this might be a problem,
|
||||
// since LockedTargets must contain list of all locked files
|
||||
// don't break here since we need to unlock other files but
|
||||
// log so user can take a look
|
||||
logrus.Warnf("Lockfile %q was expected here, stat failed with %v", path, err)
|
||||
continue
|
||||
}
|
||||
lockfile, err := lockfile.GetLockfile(path)
|
||||
if err != nil {
|
||||
// unable to get lockfile
|
||||
// lets log error and continue
|
||||
// unlocking other files
|
||||
logrus.Warn(err)
|
||||
continue
|
||||
}
|
||||
if lockfile.Locked() {
|
||||
lockfile.Unlock()
|
||||
} else {
|
||||
logrus.Warnf("Lockfile %q was expected to be locked, this is unexpected", path)
|
||||
continue
|
||||
}
|
||||
}
|
||||
return prevErr
|
||||
}
|
||||
|
||||
|
@ -2875,3 +2959,11 @@ func getNetworkInterface(store storage.Store, cniConfDir, cniPluginPath string)
|
|||
}
|
||||
return netInt, nil
|
||||
}
|
||||
|
||||
// setPdeathsig sets a parent-death signal for the process
|
||||
func setPdeathsig(cmd *exec.Cmd) {
|
||||
if cmd.SysProcAttr == nil {
|
||||
cmd.SysProcAttr = &syscall.SysProcAttr{}
|
||||
}
|
||||
cmd.SysProcAttr.Pdeathsig = syscall.SIGKILL
|
||||
}
|
||||
|
|
5
vendor/github.com/containers/buildah/selinux.go
generated
vendored
5
vendor/github.com/containers/buildah/selinux.go
generated
vendored
|
@ -1,13 +1,14 @@
|
|||
//go:build linux
|
||||
// +build linux
|
||||
|
||||
package buildah
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"os"
|
||||
|
||||
"github.com/opencontainers/runtime-tools/generate"
|
||||
selinux "github.com/opencontainers/selinux/go-selinux"
|
||||
"github.com/opencontainers/selinux/go-selinux/label"
|
||||
"github.com/pkg/errors"
|
||||
)
|
||||
|
||||
|
@ -33,7 +34,7 @@ func runLabelStdioPipes(stdioPipe [][]int, processLabel, mountLabel string) erro
|
|||
}
|
||||
for i := range stdioPipe {
|
||||
pipeFdName := fmt.Sprintf("/proc/self/fd/%d", stdioPipe[i][0])
|
||||
if err := label.Relabel(pipeFdName, pipeContext, false); err != nil {
|
||||
if err := selinux.SetFileLabel(pipeFdName, pipeContext); err != nil && !os.IsNotExist(err) {
|
||||
return errors.Wrapf(err, "setting file label on %q", pipeFdName)
|
||||
}
|
||||
}
|
||||
|
|
5
vendor/github.com/containers/common/libimage/import.go
generated
vendored
5
vendor/github.com/containers/common/libimage/import.go
generated
vendored
|
@ -49,15 +49,16 @@ func (r *Runtime) Import(ctx context.Context, path string, options *ImportOption
|
|||
ic = config.ImageConfig
|
||||
}
|
||||
|
||||
hist := []v1.History{
|
||||
history := []v1.History{
|
||||
{Comment: options.CommitMessage},
|
||||
}
|
||||
|
||||
config := v1.Image{
|
||||
Config: ic,
|
||||
History: hist,
|
||||
History: history,
|
||||
OS: options.OS,
|
||||
Architecture: options.Arch,
|
||||
Variant: options.Variant,
|
||||
}
|
||||
|
||||
u, err := url.ParseRequestURI(path)
|
||||
|
|
232
vendor/github.com/containers/common/libnetwork/cni/cni_conversion.go
generated
vendored
232
vendor/github.com/containers/common/libnetwork/cni/cni_conversion.go
generated
vendored
|
@ -128,76 +128,76 @@ func findPluginByName(plugins []*libcni.NetworkConfig, name string) bool {
|
|||
// convertIPAMConfToNetwork converts A cni IPAMConfig to libpod network subnets.
|
||||
// It returns an array of subnets and an extra bool if dhcp is configured.
|
||||
func convertIPAMConfToNetwork(network *types.Network, ipam *ipamConfig, confPath string) error {
|
||||
if ipam.PluginType == types.DHCPIPAMDriver {
|
||||
switch ipam.PluginType {
|
||||
case "":
|
||||
network.IPAMOptions[types.Driver] = types.NoneIPAMDriver
|
||||
case types.DHCPIPAMDriver:
|
||||
network.IPAMOptions[types.Driver] = types.DHCPIPAMDriver
|
||||
return nil
|
||||
}
|
||||
case types.HostLocalIPAMDriver:
|
||||
network.IPAMOptions[types.Driver] = types.HostLocalIPAMDriver
|
||||
for _, r := range ipam.Ranges {
|
||||
for _, ipam := range r {
|
||||
s := types.Subnet{}
|
||||
|
||||
if ipam.PluginType != types.HostLocalIPAMDriver {
|
||||
// Do not use types.ParseCIDR() because we want the ip to be
|
||||
// the network address and not a random ip in the sub.
|
||||
_, sub, err := net.ParseCIDR(ipam.Subnet)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
s.Subnet = types.IPNet{IPNet: *sub}
|
||||
|
||||
// gateway
|
||||
var gateway net.IP
|
||||
if ipam.Gateway != "" {
|
||||
gateway = net.ParseIP(ipam.Gateway)
|
||||
if gateway == nil {
|
||||
return errors.Errorf("failed to parse gateway ip %s", ipam.Gateway)
|
||||
}
|
||||
// convert to 4 byte if ipv4
|
||||
util.NormalizeIP(&gateway)
|
||||
} else if !network.Internal {
|
||||
// only add a gateway address if the network is not internal
|
||||
gateway, err = util.FirstIPInSubnet(sub)
|
||||
if err != nil {
|
||||
return errors.Errorf("failed to get first ip in subnet %s", sub.String())
|
||||
}
|
||||
}
|
||||
s.Gateway = gateway
|
||||
|
||||
var rangeStart net.IP
|
||||
var rangeEnd net.IP
|
||||
if ipam.RangeStart != "" {
|
||||
rangeStart = net.ParseIP(ipam.RangeStart)
|
||||
if rangeStart == nil {
|
||||
return errors.Errorf("failed to parse range start ip %s", ipam.RangeStart)
|
||||
}
|
||||
}
|
||||
if ipam.RangeEnd != "" {
|
||||
rangeEnd = net.ParseIP(ipam.RangeEnd)
|
||||
if rangeEnd == nil {
|
||||
return errors.Errorf("failed to parse range end ip %s", ipam.RangeEnd)
|
||||
}
|
||||
}
|
||||
if rangeStart != nil || rangeEnd != nil {
|
||||
s.LeaseRange = &types.LeaseRange{}
|
||||
s.LeaseRange.StartIP = rangeStart
|
||||
s.LeaseRange.EndIP = rangeEnd
|
||||
}
|
||||
if util.IsIPv6(s.Subnet.IP) {
|
||||
network.IPv6Enabled = true
|
||||
}
|
||||
network.Subnets = append(network.Subnets, s)
|
||||
}
|
||||
}
|
||||
default:
|
||||
// This is not an error. While we only support certain ipam drivers, we
|
||||
// cannot make it fail for unsupported ones. CNI is still able to use them,
|
||||
// just our translation logic cannot convert this into a Network.
|
||||
// For the same reason this is not warning, it would just be annoying for
|
||||
// everyone using a unknown ipam driver.
|
||||
logrus.Infof("unsupported ipam plugin %q in %s", ipam.PluginType, confPath)
|
||||
return nil
|
||||
}
|
||||
|
||||
network.IPAMOptions[types.Driver] = types.HostLocalIPAMDriver
|
||||
for _, r := range ipam.Ranges {
|
||||
for _, ipam := range r {
|
||||
s := types.Subnet{}
|
||||
|
||||
// Do not use types.ParseCIDR() because we want the ip to be
|
||||
// the network address and not a random ip in the sub.
