diff --git a/go.mod b/go.mod
index c2c148158b..328ebad0c3 100644
--- a/go.mod
+++ b/go.mod
@@ -13,7 +13,7 @@ require (
github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc // indirect
github.com/containernetworking/cni v0.7.1
github.com/containernetworking/plugins v0.8.1
- github.com/containers/buildah v1.11.0
+ github.com/containers/buildah v1.11.2
github.com/containers/conmon v0.3.0 // indirect
github.com/containers/image v3.0.2+incompatible
github.com/containers/psgo v1.3.1
@@ -22,7 +22,7 @@ require (
github.com/coreos/etcd v3.3.13+incompatible // indirect
github.com/coreos/go-iptables v0.4.2 // indirect
github.com/coreos/go-semver v0.3.0 // indirect
- github.com/coreos/go-systemd v0.0.0-20190620071333-e64a0ec8b42a
+ github.com/coreos/go-systemd v0.0.0-20190719114852-fd7a80b32e1f
github.com/cri-o/ocicni v0.1.1-0.20190702175919-7762645d18ca
github.com/cyphar/filepath-securejoin v0.2.2
github.com/davecgh/go-spew v1.1.1
@@ -65,7 +65,7 @@ require (
github.com/onsi/gomega v1.5.0
github.com/opencontainers/go-digest v1.0.0-rc1
github.com/opencontainers/image-spec v1.0.1
- github.com/opencontainers/runc v1.0.0-rc8
+ github.com/opencontainers/runc v1.0.0-rc8.0.20190827142921-dd075602f158
github.com/opencontainers/runtime-spec v0.1.2-0.20190618234442-a950415649c7
github.com/opencontainers/runtime-tools v0.9.0
github.com/opencontainers/selinux v1.3.0
diff --git a/go.sum b/go.sum
index 14a8694983..fbf0e667d1 100644
--- a/go.sum
+++ b/go.sum
@@ -54,6 +54,7 @@ github.com/containerd/cgroups v0.0.0-20190328223300-4994991857f9 h1:LmZz7ns2YaWW
github.com/containerd/cgroups v0.0.0-20190328223300-4994991857f9/go.mod h1:X9rLEHIqSf/wfK8NsPqxJmeZgW4pcfzdXITDrUSJ6uI=
github.com/containerd/cgroups v0.0.0-20190620142518-db272301ab84 h1:6ABxcB2knKIZIlkivRzz4BadxXGCGV/fxjG1y+S5lRc=
github.com/containerd/cgroups v0.0.0-20190620142518-db272301ab84/go.mod h1:X9rLEHIqSf/wfK8NsPqxJmeZgW4pcfzdXITDrUSJ6uI=
+github.com/containerd/console v0.0.0-20181022165439-0650fd9eeb50/go.mod h1:Tj/on1eG8kiEhd0+fhSDzsPAFESxzBBvdyEgyryXffw=
github.com/containerd/continuity v0.0.0-20180814194400-c7c5070e6f6e/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
github.com/containerd/continuity v0.0.0-20181203112020-004b46473808 h1:4BX8f882bXEDKfWIf0wa8HRvpnBoPszJJXL+TVbBw4M=
github.com/containerd/continuity v0.0.0-20181203112020-004b46473808/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
@@ -77,6 +78,8 @@ github.com/containers/buildah v1.10.1 h1:YBFHZkpbWCxUR/gjRAZrRzs2E0DfdUe3+/8OA9f
github.com/containers/buildah v1.10.1/go.mod h1:ZTyMFo3IQlu9tYndtnAf0Tjf2NdeUL6bY2/TpP9uIuU=
github.com/containers/buildah v1.11.0 h1:w0jZybDBTb5lvBKmFuuncxbb3D+D68EHnngIcAXFKjg=
github.com/containers/buildah v1.11.0/go.mod h1:vIO922hCyTe9LEUlcH/oyaMdXy6xX/YdxR6huEOAM0o=
+github.com/containers/buildah v1.11.2 h1:U6Abrp1J7H19vHvhqIran4Xvw+Z3WIqMM86fIt9L7Qk=
+github.com/containers/buildah v1.11.2/go.mod h1:CtnP3vsLiU3xgKvkhdb4b0IzYwXNzHRv3ezl4z+RPC0=
github.com/containers/conmon v0.3.0 h1:NDkYcQAu1BDZSVLh6xrY9jh/WmiDaUloKzRM16237XM=
github.com/containers/conmon v0.3.0/go.mod h1:hgwZ2mtuDrppv78a/cOBNiCm6O0UMWGx1mu7P00nu5I=
github.com/containers/image v2.0.0+incompatible h1:FTr6Br7jlIKNCKMjSOMbAxKp2keQ0//jzJaYNTVhauk=
@@ -123,6 +126,8 @@ github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7/go.mod h1:F5haX7
github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
github.com/coreos/go-systemd v0.0.0-20190620071333-e64a0ec8b42a h1:W8b4lQ4tFF21aspRGoBuCNV6V2fFJBF+pm1J6OY8Lys=
github.com/coreos/go-systemd v0.0.0-20190620071333-e64a0ec8b42a/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