|
||||
_, sub, err := net.ParseCIDR(ipam.Subnet)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
s.Subnet = types.IPNet{IPNet: *sub}
|
||||
|
||||
// gateway
|
||||
var gateway net.IP
|
||||
if ipam.Gateway != "" {
|
||||
gateway = net.ParseIP(ipam.Gateway)
|
||||
if gateway == nil {
|
||||
return errors.Errorf("failed to parse gateway ip %s", ipam.Gateway)
|
||||
}
|
||||
// convert to 4 byte if ipv4
|
||||
util.NormalizeIP(&gateway)
|
||||
} else if !network.Internal {
|
||||
// only add a gateway address if the network is not internal
|
||||
gateway, err = util.FirstIPInSubnet(sub)
|
||||
if err != nil {
|
||||
return errors.Errorf("failed to get first ip in subnet %s", sub.String())
|
||||
}
|
||||
}
|
||||
s.Gateway = gateway
|
||||
|
||||
var rangeStart net.IP
|
||||
var rangeEnd net.IP
|
||||
if ipam.RangeStart != "" {
|
||||
rangeStart = net.ParseIP(ipam.RangeStart)
|
||||
if rangeStart == nil {
|
||||
return errors.Errorf("failed to parse range start ip %s", ipam.RangeStart)
|
||||
}
|
||||
}
|
||||
if ipam.RangeEnd != "" {
|
||||
rangeEnd = net.ParseIP(ipam.RangeEnd)
|
||||
if rangeEnd == nil {
|
||||
return errors.Errorf("failed to parse range end ip %s", ipam.RangeEnd)
|
||||
}
|
||||
}
|
||||
if rangeStart != nil || rangeEnd != nil {
|
||||
s.LeaseRange = &types.LeaseRange{}
|
||||
s.LeaseRange.StartIP = rangeStart
|
||||
s.LeaseRange.EndIP = rangeEnd
|
||||
}
|
||||
if util.IsIPv6(s.Subnet.IP) {
|
||||
network.IPv6Enabled = true
|
||||
}
|
||||
network.Subnets = append(network.Subnets, s)
|
||||
}
|
||||
network.IPAMOptions[types.Driver] = ipam.PluginType
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
@ -225,10 +225,13 @@ func (n *cniNetwork) createCNIConfigListFromNetwork(network *types.Network, writ
|
|||
var (
|
||||
routes []ipamRoute
|
||||
ipamRanges [][]ipamLocalHostRangeConf
|
||||
ipamConf ipamConfig
|
||||
ipamConf *ipamConfig
|
||||
err error
|
||||
)
|
||||
if len(network.Subnets) > 0 {
|
||||
|
||||
ipamDriver := network.IPAMOptions[types.Driver]
|
||||
switch ipamDriver {
|
||||
case types.HostLocalIPAMDriver:
|
||||
defIpv4Route := false
|
||||
defIpv6Route := false
|
||||
for _, subnet := range network.Subnets {
|
||||
|
@ -257,46 +260,20 @@ func (n *cniNetwork) createCNIConfigListFromNetwork(network *types.Network, writ
|
|||
routes = append(routes, route)
|
||||
}
|
||||
}
|
||||
ipamConf = newIPAMHostLocalConf(routes, ipamRanges)
|
||||
} else {
|
||||
ipamConf = ipamConfig{PluginType: "dhcp"}
|
||||
conf := newIPAMHostLocalConf(routes, ipamRanges)
|
||||
ipamConf = &conf
|
||||
case types.DHCPIPAMDriver:
|
||||
ipamConf = &ipamConfig{PluginType: "dhcp"}
|
||||
|
||||
case types.NoneIPAMDriver:
|
||||
// do nothing
|
||||
default:
|
||||
return nil, "", errors.Errorf("unsupported ipam driver %q", ipamDriver)
|
||||
}
|
||||
|
||||
vlan := 0
|
||||
mtu := 0
|
||||
vlanPluginMode := ""
|
||||
for k, v := range network.Options {
|
||||
switch k {
|
||||
case "mtu":
|
||||
mtu, err = internalutil.ParseMTU(v)
|
||||
if err != nil {
|
||||
return nil, "", err
|
||||
}
|
||||
|
||||
case "vlan":
|
||||
vlan, err = internalutil.ParseVlan(v)
|
||||
if err != nil {
|
||||
return nil, "", err
|
||||
}
|
||||
|
||||
case "mode":
|
||||
switch network.Driver {
|
||||
case types.MacVLANNetworkDriver:
|
||||
if !pkgutil.StringInSlice(v, types.ValidMacVLANModes) {
|
||||
return nil, "", errors.Errorf("unknown macvlan mode %q", v)
|
||||
}
|
||||
case types.IPVLANNetworkDriver:
|
||||
if !pkgutil.StringInSlice(v, types.ValidIPVLANModes) {
|
||||
return nil, "", errors.Errorf("unknown ipvlan mode %q", v)
|
||||
}
|
||||
default:
|
||||
return nil, "", errors.Errorf("cannot set option \"mode\" with driver %q", network.Driver)
|
||||
}
|
||||
vlanPluginMode = v
|
||||
|
||||
default:
|
||||
return nil, "", errors.Errorf("unsupported network option %s", k)
|
||||
}
|
||||
opts, err := parseOptions(network.Options, network.Driver)
|
||||
if err != nil {
|
||||
return nil, "", err
|
||||
}
|
||||
|
||||
isGateway := true
|
||||
|
@ -314,7 +291,7 @@ func (n *cniNetwork) createCNIConfigListFromNetwork(network *types.Network, writ
|
|||
|
||||
switch network.Driver {
|
||||
case types.BridgeNetworkDriver:
|
||||
bridge := newHostLocalBridge(network.NetworkInterface, isGateway, ipMasq, mtu, vlan, &ipamConf)
|
||||
bridge := newHostLocalBridge(network.NetworkInterface, isGateway, ipMasq, opts.mtu, opts.vlan, ipamConf)
|
||||
plugins = append(plugins, bridge, newPortMapPlugin(), newFirewallPlugin(), newTuningPlugin())
|
||||
// if we find the dnsname plugin we add configuration for it
|
||||
if hasDNSNamePlugin(n.cniPluginDirs) && network.DNSEnabled {
|
||||
|
@ -323,10 +300,10 @@ func (n *cniNetwork) createCNIConfigListFromNetwork(network *types.Network, writ
|
|||
}
|
||||
|
||||
case types.MacVLANNetworkDriver:
|
||||
plugins = append(plugins, newVLANPlugin(types.MacVLANNetworkDriver, network.NetworkInterface, vlanPluginMode, mtu, &ipamConf))
|
||||
plugins = append(plugins, newVLANPlugin(types.MacVLANNetworkDriver, network.NetworkInterface, opts.vlanPluginMode, opts.mtu, ipamConf))
|
||||
|
||||
case types.IPVLANNetworkDriver:
|
||||
plugins = append(plugins, newVLANPlugin(types.IPVLANNetworkDriver, network.NetworkInterface, vlanPluginMode, mtu, &ipamConf))
|
||||
plugins = append(plugins, newVLANPlugin(types.IPVLANNetworkDriver, network.NetworkInterface, opts.vlanPluginMode, opts.mtu, ipamConf))
|
||||
|
||||
default:
|
||||
return nil, "", errors.Errorf("driver %q is not supported by cni", network.Driver)
|
||||
|
@ -402,3 +379,48 @@ func removeMachinePlugin(conf *libcni.NetworkConfigList) *libcni.NetworkConfigLi
|
|||
conf.Plugins = plugins
|
||||
return conf
|
||||
}
|
||||
|
||||
type options struct {
|
||||
vlan int
|
||||
mtu int
|
||||
vlanPluginMode string
|
||||
}
|
||||
|
||||
func parseOptions(networkOptions map[string]string, networkDriver string) (*options, error) {
|
||||
opt := &options{}
|
||||
var err error
|
||||
for k, v := range networkOptions {
|
||||
switch k {
|
||||
case "mtu":
|
||||
opt.mtu, err = internalutil.ParseMTU(v)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
case "vlan":
|
||||
opt.vlan, err = internalutil.ParseVlan(v)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
case "mode":
|
||||
switch networkDriver {
|
||||
case types.MacVLANNetworkDriver:
|
||||
if !pkgutil.StringInSlice(v, types.ValidMacVLANModes) {
|
||||
return nil, errors.Errorf("unknown macvlan mode %q", v)
|
||||
}
|
||||
case types.IPVLANNetworkDriver:
|
||||
if !pkgutil.StringInSlice(v, types.ValidIPVLANModes) {
|
||||
return nil, errors.Errorf("unknown ipvlan mode %q", v)
|
||||
}
|
||||
default:
|
||||
return nil, errors.Errorf("cannot set option \"mode\" with driver %q", networkDriver)
|
||||
}
|
||||
opt.vlanPluginMode = v
|
||||
|
||||
default:
|
||||
return nil, errors.Errorf("unsupported network option %s", k)
|
||||
}
|
||||
}
|
||||
return opt, nil
|
||||
}
|
||||
|
|
14
vendor/github.com/containers/common/libnetwork/cni/cni_types.go
generated
vendored
14
vendor/github.com/containers/common/libnetwork/cni/cni_types.go
generated
vendored
|
@ -145,11 +145,13 @@ func newHostLocalBridge(name string, isGateWay, ipMasq bool, mtu, vlan int, ipam
|
|||
MTU: mtu,
|
||||
HairpinMode: true,
|
||||
Vlan: vlan,
|
||||
IPAM: *ipamConf,
|
||||
}
|
||||
// if we use host-local set the ips cap to ensure we can set static ips via runtime config
|
||||
if ipamConf.PluginType == types.HostLocalIPAMDriver {
|
||||
bridge.Capabilities = caps
|
||||
if ipamConf != nil {
|
||||
bridge.IPAM = *ipamConf
|
||||
// if we use host-local set the ips cap to ensure we can set static ips via runtime config
|
||||
if ipamConf.PluginType == types.HostLocalIPAMDriver {
|
||||
bridge.Capabilities = caps
|
||||
}
|
||||
}
|
||||
return &bridge
|
||||
}
|
||||
|
@ -259,7 +261,9 @@ func hasDNSNamePlugin(paths []string) bool {
|
|||
func newVLANPlugin(pluginType, device, mode string, mtu int, ipam *ipamConfig) VLANConfig {
|
||||
m := VLANConfig{
|
||||
PluginType: pluginType,
|
||||
IPAM: *ipam,
|
||||
}
|
||||
if ipam != nil {
|
||||
m.IPAM = *ipam
|
||||
}
|
||||
if mtu > 0 {
|
||||
m.MTU = mtu
|
||||
|
|
45
vendor/github.com/containers/common/libnetwork/cni/config.go
generated
vendored
45
vendor/github.com/containers/common/libnetwork/cni/config.go
generated
vendored
|
@ -53,6 +53,11 @@ func (n *cniNetwork) networkCreate(newNetwork *types.Network, defaultNet bool) (
|
|||
return nil, err
|
||||
}
|
||||
|
||||
err = validateIPAMDriver(newNetwork)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
// Only get the used networks for validation if we do not create the default network.
|
||||
// The default network should not be validated against used subnets, we have to ensure
|
||||
// that this network can always be created even when a subnet is already used on the host.
|
||||
|
@ -91,6 +96,9 @@ func (n *cniNetwork) networkCreate(newNetwork *types.Network, defaultNet bool) (
|
|||
// generate the network ID
|
||||
newNetwork.ID = getNetworkIDFromName(newNetwork.Name)
|
||||
|
||||
// when we do not have ipam we must disable dns
|
||||
internalutil.IpamNoneDisableDns(newNetwork)
|
||||
|
||||
// FIXME: Should this be a hard error?
|
||||
if newNetwork.DNSEnabled && newNetwork.Internal && hasDNSNamePlugin(n.cniPluginDirs) {
|
||||
logrus.Warnf("dnsname and internal networks are incompatible. dnsname plugin not configured for network %s", newNetwork.Name)
|
||||
|
@ -197,13 +205,38 @@ func createIPMACVLAN(network *types.Network) error {
|
|||
return errors.Errorf("parent interface %s does not exist", network.NetworkInterface)
|
||||
}
|
||||
}
|
||||
if len(network.Subnets) == 0 {
|
||||
network.IPAMOptions[types.Driver] = types.DHCPIPAMDriver
|
||||
if network.Internal {
|
||||
return errors.New("internal is not supported with macvlan and dhcp ipam driver")
|
||||
|
||||
switch network.IPAMOptions[types.Driver] {
|
||||
// set default
|
||||
case "":
|
||||
if len(network.Subnets) == 0 {
|
||||
// if no subnets and no driver choose dhcp
|
||||
network.IPAMOptions[types.Driver] = types.DHCPIPAMDriver
|
||||
} else {
|
||||
network.IPAMOptions[types.Driver] = types.HostLocalIPAMDriver
|
||||
}
|
||||
} else {
|
||||
network.IPAMOptions[types.Driver] = types.HostLocalIPAMDriver
|
||||
case types.HostLocalIPAMDriver:
|
||||
if len(network.Subnets) == 0 {
|
||||
return errors.New("host-local ipam driver set but no subnets are given")
|
||||
}
|
||||
}
|
||||
|
||||
if network.IPAMOptions[types.Driver] == types.DHCPIPAMDriver && network.Internal {
|
||||
return errors.New("internal is not supported with macvlan and dhcp ipam driver")
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func validateIPAMDriver(n *types.Network) error {
|
||||
ipamDriver := n.IPAMOptions[types.Driver]
|
||||
switch ipamDriver {
|
||||
case "", types.HostLocalIPAMDriver:
|
||||
case types.DHCPIPAMDriver, types.NoneIPAMDriver:
|
||||
if len(n.Subnets) > 0 {
|
||||
return errors.Errorf("%s ipam driver is set but subnets are given", ipamDriver)
|
||||
}
|
||||
default:
|
||||
return errors.Errorf("unsupported ipam driver %q", ipamDriver)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
|
45
vendor/github.com/containers/common/libnetwork/cni/run.go
generated
vendored
45
vendor/github.com/containers/common/libnetwork/cni/run.go
generated
vendored
|
@ -125,35 +125,38 @@ func CNIResultToStatus(res cnitypes.Result) (types.StatusBlock, error) {
|
|||
result.DNSSearchDomains = cniResult.DNS.Search
|
||||
|
||||
interfaces := make(map[string]types.NetInterface)
|
||||
for _, ip := range cniResult.IPs {
|
||||
if ip.Interface == nil {
|
||||
// we do no expect ips without an interface
|
||||
for intIndex, netInterface := range cniResult.Interfaces {
|
||||
// we are only interested about interfaces in the container namespace
|
||||
if netInterface.Sandbox == "" {
|
||||
continue
|
||||
}
|
||||
if len(cniResult.Interfaces) <= *ip.Interface {
|
||||
return result, errors.Errorf("invalid cni result, interface index %d out of range", *ip.Interface)
|
||||
|
||||
mac, err := net.ParseMAC(netInterface.Mac)
|
||||
if err != nil {
|
||||
return result, err
|
||||
}
|
||||
cniInt := cniResult.Interfaces[*ip.Interface]
|
||||
netInt, ok := interfaces[cniInt.Name]
|
||||
if ok {
|
||||
netInt.Subnets = append(netInt.Subnets, types.NetAddress{
|
||||
IPNet: types.IPNet{IPNet: ip.Address},
|
||||
Gateway: ip.Gateway,
|
||||
})
|
||||
interfaces[cniInt.Name] = netInt
|
||||
} else {
|
||||
mac, err := net.ParseMAC(cniInt.Mac)
|
||||
if err != nil {
|
||||
return result, err
|
||||
subnets := make([]types.NetAddress, 0, len(cniResult.IPs))
|
||||
for _, ip := range cniResult.IPs {
|
||||
if ip.Interface == nil {
|
||||
// we do no expect ips without an interface
|
||||
continue
|
||||
}
|
||||
interfaces[cniInt.Name] = types.NetInterface{
|
||||
MacAddress: types.HardwareAddr(mac),
|
||||
Subnets: []types.NetAddress{{
|
||||
if len(cniResult.Interfaces) <= *ip.Interface {
|
||||
return result, errors.Errorf("invalid cni result, interface index %d out of range", *ip.Interface)
|
||||
}
|
||||
|
||||
// when we have a ip for this interface add it to the subnets
|
||||
if *ip.Interface == intIndex {
|
||||
subnets = append(subnets, types.NetAddress{
|
||||
IPNet: types.IPNet{IPNet: ip.Address},
|
||||
Gateway: ip.Gateway,
|
||||
}},
|
||||
})
|
||||
}
|
||||
}
|
||||
interfaces[netInterface.Name] = types.NetInterface{
|
||||
MacAddress: types.HardwareAddr(mac),
|
||||
Subnets: subnets,
|
||||
}
|
||||
}
|
||||
result.Interfaces = interfaces
|
||||
return result, nil
|
||||
|
|
4
vendor/github.com/containers/common/libnetwork/internal/util/bridge.go
generated
vendored
4
vendor/github.com/containers/common/libnetwork/internal/util/bridge.go
generated
vendored
|
@ -27,7 +27,9 @@ func CreateBridge(n NetUtil, network *types.Network, usedNetworks []*net.IPNet,
|
|||
}
|
||||
}
|
||||
|
||||
if network.IPAMOptions[types.Driver] != types.DHCPIPAMDriver {
|
||||
ipamDriver := network.IPAMOptions[types.Driver]
|
||||
// also do this when the driver is unset
|
||||
if ipamDriver == "" || ipamDriver == types.HostLocalIPAMDriver {
|
||||
if len(network.Subnets) == 0 {
|
||||
freeSubnet, err := GetFreeIPv4NetworkSubnet(usedNetworks, subnetPools)
|
||||
if err != nil {
|
||||
|
|
8
vendor/github.com/containers/common/libnetwork/internal/util/create.go
generated
vendored
8
vendor/github.com/containers/common/libnetwork/internal/util/create.go
generated
vendored
|
@ -3,6 +3,7 @@ package util
|
|||
import (
|
||||
"github.com/containers/common/libnetwork/types"
|
||||
"github.com/pkg/errors"
|
||||
"github.com/sirupsen/logrus"
|
||||
)
|
||||
|
||||
func CommonNetworkCreate(n NetUtil, network *types.Network) error {
|
||||
|
@ -39,3 +40,10 @@ func CommonNetworkCreate(n NetUtil, network *types.Network) error {
|
|||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func IpamNoneDisableDns(network *types.Network) {
|
||||
if network.IPAMOptions[types.Driver] == types.NoneIPAMDriver {
|
||||
logrus.Debugf("dns disabled for network %q because ipam driver is set to none", network.Name)
|
||||
network.DNSEnabled = false
|
||||
}
|
||||
}
|
||||
|
|
41
vendor/github.com/containers/common/libnetwork/netavark/config.go
generated
vendored
41
vendor/github.com/containers/common/libnetwork/netavark/config.go
generated
vendored
|
@ -67,6 +67,11 @@ func (n *netavarkNetwork) networkCreate(newNetwork *types.Network, defaultNet bo
|
|||
return nil, err
|
||||
}
|
||||
|
||||
err = validateIPAMDriver(newNetwork)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
// Only get the used networks for validation if we do not create the default network.
|
||||
// The default network should not be validated against used subnets, we have to ensure
|
||||
// that this network can always be created even when a subnet is already used on the host.
|
||||
|
@ -116,7 +121,10 @@ func (n *netavarkNetwork) networkCreate(newNetwork *types.Network, defaultNet bo
|
|||
return nil, errors.Wrapf(types.ErrInvalidArg, "unsupported driver %s", newNetwork.Driver)
|
||||
}
|
||||
|
||||
// add gatway when not internal or dns enabled
|
||||
// when we do not have ipam we must disable dns
|
||||
internalutil.IpamNoneDisableDns(newNetwork)
|
||||
|
||||
// add gateway when not internal or dns enabled
|
||||
addGateway := !newNetwork.Internal || newNetwork.DNSEnabled
|
||||
err = internalutil.ValidateSubnets(newNetwork, addGateway, usedNetworks)
|
||||
if err != nil {
|
||||
|
@ -153,10 +161,19 @@ func createMacvlan(network *types.Network) error {
|
|||
return errors.Errorf("parent interface %s does not exist", network.NetworkInterface)
|
||||
}
|
||||
}
|
||||
if len(network.Subnets) == 0 {
|
||||
return errors.Errorf("macvlan driver needs at least one subnet specified, DHCP is not supported with netavark")
|
||||
|
||||
// we already validated the drivers before so we just have to set the default here
|
||||
switch network.IPAMOptions[types.Driver] {
|
||||
case "":
|
||||
if len(network.Subnets) == 0 {
|
||||
return errors.Errorf("macvlan driver needs at least one subnet specified, DHCP is not yet supported with netavark")
|
||||
}
|
||||
network.IPAMOptions[types.Driver] = types.HostLocalIPAMDriver
|
||||
case types.HostLocalIPAMDriver:
|
||||
if len(network.Subnets) == 0 {
|
||||
return errors.Errorf("macvlan driver needs at least one subnet specified, when the host-local ipam driver is set")
|
||||
}
|
||||
}
|
||||
network.IPAMOptions[types.Driver] = types.HostLocalIPAMDriver
|
||||
|
||||
// validate the given options, we do not need them but just check to make sure they are valid
|
||||
for key, value := range network.Options {
|
||||
|
@ -246,3 +263,19 @@ func (n *netavarkNetwork) NetworkInspect(nameOrID string) (types.Network, error)
|
|||
}
|
||||
return *network, nil
|
||||
}
|
||||
|
||||
func validateIPAMDriver(n *types.Network) error {
|
||||
ipamDriver := n.IPAMOptions[types.Driver]
|
||||
switch ipamDriver {
|
||||
case "", types.HostLocalIPAMDriver:
|
||||
case types.NoneIPAMDriver:
|
||||
if len(n.Subnets) > 0 {
|
||||
return errors.New("none ipam driver is set but subnets are given")
|
||||
}
|
||||
case types.DHCPIPAMDriver:
|
||||
return errors.New("dhcp ipam driver is not yet supported with netavark")
|
||||
default:
|
||||
return errors.Errorf("unsupported ipam driver %q", ipamDriver)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
|
2
vendor/github.com/containers/common/libnetwork/netavark/network.go
generated
vendored
2
vendor/github.com/containers/common/libnetwork/netavark/network.go
generated
vendored
|
@ -245,7 +245,7 @@ func parseNetwork(network *types.Network) error {
|
|||
return errors.Errorf("invalid network ID %q", network.ID)
|
||||
}
|
||||
|
||||
// add gatway when not internal or dns enabled
|
||||
// add gateway when not internal or dns enabled
|
||||
addGateway := !network.Internal || network.DNSEnabled
|
||||
return util.ValidateSubnets(network, addGateway, nil)
|
||||
}
|
||||
|
|
4
vendor/github.com/containers/common/libnetwork/types/const.go
generated
vendored
4
vendor/github.com/containers/common/libnetwork/types/const.go
generated
vendored
|
@ -12,10 +12,12 @@ const (
|
|||
|
||||
// IPAM drivers
|
||||
Driver = "driver"
|
||||
// HostLocalIPAMDriver store the ip
|
||||
// HostLocalIPAMDriver store the ip locally in a db
|
||||
HostLocalIPAMDriver = "host-local"
|
||||
// DHCPIPAMDriver get subnet and ip from dhcp server
|
||||
DHCPIPAMDriver = "dhcp"
|
||||
// NoneIPAMDriver do not provide ipam management
|
||||
NoneIPAMDriver = "none"
|
||||
|
||||
// DefaultSubnet is the name that will be used for the default CNI network.
|
||||
DefaultNetworkName = "podman"
|
||||
|
|
12
vendor/github.com/containers/common/pkg/config/config.go
generated
vendored
12
vendor/github.com/containers/common/pkg/config/config.go
generated
vendored
|
@ -2,6 +2,7 @@ package config
|
|||
|
||||
import (
|
||||
"fmt"
|
||||
"io/fs"
|
||||
"os"
|
||||
"os/exec"
|
||||
"path/filepath"
|
||||
|
@ -251,7 +252,7 @@ type EngineConfig struct {
|
|||
|
||||
// EventsLogFileMaxSize sets the maximum size for the events log. When the limit is exceeded,
|
||||
// the logfile is rotated and the old one is deleted.
|
||||
EventsLogFileMaxSize uint64 `toml:"events_logfile_max_size,omitempty"`
|
||||
EventsLogFileMaxSize uint64 `toml:"events_logfile_max_size,omitempty,omitzero"`
|
||||
|
||||
// EventsLogger determines where events should be logged.