+github.com/coreos/go-systemd v0.0.0-20190719114852-fd7a80b32e1f h1:JOrtw2xFKzlg+cbHpyrpLDmnN1HqhBfnX7WDiW7eG2c=
+github.com/coreos/go-systemd v0.0.0-20190719114852-fd7a80b32e1f/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
github.com/coreos/pkg v0.0.0-20180108230652-97fdf19511ea h1:n2Ltr3SrfQlf/9nOna1DoGKxLx3qTSI8Ttl6Xrqp6mw=
github.com/coreos/pkg v0.0.0-20180108230652-97fdf19511ea/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f h1:lBNOc5arjvs8E5mO2tbpBpLoyyu8B6e44T7hJy6potg=
@@ -394,6 +399,8 @@ github.com/opencontainers/runc v1.0.0-rc6 h1:7AoN22rYxxkmsJS48wFaziH/n0OvrZVqL/T
github.com/opencontainers/runc v1.0.0-rc6/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
github.com/opencontainers/runc v1.0.0-rc8 h1:dDCFes8Hj1r/i5qnypONo5jdOme/8HWZC/aNDyhECt0=
github.com/opencontainers/runc v1.0.0-rc8/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
+github.com/opencontainers/runc v1.0.0-rc8.0.20190827142921-dd075602f158 h1:/A6bAdnSZoTQmKml3MdHAnSEPnBAQeigNBl4sxnfaaQ=
+github.com/opencontainers/runc v1.0.0-rc8.0.20190827142921-dd075602f158/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
github.com/opencontainers/runtime-spec v0.0.0-20181111125026-1722abf79c2f h1:yBRNGmKl04BYFrAx8cUYDknbFNVk9yIF/3gH1/4lu0I=
github.com/opencontainers/runtime-spec v0.0.0-20181111125026-1722abf79c2f/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
github.com/opencontainers/runtime-spec v0.1.2-0.20190618234442-a950415649c7 h1:Dliu5QO+4JYWu/yMshaMU7G3JN2POGpwjJN7gjy10Go=
@@ -527,6 +534,7 @@ github.com/ulikunitz/xz v0.5.5 h1:pFrO0lVpTBXLpYw+pnLj6TbvHuyjXMfjGeCwSqCVwok=
github.com/ulikunitz/xz v0.5.5/go.mod h1:2bypXElzHzzJZwzH67Y6wb67pO62Rzfn7BSiF4ABRW8=
github.com/ulikunitz/xz v0.5.6 h1:jGHAfXawEGZQ3blwU5wnWKQJvAraT7Ftq9EXjnXYgt8=
github.com/ulikunitz/xz v0.5.6/go.mod h1:2bypXElzHzzJZwzH67Y6wb67pO62Rzfn7BSiF4ABRW8=
+github.com/urfave/cli v1.21.0/go.mod h1:lxDj6qX9Q6lWQxIrbrT0nwecwUtRnhVZAJjJZrVUZZQ=
github.com/varlink/go v0.0.0-20190502142041-0f1d566d194b h1:hdDRrn9OP/roL8a/e/5Zu85ldrcdndu9IeBj2OEvQm0=
github.com/varlink/go v0.0.0-20190502142041-0f1d566d194b/go.mod h1:YHaw8N660ESgMgLOZfLQqT1htFItynAUxMesFBho52s=
github.com/vbatts/tar-split v0.10.2/go.mod h1:LEuURwDEiWjRjwu46yU3KVGuUdVv/dcnpcEPSzR8z6g=
diff --git a/vendor/github.com/containers/buildah/.gitignore b/vendor/github.com/containers/buildah/.gitignore
index f419aed12f..c70cab336f 100644
--- a/vendor/github.com/containers/buildah/.gitignore
+++ b/vendor/github.com/containers/buildah/.gitignore
@@ -3,3 +3,4 @@ docs/buildah*.1
/imgtype
/build/
tests/tools/build
+Dockerfile*
diff --git a/vendor/github.com/containers/buildah/.golangci.yml b/vendor/github.com/containers/buildah/.golangci.yml
index 52e9990edd..044bc1f1b5 100644
--- a/vendor/github.com/containers/buildah/.golangci.yml
+++ b/vendor/github.com/containers/buildah/.golangci.yml
@@ -21,6 +21,7 @@ linters:
- gosimple
- govet
- ineffassign
+ - interfacer
- misspell
- nakedret
- staticcheck
@@ -37,7 +38,6 @@ linters:
# - gocritic
# - gocyclo
# - gosec
- # - interfacer
# - lll
# - maligned
# - prealloc
diff --git a/vendor/github.com/containers/buildah/.papr.yml b/vendor/github.com/containers/buildah/.papr.yml
index aece0004f2..6eaba332cd 100644
--- a/vendor/github.com/containers/buildah/.papr.yml
+++ b/vendor/github.com/containers/buildah/.papr.yml
@@ -4,7 +4,8 @@ branches:
- try
host:
- distro: fedora/28/atomic
+ # 29 is the highest level of atomic
+ distro: fedora/29/atomic
required: true
@@ -49,12 +50,12 @@ tests:
- podman run --net=host --security-opt label=disable --cap-add all --security-opt seccomp=unconfined -v /etc/yum.repos.d:/etc/yum.repos.d.host:ro
-v $PWD:/go/src/github.com/containers/buildah
--workdir /go/src/github.com/containers/buildah
- registry.fedoraproject.org/fedora:28 bash -c sh ./.papr.sh
+ registry.fedoraproject.org/fedora:30 bash -c sh ./.papr.sh
---
container:
- image: registry.fedoraproject.org/fedora:28
+ image: registry.fedoraproject.org/fedora:30
packages:
- btrfs-progs-devel
diff --git a/vendor/github.com/containers/buildah/CHANGELOG.md b/vendor/github.com/containers/buildah/CHANGELOG.md
index 82248b9019..61c29b2008 100644
--- a/vendor/github.com/containers/buildah/CHANGELOG.md
+++ b/vendor/github.com/containers/buildah/CHANGELOG.md
@@ -2,6 +2,58 @@
# Changelog
+## v1.11.1 (2019-09-11)
+ Add --devices flag to bud and from
+ Downgrade .papr to highest atomic verion
+ Add support for /run/.containerenv
+ Truncate output of too long image names
+ Preserve file and directory mount permissions
+ Bump fedora version from 28 to 30
+ makeImageRef: ignore EmptyLayer if Squash is set
+ Set TMPDIR to /var/tmp by default
+ replace --debug=false with --log-level=error
+ Allow mounts.conf entries for equal source and destination paths
+ fix label and annotation for 1-line Dockerfiles
+ Enable interfacer linter and fix lints
+ install.md: mention goproxy
+ Makefile: use go proxy
+ Bump to v1.12.0-dev
+
+## v1.11.0 (2019-08-29)
+ tests/bud.bats: add --signature-policy to some tests
+ Vendor github.com/openshift/api
+ pull/commit/push: pay attention to $BUILD_REGISTRY_SOURCES
+ Add `--log-level` command line option and deprecate `--debug`
+ add support for cgroupsV2
+ Correctly detect ExitError values from Run()
+ Disable empty logrus timestamps to reduce logger noise
+ Remove outdated deps Makefile target
+ Remove gofmt.sh in favor of golangci-lint
+ Remove govet.sh in favor of golangci-lint
+ Allow to override build date with SOURCE_DATE_EPOCH
+ Update shebangs to take env into consideration
+ Fix directory pull image names
+ Add --digestfile and Re-add push statement as debug
+ README: mention that Podman uses Buildah's API
+ Use content digests in ADD/COPY history entries
+ add: add a DryRun flag to AddAndCopyOptions
+ Fix possible runtime panic on bud
+ Add security-related volume options to validator
+ use correct path for ginkgo
+ Add bud 'without arguments' integration tests
+ Update documentation about bud
+ add: handle hard links when copying with .dockerignore
+ add: teach copyFileWithTar() about symlinks and directories
+ Allow buildah bud to be called without arguments
+ imagebuilder: fix detection of referenced stage roots
+ Touch up go mod instructions in install
+ run_linux: fix mounting /sys in a userns
+ Vendor Storage v1.13.2
+ Cirrus: Update VM images
+ Fix handling of /dev/null masked devices
+ Update `bud`/`from` help to contain indicator for `--dns=none`
+ Bump back to v1.11.0-dev
+
## v1.10.1 (2019-08-08)
Bump containers/image to v3.0.2 to fix keyring issue
Bug fix for volume minus syntax
diff --git a/vendor/github.com/containers/buildah/Makefile b/vendor/github.com/containers/buildah/Makefile
index b490d80416..cb0dfeb51c 100644
--- a/vendor/github.com/containers/buildah/Makefile
+++ b/vendor/github.com/containers/buildah/Makefile
@@ -1,3 +1,5 @@
+export GOPROXY=https://proxy.golang.org
+
SELINUXTAG := $(shell ./selinux_tag.sh)
APPARMORTAG := $(shell hack/apparmor_tag.sh)
STORAGETAGS := $(shell ./btrfs_tag.sh) $(shell ./btrfs_installed_tag.sh) $(shell ./libdm_tag.sh) $(shell ./ostree_tag.sh)