|
||||
EventsLogger string `toml:"events_logger,omitempty"`
|
||||
|
@ -649,17 +650,14 @@ func readConfigFromFile(path string, config *Config) error {
|
|||
func addConfigs(dirPath string, configs []string) ([]string, error) {
|
||||
newConfigs := []string{}
|
||||
|
||||
err := filepath.Walk(dirPath,
|
||||
err := filepath.WalkDir(dirPath,
|
||||
// WalkFunc to read additional configs
|
||||
func(path string, info os.FileInfo, err error) error {
|
||||
func(path string, d fs.DirEntry, err error) error {
|
||||
switch {
|
||||
case err != nil:
|
||||
// return error (could be a permission problem)
|
||||
return err
|
||||
case info == nil:
|
||||
// this should only happen when err != nil but let's be sure
|
||||
return nil
|
||||
case info.IsDir():
|
||||
case d.IsDir():
|
||||
if path != dirPath {
|
||||
// make sure to not recurse into sub-directories
|
||||
return filepath.SkipDir
|
||||
|
|
4
vendor/github.com/containers/common/pkg/report/camelcase/README.md
generated
vendored
4
vendor/github.com/containers/common/pkg/report/camelcase/README.md
generated
vendored
|
@ -27,9 +27,9 @@ go get github.com/fatih/camelcase
|
|||
## Usage and examples
|
||||
|
||||
```go
|
||||
splitted := camelcase.Split("GolangPackage")
|
||||
split := camelcase.Split("GolangPackage")
|
||||
|
||||
fmt.Println(splitted[0], splitted[1]) // prints: "Golang", "Package"
|
||||
fmt.Println(split[0], split[1]) // prints: "Golang", "Package"
|
||||
```
|
||||
|
||||
Both lower camel case and upper camel case are supported. For more info please
|
||||
|
|
8
vendor/github.com/containers/common/pkg/secrets/passdriver/passdriver.go
generated
vendored
8
vendor/github.com/containers/common/pkg/secrets/passdriver/passdriver.go
generated
vendored
|
@ -30,6 +30,8 @@ type driverConfig struct {
|
|||
Root string
|
||||
// KeyID contains the key id that will be used for encryption (i.e. user@domain.tld)
|
||||
KeyID string
|
||||
// GPGHomedir is the homedir where the GPG keys are stored
|
||||
GPGHomedir string
|
||||
}
|
||||
|
||||
func (cfg *driverConfig) ParseOpts(opts map[string]string) {
|
||||
|
@ -40,6 +42,9 @@ func (cfg *driverConfig) ParseOpts(opts map[string]string) {
|
|||
if val, ok := opts["key"]; ok {
|
||||
cfg.KeyID = val
|
||||
}
|
||||
if val, ok := opts["gpghomedir"]; ok {
|
||||
cfg.GPGHomedir = val
|
||||
}
|
||||
}
|
||||
|
||||
func defaultDriverConfig() *driverConfig {
|
||||
|
@ -156,6 +161,9 @@ func (d *Driver) Delete(id string) error {
|
|||
}
|
||||
|
||||
func (d *Driver) gpg(ctx context.Context, in io.Reader, out io.Writer, args ...string) error {
|
||||
if d.GPGHomedir != "" {
|
||||
args = append([]string{"--homedir", d.GPGHomedir}, args...)
|
||||
}
|
||||
cmd := exec.CommandContext(ctx, "gpg", args...)
|
||||
cmd.Env = os.Environ()
|
||||
cmd.Stdin = in
|
||||
|
|
11
vendor/github.com/containers/image/v5/copy/copy.go
generated
vendored
11
vendor/github.com/containers/image/v5/copy/copy.go
generated
vendored
|
@ -124,9 +124,10 @@ type ImageListSelection int
|
|||
|
||||
// Options allows supplying non-default configuration modifying the behavior of CopyImage.
|
||||
type Options struct {
|
||||
RemoveSignatures bool // Remove any pre-existing signatures. SignBy will still add a new signature.
|
||||
SignBy string // If non-empty, asks for a signature to be added during the copy, and specifies a key ID, as accepted by signature.NewGPGSigningMechanism().SignDockerManifest(),
|
||||
SignPassphrase string // Passphare to use when signing with the key ID from `SignBy`.
|
||||
RemoveSignatures bool // Remove any pre-existing signatures. SignBy will still add a new signature.
|
||||
SignBy string // If non-empty, asks for a signature to be added during the copy, and specifies a key ID, as accepted by signature.NewGPGSigningMechanism().SignDockerManifest(),
|
||||
SignPassphrase string // Passphare to use when signing with the key ID from `SignBy`.
|
||||
SignIdentity reference.Named // Identify to use when signing, defaults to the docker reference of the destination
|
||||
ReportWriter io.Writer
|
||||
SourceCtx *types.SystemContext
|
||||
DestinationCtx *types.SystemContext
|
||||
|
@ -574,7 +575,7 @@ func (c *copier) copyMultipleImages(ctx context.Context, policyContext *signatur
|
|||
|
||||
// Sign the manifest list.
|
||||
if options.SignBy != "" {
|
||||
newSig, err := c.createSignature(manifestList, options.SignBy, options.SignPassphrase)
|
||||
newSig, err := c.createSignature(manifestList, options.SignBy, options.SignPassphrase, options.SignIdentity)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
@ -796,7 +797,7 @@ func (c *copier) copyOneImage(ctx context.Context, policyContext *signature.Poli
|
|||
}
|
||||
|
||||
if options.SignBy != "" {
|
||||
newSig, err := c.createSignature(manifestBytes, options.SignBy, options.SignPassphrase)
|
||||
newSig, err := c.createSignature(manifestBytes, options.SignBy, options.SignPassphrase, options.SignIdentity)
|
||||
if err != nil {
|
||||
return nil, "", "", err
|
||||
}
|
||||
|
|
17
vendor/github.com/containers/image/v5/copy/sign.go
generated
vendored
17
vendor/github.com/containers/image/v5/copy/sign.go
generated
vendored
|
@ -1,13 +1,14 @@
|
|||
package copy
|
||||
|
||||
import (
|
||||
"github.com/containers/image/v5/docker/reference"
|
||||
"github.com/containers/image/v5/signature"
|
||||
"github.com/containers/image/v5/transports"
|
||||
"github.com/pkg/errors"
|
||||
)
|
||||
|
||||
// createSignature creates a new signature of manifest using keyIdentity.
|
||||
func (c *copier) createSignature(manifest []byte, keyIdentity string, passphrase string) ([]byte, error) {
|
||||
func (c *copier) createSignature(manifest []byte, keyIdentity string, passphrase string, identity reference.Named) ([]byte, error) {
|
||||
mech, err := signature.NewGPGSigningMechanism()
|
||||
if err != nil {
|
||||
return nil, errors.Wrap(err, "initializing GPG")
|
||||
|
@ -17,13 +18,19 @@ func (c *copier) createSignature(manifest []byte, keyIdentity string, passphrase
|
|||
return nil, errors.Wrap(err, "Signing not supported")
|
||||
}
|
||||
|
||||
dockerReference := c.dest.Reference().DockerReference()
|
||||
if dockerReference == nil {
|
||||
return nil, errors.Errorf("Cannot determine canonical Docker reference for destination %s", transports.ImageName(c.dest.Reference()))
|
||||
if identity != nil {
|
||||
if reference.IsNameOnly(identity) {
|
||||
return nil, errors.Errorf("Sign identity must be a fully specified reference %s", identity)
|
||||
}
|
||||
} else {
|
||||
identity = c.dest.Reference().DockerReference()
|
||||
if identity == nil {
|
||||
return nil, errors.Errorf("Cannot determine canonical Docker reference for destination %s", transports.ImageName(c.dest.Reference()))
|
||||
}
|
||||
}
|
||||
|
||||
c.Printf("Signing manifest\n")
|
||||
newSig, err := signature.SignDockerManifestWithOptions(manifest, dockerReference.String(), mech, keyIdentity, &signature.SignOptions{Passphrase: passphrase})
|
||||
newSig, err := signature.SignDockerManifestWithOptions(manifest, identity.String(), mech, keyIdentity, &signature.SignOptions{Passphrase: passphrase})
|
||||
if err != nil {
|
||||
return nil, errors.Wrap(err, "creating signature")
|
||||
}
|
||||
|
|
40
vendor/github.com/containers/image/v5/docker/docker_client.go
generated
vendored
40
vendor/github.com/containers/image/v5/docker/docker_client.go
generated
vendored
|
@ -463,7 +463,11 @@ func (c *dockerClient) makeRequest(ctx context.Context, method, path string, hea
|
|||
return nil, err
|
||||
}
|
||||
|
||||
url := fmt.Sprintf("%s://%s%s", c.scheme, c.registry, path)
|
||||
urlString := fmt.Sprintf("%s://%s%s", c.scheme, c.registry, path)
|
||||
url, err := url.Parse(urlString)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return c.makeRequestToResolvedURL(ctx, method, url, headers, stream, -1, auth, extraScope)
|
||||
}
|
||||
|
||||
|
@ -500,7 +504,7 @@ func parseRetryAfter(res *http.Response, fallbackDelay time.Duration) time.Durat
|
|||
// makeRequest should generally be preferred.
|
||||
// In case of an HTTP 429 status code in the response, it may automatically retry a few times.
|
||||
// TODO(runcom): too many arguments here, use a struct
|
||||
func (c *dockerClient) makeRequestToResolvedURL(ctx context.Context, method, url string, headers map[string][]string, stream io.Reader, streamLen int64, auth sendAuth, extraScope *authScope) (*http.Response, error) {
|
||||
func (c *dockerClient) makeRequestToResolvedURL(ctx context.Context, method string, url *url.URL, headers map[string][]string, stream io.Reader, streamLen int64, auth sendAuth, extraScope *authScope) (*http.Response, error) {
|
||||
delay := backoffInitialDelay
|
||||
attempts := 0
|
||||
for {
|
||||
|
@ -518,7 +522,7 @@ func (c *dockerClient) makeRequestToResolvedURL(ctx context.Context, method, url
|
|||
if delay > backoffMaxDelay {
|
||||
delay = backoffMaxDelay
|
||||
}
|
||||
logrus.Debugf("Too many requests to %s: sleeping for %f seconds before next attempt", url, delay.Seconds())
|
||||
logrus.Debugf("Too many requests to %s: sleeping for %f seconds before next attempt", url.Redacted(), delay.Seconds())
|
||||
select {
|
||||
case <-ctx.Done():
|
||||
return nil, ctx.Err()
|
||||
|
@ -533,12 +537,12 @@ func (c *dockerClient) makeRequestToResolvedURL(ctx context.Context, method, url
|
|||
// streamLen, if not -1, specifies the length of the data expected on stream.
|
||||
// makeRequest should generally be preferred.
|
||||
// Note that no exponential back off is performed when receiving an http 429 status code.
|
||||
func (c *dockerClient) makeRequestToResolvedURLOnce(ctx context.Context, method, url string, headers map[string][]string, stream io.Reader, streamLen int64, auth sendAuth, extraScope *authScope) (*http.Response, error) {
|
||||
req, err := http.NewRequestWithContext(ctx, method, url, stream)
|
||||
func (c *dockerClient) makeRequestToResolvedURLOnce(ctx context.Context, method string, url *url.URL, headers map[string][]string, stream io.Reader, streamLen int64, auth sendAuth, extraScope *authScope) (*http.Response, error) {
|
||||
req, err := http.NewRequestWithContext(ctx, method, url.String(), stream)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if streamLen != -1 { // Do not blindly overwrite if streamLen == -1, http.NewRequest above can figure out the length of bytes.Reader and similar objects without us having to compute it.
|
||||
if streamLen != -1 { // Do not blindly overwrite if streamLen == -1, http.NewRequestWithContext above can figure out the length of bytes.Reader and similar objects without us having to compute it.
|
||||
req.ContentLength = streamLen
|
||||
}
|
||||
req.Header.Set("Docker-Distribution-API-Version", "registry/2.0")
|
||||
|
@ -553,7 +557,7 @@ func (c *dockerClient) makeRequestToResolvedURLOnce(ctx context.Context, method,
|
|||
return nil, err
|
||||
}
|
||||
}
|
||||
logrus.Debugf("%s %s", method, url)
|
||||
logrus.Debugf("%s %s", method, url.Redacted())
|
||||
res, err := c.client.Do(req)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
|
@ -653,7 +657,7 @@ func (c *dockerClient) getBearerTokenOAuth2(ctx context.Context, challenge chall
|
|||
authReq.Body = ioutil.NopCloser(bytes.NewBufferString(params.Encode()))
|
||||
authReq.Header.Add("User-Agent", c.userAgent)
|
||||
authReq.Header.Add("Content-Type", "application/x-www-form-urlencoded")
|
||||
logrus.Debugf("%s %s", authReq.Method, authReq.URL.String())
|
||||
logrus.Debugf("%s %s", authReq.Method, authReq.URL.Redacted())
|
||||
res, err := c.client.Do(authReq)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
|
@ -705,7 +709,7 @@ func (c *dockerClient) getBearerToken(ctx context.Context, challenge challenge,
|
|||
}
|
||||
authReq.Header.Add("User-Agent", c.userAgent)
|
||||
|
||||
logrus.Debugf("%s %s", authReq.Method, authReq.URL.String())
|
||||
logrus.Debugf("%s %s", authReq.Method, authReq.URL.Redacted())
|
||||
res, err := c.client.Do(authReq)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
|
@ -735,14 +739,17 @@ func (c *dockerClient) detectPropertiesHelper(ctx context.Context) error {
|
|||
c.client = &http.Client{Transport: tr}
|
||||
|
||||
ping := func(scheme string) error {
|
||||
url := fmt.Sprintf(resolvedPingV2URL, scheme, c.registry)
|
||||
url, err := url.Parse(fmt.Sprintf(resolvedPingV2URL, scheme, c.registry))
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
resp, err := c.makeRequestToResolvedURL(ctx, http.MethodGet, url, nil, nil, -1, noAuth, nil)
|
||||
if err != nil {
|
||||
logrus.Debugf("Ping %s err %s (%#v)", url, err.Error(), err)
|
||||
logrus.Debugf("Ping %s err %s (%#v)", url.Redacted(), err.Error(), err)
|
||||
return err
|
||||
}
|
||||
defer resp.Body.Close()
|
||||
logrus.Debugf("Ping %s status %d", url, resp.StatusCode)
|
||||
logrus.Debugf("Ping %s status %d", url.Redacted(), resp.StatusCode)
|
||||
if resp.StatusCode != http.StatusOK && resp.StatusCode != http.StatusUnauthorized {
|
||||
return httpResponseToError(resp, "")
|
||||
}
|
||||
|
@ -762,14 +769,17 @@ func (c *dockerClient) detectPropertiesHelper(ctx context.Context) error {
|
|||
}
|
||||
// best effort to understand if we're talking to a V1 registry
|
||||
pingV1 := func(scheme string) bool {
|
||||
url := fmt.Sprintf(resolvedPingV1URL, scheme, c.registry)
|
||||
url, err := url.Parse(fmt.Sprintf(resolvedPingV1URL, scheme, c.registry))
|
||||
if err != nil {
|
||||
return false
|
||||
}
|
||||
resp, err := c.makeRequestToResolvedURL(ctx, http.MethodGet, url, nil, nil, -1, noAuth, nil)
|
||||
if err != nil {
|
||||
logrus.Debugf("Ping %s err %s (%#v)", url, err.Error(), err)
|
||||
logrus.Debugf("Ping %s err %s (%#v)", url.Redacted(), err.Error(), err)
|
||||
return false
|
||||
}
|
||||
defer resp.Body.Close()
|
||||
logrus.Debugf("Ping %s status %d", url, resp.StatusCode)
|
||||
logrus.Debugf("Ping %s status %d", url.Redacted(), resp.StatusCode)
|
||||
if resp.StatusCode != http.StatusOK && resp.StatusCode != http.StatusUnauthorized {
|
||||
return false
|
||||
}
|
||||
|
|
21
vendor/github.com/containers/image/v5/docker/docker_image_dest.go
generated
vendored
21
vendor/github.com/containers/image/v5/docker/docker_image_dest.go
generated
vendored
|
@ -182,7 +182,7 @@ func (d *dockerImageDestination) PutBlob(ctx context.Context, stream io.Reader,
|
|||
// This error text should never be user-visible, we terminate only after makeRequestToResolvedURL
|
||||
// returns, so there isn’t a way for the error text to be provided to any of our callers.
|
||||
defer uploadReader.Terminate(errors.New("Reading data from an already terminated upload"))
|
||||
res, err = d.c.makeRequestToResolvedURL(ctx, http.MethodPatch, uploadLocation.String(), map[string][]string{"Content-Type": {"application/octet-stream"}}, uploadReader, inputInfo.Size, v2Auth, nil)
|
||||
res, err = d.c.makeRequestToResolvedURL(ctx, http.MethodPatch, uploadLocation, map[string][]string{"Content-Type": {"application/octet-stream"}}, uploadReader, inputInfo.Size, v2Auth, nil)
|
||||
if err != nil {
|
||||
logrus.Debugf("Error uploading layer chunked %v", err)
|
||||
return nil, err
|
||||
|
@ -207,7 +207,7 @@ func (d *dockerImageDestination) PutBlob(ctx context.Context, stream io.Reader,
|
|||
locationQuery := uploadLocation.Query()
|
||||
locationQuery.Set("digest", blobDigest.String())
|
||||
uploadLocation.RawQuery = locationQuery.Encode()
|
||||
res, err = d.c.makeRequestToResolvedURL(ctx, http.MethodPut, uploadLocation.String(), map[string][]string{"Content-Type": {"application/octet-stream"}}, nil, -1, v2Auth, nil)
|
||||
res, err = d.c.makeRequestToResolvedURL(ctx, http.MethodPut, uploadLocation, map[string][]string{"Content-Type": {"application/octet-stream"}}, nil, -1, v2Auth, nil)
|
||||
if err != nil {
|
||||
return types.BlobInfo{}, err
|
||||
}
|
||||
|
@ -257,9 +257,8 @@ func (d *dockerImageDestination) mountBlob(ctx context.Context, srcRepo referenc
|
|||
"from": {reference.Path(srcRepo)},
|
||||
}.Encode(),
|
||||
}
|
||||
mountPath := u.String()
|
||||
logrus.Debugf("Trying to mount %s", mountPath)
|
||||
res, err := d.c.makeRequest(ctx, http.MethodPost, mountPath, nil, nil, v2Auth, extraScope)
|
||||
logrus.Debugf("Trying to mount %s", u.Redacted())
|
||||
res, err := d.c.makeRequest(ctx, http.MethodPost, u.String(), nil, nil, v2Auth, extraScope)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
@ -276,8 +275,8 @@ func (d *dockerImageDestination) mountBlob(ctx context.Context, srcRepo referenc
|
|||
if err != nil {
|
||||
return errors.Wrap(err, "determining upload URL after a mount attempt")
|
||||
}
|
||||
logrus.Debugf("... started an upload instead of mounting, trying to cancel at %s", uploadLocation.String())
|
||||
res2, err := d.c.makeRequestToResolvedURL(ctx, http.MethodDelete, uploadLocation.String(), nil, nil, -1, v2Auth, extraScope)
|
||||
logrus.Debugf("... started an upload instead of mounting, trying to cancel at %s", uploadLocation.Redacted())
|
||||
res2, err := d.c.makeRequestToResolvedURL(ctx, http.MethodDelete, uploadLocation, nil, nil, -1, v2Auth, extraScope)
|
||||
if err != nil {
|
||||
logrus.Debugf("Error trying to cancel an inadvertent upload: %s", err)
|
||||
} else {
|
||||
|
@ -600,9 +599,9 @@ func (d *dockerImageDestination) putOneSignature(url *url.URL, signature []byte)
|
|||
return nil
|
||||
|
||||
case "http", "https":
|
||||
return errors.Errorf("Writing directly to a %s sigstore %s is not supported. Configure a sigstore-staging: location", url.Scheme, url.String())
|
||||
return errors.Errorf("Writing directly to a %s sigstore %s is not supported. Configure a sigstore-staging: location", url.Scheme, url.Redacted())
|
||||
default:
|
||||
return errors.Errorf("Unsupported scheme when writing signature to %s", url.String())
|
||||
return errors.Errorf("Unsupported scheme when writing signature to %s", url.Redacted())
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -620,9 +619,9 @@ func (c *dockerClient) deleteOneSignature(url *url.URL) (missing bool, err error
|
|||
return false, err
|
||||
|
||||
case "http", "https":
|
||||
return false, errors.Errorf("Writing directly to a %s sigstore %s is not supported. Configure a sigstore-staging: location", url.Scheme, url.String())
|
||||
return false, errors.Errorf("Writing directly to a %s sigstore %s is not supported. Configure a sigstore-staging: location", url.Scheme, url.Redacted())
|
||||
default:
|
||||
return false, errors.Errorf("Unsupported scheme when deleting signature from %s", url.String())
|
||||
return false, errors.Errorf("Unsupported scheme when deleting signature from %s", url.Redacted())
|
||||
}
|
||||
}
|
||||
|
||||
|
|
11
vendor/github.com/containers/image/v5/docker/docker_image_src.go
generated
vendored
11
vendor/github.com/containers/image/v5/docker/docker_image_src.go
generated
vendored
|
@ -253,13 +253,14 @@ func (s *dockerImageSource) getExternalBlob(ctx context.Context, urls []string)
|
|||
return nil, 0, errors.New("internal error: getExternalBlob called with no URLs")
|
||||
}
|
||||
for _, u := range urls {
|
||||
if u, err := url.Parse(u); err != nil || (u.Scheme != "http" && u.Scheme != "https") {
|
||||
url, err := url.Parse(u)
|
||||
if err != nil || (url.Scheme != "http" && url.Scheme != "https") {
|
||||
continue // unsupported url. skip this url.
|
||||
}
|
||||
// NOTE: we must not authenticate on additional URLs as those
|
||||
// can be abused to leak credentials or tokens. Please
|
||||
// refer to CVE-2020-15157 for more information.