@@ -25,7 +27,8 @@ SOURCE_DATE_EPOCH ?= $(if $(shell date +%s),$(shell date +%s),$(error "date fail
STATIC_STORAGETAGS = "containers_image_ostree_stub containers_image_openpgp exclude_graphdriver_devicemapper $(STORAGE_TAGS)"
CNI_COMMIT := $(shell sed -n 's;\tgithub.com/containernetworking/cni \([^ \n]*\).*$\;\1;p' go.mod)
-RUNC_COMMIT := $(shell sed -n 's;\tgithub.com/opencontainers/runc \([^ \n]*\).*$\;\1;p' go.mod)
+#RUNC_COMMIT := $(shell sed -n 's;\tgithub.com/opencontainers/runc \([^ \n]*\).*$\;\1;p' go.mod)
+RUNC_COMMIT := v1.0.0-rc8
LIBSECCOMP_COMMIT := release-2.3
EXTRALDFLAGS :=
@@ -52,7 +55,7 @@ imgtype: *.go docker/*.go util/*.go tests/imgtype/imgtype.go
.PHONY: clean
clean:
- $(RM) -r buildah imgtype build buildah.static
+ $(RM) -r buildah imgtype build buildah.static buildah.darwin tests/testreport/testreport
$(MAKE) -C docs clean
.PHONY: docs
diff --git a/vendor/github.com/containers/buildah/buildah.go b/vendor/github.com/containers/buildah/buildah.go
index 29e7bf44ff..b482fe1be8 100644
--- a/vendor/github.com/containers/buildah/buildah.go
+++ b/vendor/github.com/containers/buildah/buildah.go
@@ -16,6 +16,7 @@ import (
"github.com/containers/storage"
"github.com/containers/storage/pkg/ioutils"
v1 "github.com/opencontainers/image-spec/specs-go/v1"
+ "github.com/opencontainers/runc/libcontainer/configs"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
)
@@ -26,7 +27,7 @@ const (
Package = "buildah"
// Version for the Package. Bump version in contrib/rpm/buildah.spec
// too.
- Version = "1.11.0"
+ Version = "1.11.2"
// The value we use to identify what type of information, currently a
// serialized Builder structure, we are using as per-container state.
// This should only be changed when we make incompatible changes to
@@ -188,8 +189,7 @@ type Builder struct {
// committed image after the history item for the layer that we're
// committing.
AppendedEmptyLayers []v1.History
-
- CommonBuildOpts *CommonBuildOptions
+ CommonBuildOpts *CommonBuildOptions
// TopLayer is the top layer of the image
TopLayer string
// Format for the build Image
@@ -198,6 +198,8 @@ type Builder struct {
TempVolumes map[string]bool
// ContentDigester counts the digest of all Add()ed content
ContentDigester CompositeDigester
+ // Devices are the additional devices to add to the containers
+ Devices []configs.Device
}
// BuilderInfo are used as objects to display container information
@@ -228,6 +230,7 @@ type BuilderInfo struct {
AddCapabilities []string
DropCapabilities []string
History []v1.History
+ Devices []configs.Device
}
// GetBuildInfo gets a pointer to a Builder object and returns a BuilderInfo object from it.
@@ -272,6 +275,7 @@ func GetBuildInfo(b *Builder) BuilderInfo {
AddCapabilities: append([]string{}, b.AddCapabilities...),
DropCapabilities: append([]string{}, b.DropCapabilities...),
History: history,
+ Devices: b.Devices,
}
}
@@ -406,6 +410,8 @@ type BuilderOptions struct {
CommonBuildOpts *CommonBuildOptions
// Format for the container image
Format string
+ // Devices are the additional devices to add to the containers
+ Devices []configs.Device
}
// ImportOptions are used to initialize a Builder from an existing container
diff --git a/vendor/github.com/containers/buildah/changelog.txt b/vendor/github.com/containers/buildah/changelog.txt
index 94f61763e2..2ae070e8cc 100644
--- a/vendor/github.com/containers/buildah/changelog.txt
+++ b/vendor/github.com/containers/buildah/changelog.txt
@@ -1,3 +1,25 @@
+- Changelog for v1.11.2 (2019-09-13)
+ * Add some cleanup code
+ * Move devices code to unit specific directory.
+ * Bump back to v1.12.0-dev
+
+- Changelog for v1.11.1 (2019-09-11)
+ * Add --devices flag to bud and from
+ * Downgrade .papr to highest atomic verion
+ * Add support for /run/.containerenv
+ * Truncate output of too long image names
+ * Preserve file and directory mount permissions
+ * Bump fedora version from 28 to 30
+ * makeImageRef: ignore EmptyLayer if Squash is set
+ * Set TMPDIR to /var/tmp by default
+ * replace --debug=false with --log-level=error
+ * Allow mounts.conf entries for equal source and destination paths
+ * fix label and annotation for 1-line Dockerfiles
+ * Enable interfacer linter and fix lints
+ * install.md: mention goproxy
+ * Makefile: use go proxy
+ * Bump to v1.12.0-dev
+
- Changelog for v1.11.0 (2019-08-29)
* tests/bud.bats: add --signature-policy to some tests
* Vendor github.com/openshift/api
diff --git a/vendor/github.com/containers/buildah/go.mod b/vendor/github.com/containers/buildah/go.mod
index 33b9bfb0db..bf30e9925d 100644
--- a/vendor/github.com/containers/buildah/go.mod
+++ b/vendor/github.com/containers/buildah/go.mod
@@ -5,10 +5,13 @@ go 1.12
require (
github.com/VividCortex/ewma v1.1.1 // indirect
github.com/blang/semver v3.5.0+incompatible // indirect
+ github.com/checkpoint-restore/go-criu v0.0.0-20190109184317-bdb7599cd87b // indirect
+ github.com/containerd/console v0.0.0-20181022165439-0650fd9eeb50 // indirect
github.com/containerd/continuity v0.0.0-20181203112020-004b46473808 // indirect
github.com/containernetworking/cni v0.7.1
github.com/containers/image v3.0.2+incompatible
github.com/containers/storage v1.13.2
+ github.com/coreos/go-systemd v0.0.0-20190719114852-fd7a80b32e1f // indirect
github.com/cyphar/filepath-securejoin v0.2.1
github.com/docker/distribution v0.0.0-20170817175659-5f6282db7d65
github.com/docker/docker-credential-helpers v0.6.1 // indirect
@@ -25,12 +28,13 @@ require (
github.com/mattn/go-isatty v0.0.4 // indirect
github.com/mattn/go-shellwords v1.0.5
github.com/moby/moby v0.0.0-20171005181806-f8806b18b4b9 // indirect
+ github.com/mrunalp/fileutils v0.0.0-20171103030105-7d4729fb3618 // indirect
github.com/mtrmac/gpgme v0.0.0-20170102180018-b2432428689c // indirect
github.com/onsi/ginkgo v1.8.0
github.com/onsi/gomega v1.5.0
github.com/opencontainers/go-digest v1.0.0-rc1
github.com/opencontainers/image-spec v1.0.1
- github.com/opencontainers/runc v1.0.0-rc8
+ github.com/opencontainers/runc v1.0.0-rc8.0.20190827142921-dd075602f158
github.com/opencontainers/runtime-spec v0.1.2-0.20190618234442-a950415649c7
github.com/opencontainers/runtime-tools v0.9.0
github.com/opencontainers/selinux v1.2.2
@@ -42,8 +46,10 @@ require (
github.com/sirupsen/logrus v1.4.2
github.com/spf13/cobra v0.0.3
github.com/spf13/pflag v1.0.3
+ github.com/stretchr/testify v1.3.0
github.com/syndtr/gocapability v0.0.0-20180916011248-d98352740cb2
github.com/ulikunitz/xz v0.5.5 // indirect
+ github.com/urfave/cli v1.21.0 // indirect
github.com/vbauerster/mpb v3.4.0+incompatible // indirect
github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f // indirect
github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
diff --git a/vendor/github.com/containers/buildah/go.sum b/vendor/github.com/containers/buildah/go.sum
index d489375de7..6b69f2f360 100644
--- a/vendor/github.com/containers/buildah/go.sum
+++ b/vendor/github.com/containers/buildah/go.sum
@@ -23,6 +23,8 @@ github.com/VividCortex/ewma v1.1.1 h1:MnEK4VOv6n0RSY4vtRe3h11qjxL3+t0B8yOL8iMXdc
github.com/VividCortex/ewma v1.1.1/go.mod h1:2Tkkvm3sRDVXaiyucHiACn4cqf7DpdyLvmxzcbUokwA=
github.com/blang/semver v3.5.0+incompatible h1:CGxCgetQ64DKk7rdZ++Vfnb1+ogGNnB17OJKJXD2Cfs=
github.com/blang/semver v3.5.0+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk=
+github.com/checkpoint-restore/go-criu v0.0.0-20190109184317-bdb7599cd87b/go.mod h1:TrMrLQfeENAPYPRsJuq3jsqdlRh3lvi6trTZJG8+tho=
+github.com/containerd/console v0.0.0-20181022165439-0650fd9eeb50/go.mod h1:Tj/on1eG8kiEhd0+fhSDzsPAFESxzBBvdyEgyryXffw=