|
||||
resp, err = s.c.makeRequestToResolvedURL(ctx, http.MethodGet, u, nil, nil, -1, noAuth, nil)
|
||||
resp, err = s.c.makeRequestToResolvedURL(ctx, http.MethodGet, url, nil, nil, -1, noAuth, nil)
|
||||
if err == nil {
|
||||
if resp.StatusCode != http.StatusOK {
|
||||
err = errors.Errorf("error fetching external blob from %q: %d (%s)", u, resp.StatusCode, http.StatusText(resp.StatusCode))
|
||||
|
@ -524,7 +525,7 @@ func (s *dockerImageSource) getOneSignature(ctx context.Context, url *url.URL) (
|
|||
return sig, false, nil
|
||||
|
||||
case "http", "https":
|
||||
logrus.Debugf("GET %s", url)
|
||||
logrus.Debugf("GET %s", url.Redacted())
|
||||
req, err := http.NewRequestWithContext(ctx, http.MethodGet, url.String(), nil)
|
||||
if err != nil {
|
||||
return nil, false, err
|
||||
|
@ -537,7 +538,7 @@ func (s *dockerImageSource) getOneSignature(ctx context.Context, url *url.URL) (
|
|||
if res.StatusCode == http.StatusNotFound {
|
||||
return nil, true, nil
|
||||
} else if res.StatusCode != http.StatusOK {
|
||||
return nil, false, errors.Errorf("Error reading signature from %s: status %d (%s)", url.String(), res.StatusCode, http.StatusText(res.StatusCode))
|
||||
return nil, false, errors.Errorf("Error reading signature from %s: status %d (%s)", url.Redacted(), res.StatusCode, http.StatusText(res.StatusCode))
|
||||
}
|
||||
sig, err := iolimits.ReadAtMost(res.Body, iolimits.MaxSignatureBodySize)
|
||||
if err != nil {
|
||||
|
@ -546,7 +547,7 @@ func (s *dockerImageSource) getOneSignature(ctx context.Context, url *url.URL) (
|
|||
return sig, false, nil
|
||||
|
||||
default:
|
||||
return nil, false, errors.Errorf("Unsupported scheme when reading signature from %s", url.String())
|
||||
return nil, false, errors.Errorf("Unsupported scheme when reading signature from %s", url.Redacted())
|
||||
}
|
||||
}
|
||||
|
||||
|
|
2
vendor/github.com/containers/image/v5/docker/lookaside.go
generated
vendored
2
vendor/github.com/containers/image/v5/docker/lookaside.go
generated
vendored
|
@ -82,7 +82,7 @@ func SignatureStorageBaseURL(sys *types.SystemContext, ref types.ImageReference,
|
|||
} else {
|
||||
// returns default directory if no sigstore specified in configuration file
|
||||
url = builtinDefaultSignatureStorageDir(rootless.GetRootlessEUID())
|
||||
logrus.Debugf(" No signature storage configuration found for %s, using built-in default %s", dr.PolicyConfigurationIdentity(), url.String())
|
||||
logrus.Debugf(" No signature storage configuration found for %s, using built-in default %s", dr.PolicyConfigurationIdentity(), url.Redacted())
|
||||
}
|
||||
// NOTE: Keep this in sync with docs/signature-protocols.md!
|
||||
// FIXME? Restrict to explicitly supported schemes?
|
||||
|
|
2
vendor/github.com/containers/image/v5/openshift/openshift.go
generated
vendored
2
vendor/github.com/containers/image/v5/openshift/openshift.go
generated
vendored
|
@ -95,7 +95,7 @@ func (c *openshiftClient) doRequest(ctx context.Context, method, path string, re
|
|||
req.Header.Set("Content-Type", "application/json")
|
||||
}
|
||||
|
||||
logrus.Debugf("%s %s", method, url.String())
|
||||
logrus.Debugf("%s %s", method, url.Redacted())
|
||||
res, err := c.httpClient.Do(req)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
|
|
6
vendor/github.com/containers/image/v5/pkg/sysregistriesv2/shortnames.go
generated
vendored
6
vendor/github.com/containers/image/v5/pkg/sysregistriesv2/shortnames.go
generated
vendored
|
@ -13,6 +13,7 @@ import (
|
|||
"github.com/containers/storage/pkg/homedir"
|
||||
"github.com/containers/storage/pkg/lockfile"
|
||||
"github.com/pkg/errors"
|
||||
"github.com/sirupsen/logrus"
|
||||
)
|
||||
|
||||
// defaultShortNameMode is the default mode of registries.conf files if the
|
||||
|
@ -315,11 +316,14 @@ func (c *shortNameAliasCache) updateWithConfigurationFrom(updates *shortNameAlia
|
|||
func loadShortNameAliasConf(confPath string) (*shortNameAliasConf, *shortNameAliasCache, error) {
|
||||
conf := shortNameAliasConf{}
|
||||
|
||||
_, err := toml.DecodeFile(confPath, &conf)
|
||||
meta, err := toml.DecodeFile(confPath, &conf)
|
||||
if err != nil && !os.IsNotExist(err) {
|
||||
// It's okay if the config doesn't exist. Other errors are not.
|
||||
return nil, nil, errors.Wrapf(err, "loading short-name aliases config file %q", confPath)
|
||||
}
|
||||
if keys := meta.Undecoded(); len(keys) > 0 {
|
||||
logrus.Debugf("Failed to decode keys %q from %q", keys, confPath)
|
||||
}
|
||||
|
||||
// Even if we don’t always need the cache, doing so validates the machine-generated config. The
|
||||
// file could still be corrupted by another process or user.
|
||||
|
|
67
vendor/github.com/containers/image/v5/pkg/sysregistriesv2/system_registries_v2.go
generated
vendored
67
vendor/github.com/containers/image/v5/pkg/sysregistriesv2/system_registries_v2.go
generated
vendored
|
@ -43,6 +43,16 @@ const builtinRegistriesConfDirPath = "/etc/containers/registries.conf.d"
|
|||
// helper.
|
||||
const AuthenticationFileHelper = "containers-auth.json"
|
||||
|
||||
const (
|
||||
// configuration values for "pull-from-mirror"
|
||||
// mirrors will be used for both digest pulls and tag pulls
|
||||
MirrorAll = "all"
|
||||
// mirrors will only be used for digest pulls
|
||||
MirrorByDigestOnly = "digest-only"
|
||||
// mirrors will only be used for tag pulls
|
||||
MirrorByTagOnly = "tag-only"
|
||||
)
|
||||
|
||||
// Endpoint describes a remote location of a registry.
|
||||
type Endpoint struct {
|
||||
// The endpoint's remote location. Can be empty iff Prefix contains
|
||||
|
@ -53,6 +63,18 @@ type Endpoint struct {
|
|||
// If true, certs verification will be skipped and HTTP (non-TLS)
|
||||
// connections will be allowed.
|
||||
Insecure bool `toml:"insecure,omitempty"`
|
||||
// PullFromMirror is used for adding restrictions to image pull through the mirror.
|
||||
// Set to "all", "digest-only", or "tag-only".
|
||||
// If "digest-only", mirrors will only be used for digest pulls. Pulling images by
|
||||
// tag can potentially yield different images, depending on which endpoint
|
||||
// we pull from. Restricting mirrors to pulls by digest avoids that issue.
|
||||
// If "tag-only", mirrors will only be used for tag pulls. For a more up-to-date and expensive mirror
|
||||
// that it is less likely to be out of sync if tags move, it should not be unnecessarily
|
||||
// used for digest references.
|
||||
// Default is "all" (or left empty), mirrors will be used for both digest pulls and tag pulls unless the mirror-by-digest-only is set for the primary registry.
|
||||
// This can only be set in a registry's Mirror field, not in the registry's primary Endpoint.
|
||||
// This per-mirror setting is allowed only when mirror-by-digest-only is not configured for the primary registry.
|
||||
PullFromMirror string `toml:"pull-from-mirror,omitempty"`
|
||||
}
|
||||
|
||||
// userRegistriesFile is the path to the per user registry configuration file.
|
||||
|
@ -115,7 +137,7 @@ type Registry struct {
|
|||
Blocked bool `toml:"blocked,omitempty"`
|
||||
// If true, mirrors will only be used for digest pulls. Pulling images by
|
||||
// tag can potentially yield different images, depending on which endpoint
|
||||
// we pull from. Forcing digest-pulls for mirrors avoids that issue.
|
||||
// we pull from. Restricting mirrors to pulls by digest avoids that issue.
|
||||
MirrorByDigestOnly bool `toml:"mirror-by-digest-only,omitempty"`
|
||||
}
|
||||
|
||||
|
@ -130,17 +152,29 @@ type PullSource struct {
|
|||
// reference.
|
||||
func (r *Registry) PullSourcesFromReference(ref reference.Named) ([]PullSource, error) {
|
||||
var endpoints []Endpoint
|
||||
|
||||
_, isDigested := ref.(reference.Canonical)
|
||||
if r.MirrorByDigestOnly {
|
||||
// Only use mirrors when the reference is a digest one.
|
||||
if _, isDigested := ref.(reference.Canonical); isDigested {
|
||||
endpoints = append(r.Mirrors, r.Endpoint)
|
||||
} else {
|
||||
endpoints = []Endpoint{r.Endpoint}
|
||||
// Only use mirrors when the reference is a digested one.
|
||||
if isDigested {
|
||||
endpoints = append(endpoints, r.Mirrors...)
|
||||
}
|
||||
} else {
|
||||
endpoints = append(r.Mirrors, r.Endpoint)
|
||||
for _, mirror := range r.Mirrors {
|
||||
// skip the mirror if per mirror setting exists but reference does not match the restriction
|
||||
switch mirror.PullFromMirror {
|
||||
case MirrorByDigestOnly:
|
||||
if !isDigested {
|
||||
continue
|
||||
}
|
||||
case MirrorByTagOnly:
|
||||
if isDigested {
|
||||
continue
|
||||
}
|
||||
}
|
||||
endpoints = append(endpoints, mirror)
|
||||
}
|
||||
}
|
||||
endpoints = append(endpoints, r.Endpoint)
|
||||
|
||||
sources := []PullSource{}
|
||||
for _, ep := range endpoints {
|
||||
|
@ -374,6 +408,10 @@ func (config *V2RegistriesConf) postProcessRegistries() error {
|
|||
}
|
||||
}
|
||||
|
||||
// validate the mirror usage settings does not apply to primary registry
|
||||
if reg.PullFromMirror != "" {
|
||||
return fmt.Errorf("pull-from-mirror must not be set for a non-mirror registry %q", reg.Prefix)
|
||||
}
|
||||
// make sure mirrors are valid
|
||||
for _, mir := range reg.Mirrors {
|
||||
mir.Location, err = parseLocation(mir.Location)
|
||||
|
@ -387,6 +425,14 @@ func (config *V2RegistriesConf) postProcessRegistries() error {
|
|||
if mir.Location == "" {
|
||||
return &InvalidRegistries{s: "invalid condition: mirror location is unset"}
|
||||
}
|
||||
|
||||
if reg.MirrorByDigestOnly && mir.PullFromMirror != "" {
|
||||
return &InvalidRegistries{s: fmt.Sprintf("cannot set mirror usage mirror-by-digest-only for the registry (%q) and pull-from-mirror for per-mirror (%q) at the same time", reg.Prefix, mir.Location)}
|
||||
}
|
||||
if mir.PullFromMirror != "" && mir.PullFromMirror != MirrorAll &&
|
||||
mir.PullFromMirror != MirrorByDigestOnly && mir.PullFromMirror != MirrorByTagOnly {
|
||||
return &InvalidRegistries{s: fmt.Sprintf("unsupported pull-from-mirror value %q for mirror %q", mir.PullFromMirror, mir.Location)}
|
||||
}
|
||||
}
|
||||
if reg.Location == "" {
|
||||
regMap[reg.Prefix] = append(regMap[reg.Prefix], reg)
|
||||
|
@ -877,10 +923,13 @@ func loadConfigFile(path string, forceV2 bool) (*parsedConfig, error) {
|
|||
|
||||
// Load the tomlConfig. Note that `DecodeFile` will overwrite set fields.
|
||||
var combinedTOML tomlConfig
|
||||
_, err := toml.DecodeFile(path, &combinedTOML)
|
||||
meta, err := toml.DecodeFile(path, &combinedTOML)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if keys := meta.Undecoded(); len(keys) > 0 {
|
||||
logrus.Debugf("Failed to decode keys %q from %q", keys, path)
|
||||
}
|
||||
|
||||
if combinedTOML.V1RegistriesConf.Nonempty() {
|
||||
// Enforce the v2 format if requested.