github.com/containerd/continuity v0.0.0-20180814194400-c7c5070e6f6e/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
github.com/containerd/continuity v0.0.0-20181203112020-004b46473808 h1:4BX8f882bXEDKfWIf0wa8HRvpnBoPszJJXL+TVbBw4M=
github.com/containerd/continuity v0.0.0-20181203112020-004b46473808/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
@@ -54,10 +56,12 @@ github.com/containers/storage v1.13.1 h1:rjVirLS9fCGkUFlLDZEoGDDUugtIf46DufWvJu0
github.com/containers/storage v1.13.1/go.mod h1:6D8nK2sU9V7nEmAraINRs88ZEscM5C5DK+8Npp27GeA=
github.com/containers/storage v1.13.2 h1:UXZ0Ckmk6+6+4vj2M2ywruVtH97pnRoAhTG8ctd+yQI=
github.com/containers/storage v1.13.2/go.mod h1:6D8nK2sU9V7nEmAraINRs88ZEscM5C5DK+8Npp27GeA=
+github.com/coreos/go-systemd v0.0.0-20190719114852-fd7a80b32e1f/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
github.com/cyphar/filepath-securejoin v0.2.1 h1:5DPkzz/0MwUpvR4fxASKzgApeq2OMFY5FfYtrX28Coo=
github.com/cyphar/filepath-securejoin v0.2.1/go.mod h1:FpkQEhXnPnOthhzymB7CGsFk2G9VLXONKD9G7QGMM+4=
github.com/davecgh/go-spew v0.0.0-20151105211317-5215b55f46b2/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/docker/distribution v0.0.0-20170817175659-5f6282db7d65 h1:4zlOyrJUbYnrvlzChJ+jP2J3i77Jbhm336NEuCv7kZo=
github.com/docker/distribution v0.0.0-20170817175659-5f6282db7d65/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
@@ -160,6 +164,7 @@ github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJ
github.com/modern-go/reflect2 v0.0.0-20180320133207-05fbef0ca5da/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
+github.com/mrunalp/fileutils v0.0.0-20171103030105-7d4729fb3618/go.mod h1:x8F1gnqOkIEiO4rqoeEEEqQbo7HjGMTvyoq3gej4iT0=
github.com/mtrmac/gpgme v0.0.0-20170102180018-b2432428689c h1:xa+eQWKuJ9MbB9FBL/eoNvDFvveAkz2LQoz8PzX7Q/4=
github.com/mtrmac/gpgme v0.0.0-20170102180018-b2432428689c/go.mod h1:GhAqVMEWnTcW2dxoD/SO3n2enrgWl3y6Dnx4m59GvcA=
github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
@@ -182,6 +187,8 @@ github.com/opencontainers/image-spec v1.0.1/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zM
github.com/opencontainers/runc v0.1.1/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
github.com/opencontainers/runc v1.0.0-rc8 h1:dDCFes8Hj1r/i5qnypONo5jdOme/8HWZC/aNDyhECt0=
github.com/opencontainers/runc v1.0.0-rc8/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
+github.com/opencontainers/runc v1.0.0-rc8.0.20190827142921-dd075602f158 h1:/A6bAdnSZoTQmKml3MdHAnSEPnBAQeigNBl4sxnfaaQ=
+github.com/opencontainers/runc v1.0.0-rc8.0.20190827142921-dd075602f158/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
github.com/opencontainers/runtime-spec v0.1.2-0.20190618234442-a950415649c7 h1:Dliu5QO+4JYWu/yMshaMU7G3JN2POGpwjJN7gjy10Go=
github.com/opencontainers/runtime-spec v0.1.2-0.20190618234442-a950415649c7/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
github.com/opencontainers/runtime-tools v0.9.0 h1:FYgwVsKRI/H9hU32MJ/4MLOzXWodKK5zsQavY8NPMkU=
@@ -201,6 +208,7 @@ github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINE
github.com/pkg/errors v0.8.1 h1:iURUrRGxPUNPdy5/HRSm+Yj6okJ6UtLINN0Q9M4+h3I=
github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pmezard/go-difflib v0.0.0-20151028094244-d8ed2627bdf0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/pquerna/ffjson v0.0.0-20171002144729-d49c2bc1aa13 h1:AUK/hm/tPsiNNASdb3J8fySVRZoI7fnK5mlOvdFD43o=
github.com/pquerna/ffjson v0.0.0-20171002144729-d49c2bc1aa13/go.mod h1:YARuvh7BUWHNhzDq2OM5tzR2RiCcN2D7sapiKyCel/M=
@@ -222,6 +230,7 @@ github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+
github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
github.com/stretchr/testify v0.0.0-20151208002404-e3a8ff8ce365/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
+github.com/stretchr/testify v1.3.0 h1:TivCn/peBQ7UY8ooIcPgZFpTNSz0Q2U6UrFlUfqbe0Q=
github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
github.com/syndtr/gocapability v0.0.0-20180916011248-d98352740cb2 h1:b6uOv7YOFK0TYG7HtkIgExQo+2RdLuwRft63jn2HWj8=
github.com/syndtr/gocapability v0.0.0-20180916011248-d98352740cb2/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww=
@@ -231,6 +240,7 @@ github.com/tchap/go-patricia v2.3.0+incompatible h1:GkY4dP3cEfEASBPPkWd+AmjYxhmD
github.com/tchap/go-patricia v2.3.0+incompatible/go.mod h1:bmLyhP68RS6kStMGxByiQ23RP/odRBOTVjwp2cDyi6I=
github.com/ulikunitz/xz v0.5.5 h1:pFrO0lVpTBXLpYw+pnLj6TbvHuyjXMfjGeCwSqCVwok=
github.com/ulikunitz/xz v0.5.5/go.mod h1:2bypXElzHzzJZwzH67Y6wb67pO62Rzfn7BSiF4ABRW8=
+github.com/urfave/cli v1.21.0/go.mod h1:lxDj6qX9Q6lWQxIrbrT0nwecwUtRnhVZAJjJZrVUZZQ=
github.com/vbatts/tar-split v0.10.2 h1:CXd7HEKGkTLjBMinpObcJZU5Hm8EKlor2a1JtX6msXQ=
github.com/vbatts/tar-split v0.10.2/go.mod h1:LEuURwDEiWjRjwu46yU3KVGuUdVv/dcnpcEPSzR8z6g=
github.com/vbatts/tar-split v0.11.1 h1:0Odu65rhcZ3JZaPHxl7tCI3V/C/Q9Zf82UFravl02dE=
diff --git a/vendor/github.com/containers/buildah/image.go b/vendor/github.com/containers/buildah/image.go
index 042aa2d000..cca7dd836b 100644
--- a/vendor/github.com/containers/buildah/image.go
+++ b/vendor/github.com/containers/buildah/image.go
@@ -710,7 +710,7 @@ func (b *Builder) makeImageRef(options CommitOptions, exporting bool) (types.Ima
preferredManifestType: manifestType,
exporting: exporting,
squash: options.Squash,
- emptyLayer: options.EmptyLayer,
+ emptyLayer: options.EmptyLayer && !options.Squash,
tarPath: b.tarPath(&b.IDMappingOptions),
parent: parent,
blobDirectory: options.BlobDirectory,
diff --git a/vendor/github.com/containers/buildah/imagebuildah/build.go b/vendor/github.com/containers/buildah/imagebuildah/build.go
index 85ceceb3a6..f53018cd4d 100644
--- a/vendor/github.com/containers/buildah/imagebuildah/build.go
+++ b/vendor/github.com/containers/buildah/imagebuildah/build.go
@@ -17,6 +17,7 @@ import (
"github.com/containers/image/types"
"github.com/containers/storage"
"github.com/containers/storage/pkg/archive"
+ "github.com/opencontainers/runc/libcontainer/configs"
"github.com/opencontainers/runtime-spec/specs-go"
"github.com/openshift/imagebuilder"
"github.com/pkg/errors"
@@ -156,6 +157,8 @@ type BuildOptions struct {
BlobDirectory string
// Target the targeted FROM in the Dockerfile to build
Target string
+ // Devices are the additional devices to add to the containers
+ Devices []configs.Device
}
// BuildDockerfiles parses a set of one or more Dockerfiles (which may be
@@ -264,7 +267,7 @@ func BuildDockerfiles(ctx context.Context, store storage.Store, options BuildOpt
// dockerfile content and will use ctxDir as the base include path.
//
// Note: we cannot use cmd.StdoutPipe() as cmd.Wait() closes it.
-func preprocessDockerfileContents(r io.ReadCloser, ctxDir string) (rdrCloser *io.ReadCloser, err error) {
+func preprocessDockerfileContents(r io.Reader, ctxDir string) (rdrCloser *io.ReadCloser, err error) {
cppPath := "/usr/bin/cpp"
if _, err = os.Stat(cppPath); err != nil {
if os.IsNotExist(err) {
diff --git a/vendor/github.com/containers/buildah/imagebuildah/executor.go b/vendor/github.com/containers/buildah/imagebuildah/executor.go
index 34ccb6efba..c65c3bab40 100644
--- a/vendor/github.com/containers/buildah/imagebuildah/executor.go
+++ b/vendor/github.com/containers/buildah/imagebuildah/executor.go
@@ -20,6 +20,7 @@ import (
"github.com/containers/storage"
"github.com/containers/storage/pkg/archive"
v1 "github.com/opencontainers/image-spec/specs-go/v1"
+ "github.com/opencontainers/runc/libcontainer/configs"
"github.com/openshift/imagebuilder"
"github.com/openshift/imagebuilder/dockerfile/parser"
"github.com/pkg/errors"
@@ -90,6 +91,9 @@ type Executor struct {
excludes []string
unusedArgs map[string]struct{}
buildArgs map[string]string
+ addCapabilities []string
+ dropCapabilities []string
+ devices []configs.Device
}
// NewExecutor creates a new instance of the imagebuilder.Executor interface.