|
||||
|
|
1
vendor/github.com/containers/image/v5/signature/mechanism.go
generated
vendored
1
vendor/github.com/containers/image/v5/signature/mechanism.go
generated
vendored
|
@ -13,6 +13,7 @@ import (
|
|||
// code path, where cryptography is not relevant. For now, continue to
|
||||
// use this frozen deprecated implementation. When mechanism_openpgp.go
|
||||
// migrates to another implementation, this should migrate as well.
|
||||
//lint:ignore SA1019 See above
|
||||
"golang.org/x/crypto/openpgp" //nolint:staticcheck
|
||||
)
|
||||
|
||||
|
|
1
vendor/github.com/containers/image/v5/signature/mechanism_openpgp.go
generated
vendored
1
vendor/github.com/containers/image/v5/signature/mechanism_openpgp.go
generated
vendored
|
@ -20,6 +20,7 @@ import (
|
|||
// For this verify-only fallback, we haven't reviewed any of the
|
||||
// existing alternatives to choose; so, for now, continue to
|
||||
// use this frozen deprecated implementation.
|
||||
//lint:ignore SA1019 See above
|
||||
"golang.org/x/crypto/openpgp" //nolint:staticcheck
|
||||
)
|
||||
|
||||
|
|
6
vendor/github.com/containers/image/v5/version/version.go
generated
vendored
6
vendor/github.com/containers/image/v5/version/version.go
generated
vendored
|
@ -6,12 +6,12 @@ const (
|
|||
// VersionMajor is for an API incompatible changes
|
||||
VersionMajor = 5
|
||||
// VersionMinor is for functionality in a backwards-compatible manner
|
||||
VersionMinor = 20
|
||||
VersionMinor = 21
|
||||
// VersionPatch is for backwards-compatible bug fixes
|
||||
VersionPatch = 1
|
||||
VersionPatch = 0
|
||||
|
||||
// VersionDev indicates development branch. Releases will be empty string.
|
||||
VersionDev = "-dev"
|
||||
VersionDev = ""
|
||||
)
|
||||
|
||||
// Version is the specification version that the package types support.
|
||||
|
|
10
vendor/github.com/containers/storage/.cirrus.yml
generated
vendored
10
vendor/github.com/containers/storage/.cirrus.yml
generated
vendored
|
@ -24,10 +24,10 @@ env:
|
|||
# GCE project where images live
|
||||
IMAGE_PROJECT: "libpod-218412"
|
||||
# VM Image built in containers/automation_images
|
||||
_BUILT_IMAGE_SUFFIX: "c6431352024203264"
|
||||
FEDORA_CACHE_IMAGE_NAME: "fedora-${_BUILT_IMAGE_SUFFIX}"
|
||||
PRIOR_FEDORA_CACHE_IMAGE_NAME: "prior-fedora-${_BUILT_IMAGE_SUFFIX}"
|
||||
UBUNTU_CACHE_IMAGE_NAME: "ubuntu-${_BUILT_IMAGE_SUFFIX}"
|
||||
IMAGE_SUFFIX: "c4512539143831552"
|
||||
FEDORA_CACHE_IMAGE_NAME: "fedora-${IMAGE_SUFFIX}"
|
||||
PRIOR_FEDORA_CACHE_IMAGE_NAME: "prior-fedora-${IMAGE_SUFFIX}"
|
||||
UBUNTU_CACHE_IMAGE_NAME: "ubuntu-${IMAGE_SUFFIX}"
|
||||
|
||||
####
|
||||
#### Command variables to help avoid duplication
|
||||
|
@ -132,7 +132,7 @@ lint_task:
|
|||
meta_task:
|
||||
|
||||
container:
|
||||
image: "quay.io/libpod/imgts:${_BUILT_IMAGE_SUFFIX}"
|
||||
image: "quay.io/libpod/imgts:${IMAGE_SUFFIX}"
|
||||
cpu: 1
|
||||
memory: 1
|
||||
|
||||
|
|
2
vendor/github.com/containers/storage/VERSION
generated
vendored
2
vendor/github.com/containers/storage/VERSION
generated
vendored
|
@ -1 +1 @@
|
|||
1.38.2+dev
|
||||
1.39.0+dev
|
||||
|
|
4
vendor/github.com/containers/storage/go.mod
generated
vendored
4
vendor/github.com/containers/storage/go.mod
generated
vendored
|
@ -18,9 +18,9 @@ require (
|
|||
github.com/mistifyio/go-zfs v2.1.2-0.20190413222219-f784269be439+incompatible
|
||||
github.com/moby/sys/mountinfo v0.6.0
|
||||
github.com/opencontainers/go-digest v1.0.0
|
||||
github.com/opencontainers/runc v1.1.0
|
||||
github.com/opencontainers/runc v1.1.1
|
||||
github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417
|
||||
github.com/opencontainers/selinux v1.10.0
|
||||
github.com/opencontainers/selinux v1.10.1
|
||||
github.com/pkg/errors v0.9.1
|
||||
github.com/sirupsen/logrus v1.8.1
|
||||
github.com/stretchr/testify v1.7.1
|
||||
|
|
7
vendor/github.com/containers/storage/go.sum
generated
vendored
7
vendor/github.com/containers/storage/go.sum
generated
vendored
|
@ -520,8 +520,8 @@ github.com/opencontainers/runc v1.0.0-rc8.0.20190926000215-3e425f80a8c9/go.mod h
|
|||
github.com/opencontainers/runc v1.0.0-rc9/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
|
||||
github.com/opencontainers/runc v1.0.0-rc93/go.mod h1:3NOsor4w32B2tC0Zbl8Knk4Wg84SM2ImC1fxBuqJ/H0=
|
||||
github.com/opencontainers/runc v1.0.2/go.mod h1:aTaHFFwQXuA71CiyxOdFFIorAoemI04suvGRQFzWTD0=
|
||||
github.com/opencontainers/runc v1.1.0 h1:O9+X96OcDjkmmZyfaG996kV7yq8HsoU2h1XRRQcefG8=
|
||||
github.com/opencontainers/runc v1.1.0/go.mod h1:Tj1hFw6eFWp/o33uxGf5yF2BX5yz2Z6iptFpuvbbKqc=
|
||||
github.com/opencontainers/runc v1.1.1 h1:PJ9DSs2sVwE0iVr++pAHE6QkS9tzcVWozlPifdwMgrU=
|
||||
github.com/opencontainers/runc v1.1.1/go.mod h1:Tj1hFw6eFWp/o33uxGf5yF2BX5yz2Z6iptFpuvbbKqc=
|
||||
github.com/opencontainers/runtime-spec v0.1.2-0.20190507144316-5b71a03e2700/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
|
||||
github.com/opencontainers/runtime-spec v1.0.1/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
|
||||
github.com/opencontainers/runtime-spec v1.0.2-0.20190207185410-29686dbc5559/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
|
||||
|
@ -533,8 +533,9 @@ github.com/opencontainers/runtime-tools v0.0.0-20181011054405-1d69bd0f9c39/go.mo
|
|||
github.com/opencontainers/selinux v1.6.0/go.mod h1:VVGKuOLlE7v4PJyT6h7mNWvq1rzqiriPsEqVhc+svHE=
|
||||
github.com/opencontainers/selinux v1.8.0/go.mod h1:RScLhm78qiWa2gbVCcGkC7tCGdgk3ogry1nUQF8Evvo=
|
||||
github.com/opencontainers/selinux v1.8.2/go.mod h1:MUIHuUEvKB1wtJjQdOyYRgOnLD2xAPP8dBsCoU0KuF8=
|
||||
github.com/opencontainers/selinux v1.10.0 h1:rAiKF8hTcgLI3w0DHm6i0ylVVcOrlgR1kK99DRLDhyU=
|
||||
github.com/opencontainers/selinux v1.10.0/go.mod h1:2i0OySw99QjzBBQByd1Gr9gSjvuho1lHsJxIJ3gGbJI=
|
||||
github.com/opencontainers/selinux v1.10.1 h1:09LIPVRP3uuZGQvgR+SgMSNBd1Eb3vlRbGqQpoHsF8w=
|
||||
github.com/opencontainers/selinux v1.10.1/go.mod h1:2i0OySw99QjzBBQByd1Gr9gSjvuho1lHsJxIJ3gGbJI=
|
||||
github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
|
||||
github.com/pelletier/go-toml v1.8.1/go.mod h1:T2/BmBdy8dvIRq1a/8aqjN41wvWlN4lrapLU/GW4pbc=
|
||||
github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU=
|
||||
|
|
1
vendor/github.com/containers/storage/pkg/idtools/idtools.go
generated
vendored
1
vendor/github.com/containers/storage/pkg/idtools/idtools.go
generated
vendored
|
@ -190,7 +190,6 @@ func (i *IDMappings) RootPair() IDPair {
|
|||
}
|
||||
|
||||
// ToHost returns the host UID and GID for the container uid, gid.
|
||||
// Remapping is only performed if the ids aren't already the remapped root ids
|
||||
func (i *IDMappings) ToHost(pair IDPair) (IDPair, error) {
|
||||
var err error
|
||||
var target IDPair
|
||||
|
|
25
vendor/github.com/containers/storage/pkg/unshare/unshare_linux.go
generated
vendored
25
vendor/github.com/containers/storage/pkg/unshare/unshare_linux.go
generated
vendored
|
@ -9,6 +9,7 @@ import (
|
|||
"io"
|
||||
"os"
|
||||
"os/exec"
|
||||
"os/signal"
|
||||
"os/user"
|
||||
"runtime"
|
||||
"strconv"
|
||||
|
@ -484,6 +485,30 @@ func MaybeReexecUsingUserNamespace(evenForRoot bool) {
|
|||
|
||||
// Finish up.
|
||||
logrus.Debugf("Running %+v with environment %+v, UID map %+v, and GID map %+v", cmd.Cmd.Args, os.Environ(), cmd.UidMappings, cmd.GidMappings)
|
||||
|
||||
// Forward SIGHUP, SIGINT, and SIGTERM to our child process.
|
||||
interrupted := make(chan os.Signal, 100)
|
||||
defer func() {
|
||||
signal.Stop(interrupted)
|
||||
close(interrupted)
|
||||
}()
|
||||
cmd.Hook = func(int) error {
|
||||
go func() {
|
||||
for receivedSignal := range interrupted {
|
||||
cmd.Cmd.Process.Signal(receivedSignal)
|
||||
}
|
||||
}()
|
||||
return nil
|
||||
}
|
||||
signal.Notify(interrupted, syscall.SIGHUP, syscall.SIGINT, syscall.SIGTERM)
|
||||
|
||||
// Make sure our child process gets SIGKILLed if we exit, for whatever
|
||||
// reason, before it does.
|
||||
if cmd.Cmd.SysProcAttr == nil {
|
||||
cmd.Cmd.SysProcAttr = &syscall.SysProcAttr{}
|
||||
}
|
||||
cmd.Cmd.SysProcAttr.Pdeathsig = syscall.SIGKILL
|
||||
|
||||
ExecRunnable(cmd, nil)
|
||||
}
|
||||
|
||||
|
|
10
vendor/github.com/opencontainers/runc/libcontainer/cgroups/utils.go
generated
vendored
10
vendor/github.com/opencontainers/runc/libcontainer/cgroups/utils.go
generated
vendored
|
@ -55,12 +55,12 @@ func IsCgroup2HybridMode() bool {
|
|||
var st unix.Statfs_t
|
||||
err := unix.Statfs(hybridMountpoint, &st)
|
||||
if err != nil {
|
||||
if os.IsNotExist(err) {
|
||||
// ignore the "not found" error
|
||||
isHybrid = false
|
||||
return
|
||||
isHybrid = false
|
||||
if !os.IsNotExist(err) {
|
||||
// Report unexpected errors.
|
||||
logrus.WithError(err).Debugf("statfs(%q) failed", hybridMountpoint)
|
||||
}
|
||||
panic(fmt.Sprintf("cannot statfs cgroup root: %s", err))
|
||||
return
|
||||
}
|
||||
isHybrid = st.Type == unix.CGROUP2_SUPER_MAGIC
|
||||
})
|
||||
|
|
2
vendor/github.com/opencontainers/selinux/go-selinux/rchcon.go
generated
vendored
2
vendor/github.com/opencontainers/selinux/go-selinux/rchcon.go
generated
vendored
|
@ -12,7 +12,7 @@ import (
|
|||
|
||||
func rchcon(fpath, label string) error {
|
||||
return pwalkdir.Walk(fpath, func(p string, _ fs.DirEntry, _ error) error {
|
||||
e := setFileLabel(p, label)
|
||||
e := lSetFileLabel(p, label)
|
||||
// Walk a file tree can race with removal, so ignore ENOENT.
|
||||
if errors.Is(e, os.ErrNotExist) {
|
||||
return nil
|
||||
|
|
2
vendor/github.com/opencontainers/selinux/go-selinux/rchcon_go115.go
generated
vendored
2
vendor/github.com/opencontainers/selinux/go-selinux/rchcon_go115.go
generated
vendored
|
@ -11,7 +11,7 @@ import (
|
|||
|
||||
func rchcon(fpath, label string) error {
|
||||
return pwalk.Walk(fpath, func(p string, _ os.FileInfo, _ error) error {
|
||||
e := setFileLabel(p, label)
|
||||
e := lSetFileLabel(p, label)
|
||||
// Walk a file tree can race with removal, so ignore ENOENT.
|
||||
if errors.Is(e, os.ErrNotExist) {
|
||||
return nil
|
||||
|
|
16
vendor/github.com/openshift/imagebuilder/builder.go
generated
vendored
16
vendor/github.com/openshift/imagebuilder/builder.go
generated
vendored
|
@ -44,6 +44,7 @@ type Run struct {
|
|||
type Executor interface {
|
||||
Preserve(path string) error
|
||||
EnsureContainerPath(path string) error
|
||||
EnsureContainerPathAs(path, user string, mode *os.FileMode) error
|
||||
Copy(excludes []string, copies ...Copy) error
|
||||
Run(run Run, config docker.Config) error
|
||||
UnrecognizedInstruction(step *Step) error
|
||||
|
@ -61,6 +62,15 @@ func (logExecutor) EnsureContainerPath(path string) error {
|
|||
return nil
|
||||
}
|
||||
|
||||
func (logExecutor) EnsureContainerPathAs(path, user string, mode *os.FileMode) error {
|
||||
if mode != nil {
|
||||
log.Printf("ENSURE %s AS %q with MODE=%q", path, user, *mode)
|
||||
} else {
|
||||
log.Printf("ENSURE %s AS %q", path, user)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func (logExecutor) Copy(excludes []string, copies ...Copy) error {
|
||||
for _, c := range copies {
|
||||
log.Printf("COPY %v -> %s (from:%s download:%t), chown: %s, chmod %s", c.Src, c.Dest, c.From, c.Download, c.Chown, c.Chmod)
|
||||
|
@ -88,6 +98,10 @@ func (noopExecutor) EnsureContainerPath(path string) error {
|
|||
return nil
|
||||
}
|
||||
|
||||
func (noopExecutor) EnsureContainerPathAs(path, user string, mode *os.FileMode) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
func (noopExecutor) Copy(excludes []string, copies ...Copy) error {
|
||||
return nil
|
||||
}
|
||||
|
@ -378,7 +392,7 @@ func (b *Builder) Run(step *Step, exec Executor, noRunsRemaining bool) error {
|
|||
}
|
||||
|
||||
if len(b.RunConfig.WorkingDir) > 0 {
|
||||
if err := exec.EnsureContainerPath(b.RunConfig.WorkingDir); err != nil {
|
||||
if err := exec.EnsureContainerPathAs(b.RunConfig.WorkingDir, b.RunConfig.User, nil); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
|
2
vendor/github.com/openshift/imagebuilder/imagebuilder.spec
generated
vendored
2
vendor/github.com/openshift/imagebuilder/imagebuilder.spec
generated
vendored
|
@ -12,7 +12,7 @@
|
|||
#
|
||||
|
||||
%global golang_version 1.8.1
|
||||
%{!?version: %global version 1.2.2-dev}
|
||||
%{!?version: %global version 1.2.3}
|
||||
%{!?release: %global release 1}
|
||||
%global package_name imagebuilder
|
||||
%global product_name Container Image Builder
|
||||
|
|
21
vendor/modules.txt
vendored
21
vendor/modules.txt
vendored
|
@ -63,7 +63,7 @@ github.com/container-orchestrated-devices/container-device-interface/pkg/cdi
|
|||
github.com/container-orchestrated-devices/container-device-interface/specs-go
|
||||
# github.com/containerd/cgroups v1.0.3
|
||||
github.com/containerd/cgroups/stats/v1
|
||||
# github.com/containerd/containerd v1.6.1
|
||||
# github.com/containerd/containerd v1.6.2
|
||||
github.com/containerd/containerd/errdefs
|
||||
github.com/containerd/containerd/log
|
||||
github.com/containerd/containerd/pkg/userns
|
||||
|
@ -87,7 +87,7 @@ github.com/containernetworking/cni/pkg/version
|
|||
# github.com/containernetworking/plugins v1.1.1
|
||||
## explicit
|
||||
github.com/containernetworking/plugins/pkg/ns
|
||||
# github.com/containers/buildah v1.24.3-0.20220310160415-5ec70bf01ea5
|
||||
# github.com/containers/buildah v1.25.2-0.20220406205807-5b8e79118057
|
||||
## explicit
|
||||
github.com/containers/buildah
|
||||
github.com/containers/buildah/bind
|
||||
|
@ -109,7 +109,7 @@ github.com/containers/buildah/pkg/rusage
|
|||
github.com/containers/buildah/pkg/sshagent
|
||||
github.com/containers/buildah/pkg/util
|
||||
github.com/containers/buildah/util
|
||||
# github.com/containers/common v0.47.5-0.20220323125147-7dc6e944d625
|
||||
# github.com/containers/common v0.47.5-0.20220405040919-5d3a1effbf99
|
||||
## explicit
|
||||
github.com/containers/common/libimage
|
||||
github.com/containers/common/libimage/manifests
|
||||
|
@ -153,7 +153,7 @@ github.com/containers/common/version
|
|||
# github.com/containers/conmon v2.0.20+incompatible
|
||||
## explicit
|
||||
github.com/containers/conmon/runner/config
|
||||
# github.com/containers/image/v5 v5.20.1-0.20220310094651-0d8056ee346f
|
||||
# github.com/containers/image/v5 v5.21.0
|
||||
## explicit
|
||||
github.com/containers/image/v5/copy
|
||||
github.com/containers/image/v5/directory
|
||||
|
@ -233,7 +233,7 @@ github.com/containers/psgo/internal/dev
|
|||
github.com/containers/psgo/internal/host
|
||||
github.com/containers/psgo/internal/proc
|
||||
github.com/containers/psgo/internal/process
|
||||
# github.com/containers/storage v1.38.3-0.20220321121613-8e565392dd91
|
||||
# github.com/containers/storage v1.39.1-0.20220330193934-f3200eb5a5d9
|
||||
## explicit
|
||||
github.com/containers/storage
|
||||
github.com/containers/storage/drivers
|
||||
|
@ -532,7 +532,7 @@ github.com/onsi/ginkgo/reporters/stenographer
|
|||
github.com/onsi/ginkgo/reporters/stenographer/support/go-colorable
|
||||
github.com/onsi/ginkgo/reporters/stenographer/support/go-isatty
|
||||
github.com/onsi/ginkgo/types
|
||||
# github.com/onsi/gomega v1.18.1 => github.com/onsi/gomega v1.16.0
|
||||
# github.com/onsi/gomega v1.19.0 => github.com/onsi/gomega v1.16.0
|
||||
## explicit
|
||||
github.com/onsi/gomega
|
||||
github.com/onsi/gomega/format
|
||||
|
@ -554,7 +554,7 @@ github.com/opencontainers/go-digest
|
|||
## explicit
|
||||
github.com/opencontainers/image-spec/specs-go
|
||||
github.com/opencontainers/image-spec/specs-go/v1
|
||||
# github.com/opencontainers/runc v1.1.0
|
||||
# github.com/opencontainers/runc v1.1.1
|
||||
## explicit
|
||||
github.com/opencontainers/runc/libcontainer/apparmor
|
||||
github.com/opencontainers/runc/libcontainer/cgroups
|
||||
|
@ -574,13 +574,13 @@ github.com/opencontainers/runtime-tools/generate
|
|||
github.com/opencontainers/runtime-tools/generate/seccomp
|
||||
github.com/opencontainers/runtime-tools/specerror
|
||||
github.com/opencontainers/runtime-tools/validate
|
||||
# github.com/opencontainers/selinux v1.10.0
|
||||
# github.com/opencontainers/selinux v1.10.1
|
||||
## explicit
|
||||
github.com/opencontainers/selinux/go-selinux
|
||||
github.com/opencontainers/selinux/go-selinux/label
|
||||
github.com/opencontainers/selinux/pkg/pwalk
|
||||
github.com/opencontainers/selinux/pkg/pwalkdir
|
||||
# github.com/openshift/imagebuilder v1.2.2
|
||||
# github.com/openshift/imagebuilder v1.2.3
|
||||
github.com/openshift/imagebuilder
|
||||
github.com/openshift/imagebuilder/dockerfile/command
|
||||
github.com/openshift/imagebuilder/dockerfile/parser
|
||||
|
@ -598,7 +598,6 @@ github.com/pmezard/go-difflib/difflib
|
|||
# github.com/proglottis/gpgme v0.1.1
|
||||
github.com/proglottis/gpgme
|
||||
# github.com/prometheus/client_golang v1.11.1
|
||||
## explicit
|
||||
github.com/prometheus/client_golang/prometheus
|
||||
github.com/prometheus/client_golang/prometheus/internal
|
||||
github.com/prometheus/client_golang/prometheus/promhttp
|
||||
|
@ -646,7 +645,7 @@ github.com/stefanberger/go-pkcs11uri
|
|||
## explicit
|
||||
github.com/stretchr/testify/assert
|
||||
github.com/stretchr/testify/require
|
||||
# github.com/sylabs/sif/v2 v2.4.0
|
||||
# github.com/sylabs/sif/v2 v2.4.2
|
||||
github.com/sylabs/sif/v2/pkg/sif
|
||||
# github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635
|
||||
## explicit
|
||||
|
|
Loading…
Reference in a new issue