@@ -144,6 +148,9 @@ func NewExecutor(store storage.Store, options BuildOptions, mainNode *parser.Nod
blobDirectory: options.BlobDirectory,
unusedArgs: make(map[string]struct{}),
buildArgs: options.Args,
+ addCapabilities: options.AddCapabilities,
+ dropCapabilities: options.DropCapabilities,
+ devices: options.Devices,
}
if exec.err == nil {
exec.err = os.Stderr
diff --git a/vendor/github.com/containers/buildah/imagebuildah/stage_executor.go b/vendor/github.com/containers/buildah/imagebuildah/stage_executor.go
index 144bf8c245..e942b3b340 100644
--- a/vendor/github.com/containers/buildah/imagebuildah/stage_executor.go
+++ b/vendor/github.com/containers/buildah/imagebuildah/stage_executor.go
@@ -585,6 +585,9 @@ func (s *StageExecutor) prepare(ctx context.Context, stage imagebuilder.Stage, f
CommonBuildOpts: s.executor.commonBuildOptions,
DefaultMountsFilePath: s.executor.defaultMountsFilePath,
Format: s.executor.outputFormat,
+ AddCapabilities: s.executor.addCapabilities,
+ DropCapabilities: s.executor.dropCapabilities,
+ Devices: s.executor.devices,
}
// Check and see if the image is a pseudonym for the end result of a
@@ -757,9 +760,17 @@ func (s *StageExecutor) Execute(ctx context.Context, stage imagebuilder.Stage, b
if imgID, ref, err = s.commit(ctx, ib, s.executor.getCreatedBy(nil, ""), false, s.output); err != nil {
return "", nil, errors.Wrapf(err, "error committing base container")
}
+ } else if len(s.executor.labels) > 0 || len(s.executor.annotations) > 0 {
+ // The image would be modified by the labels passed
+ // via the command line, so we need to commit.
+ logCommit(s.output, -1)
+ if imgID, ref, err = s.commit(ctx, ib, s.executor.getCreatedBy(stage.Node, ""), true, s.output); err != nil {
+ return "", nil, err
+ }
} else {
- // We don't need to squash the base image, so just
- // reuse the base image.
+ // We don't need to squash the base image, and the
+ // image wouldn't be modified by the command line
+ // options, so just reuse the base image.
logCommit(s.output, -1)
if imgID, ref, err = s.tagExistingImage(ctx, s.builder.FromImageID, s.output); err != nil {
return "", nil, err
diff --git a/vendor/github.com/containers/buildah/install.md b/vendor/github.com/containers/buildah/install.md
index 6cfa3f24b6..858364b452 100644
--- a/vendor/github.com/containers/buildah/install.md
+++ b/vendor/github.com/containers/buildah/install.md
@@ -324,11 +324,11 @@ registries = []
`/usr/share/containers/mounts.conf` and optionally `/etc/containers/mounts.conf`
-The mounts.conf files specify volume mount directories that are automatically mounted inside containers when executing the `buildah run` or `buildah build-using-dockerfile` commands. Container process can then use this content. The volume mount content does not get committed to the final image. This file is usually provided by the containers-common package.
+The mounts.conf files specify volume mount files or directories that are automatically mounted inside containers when executing the `buildah run` or `buildah build-using-dockerfile` commands. Container processes can then use this content. The volume mount content does not get committed to the final image. This file is usually provided by the containers-common package.
Usually these directories are used for passing secrets or credentials required by the package software to access remote package repositories.
-For example, a mounts.conf with the line "`/usr/share/rhel/secrets:/run/secrets`", the content of `/usr/share/rhel/secrets` directory is mounted on `/run/secrets` inside the container. This mountpoint allows Red Hat Enterprise Linux subscriptions from the host to be used within the container.
+For example, a mounts.conf with the line "`/usr/share/rhel/secrets:/run/secrets`", the content of `/usr/share/rhel/secrets` directory is mounted on `/run/secrets` inside the container. This mountpoint allows Red Hat Enterprise Linux subscriptions from the host to be used within the container. It is also possible to omit the destination if it's equal to the source path. For example, specifying `/var/lib/secrets` will mount the directory into the same container destination path `/var/lib/secrets`.
Note this is not a volume mount. The content of the volumes is copied into container storage, not bind mounted directly from the host.
@@ -396,3 +396,5 @@ If you wish to vendor in your personal fork to try changes out (assuming contain
To revert
* `go mod edit -dropreplace github.com/containers/storage`
* `make vendor`
+
+To speed up fetching dependencies, you can use a [Go Module Proxy](https://proxy.golang.org) by setting `GOPROXY=https://proxy.golang.org`.
diff --git a/vendor/github.com/containers/buildah/new.go b/vendor/github.com/containers/buildah/new.go
index 5642ef9166..31ae01be7d 100644
--- a/vendor/github.com/containers/buildah/new.go
+++ b/vendor/github.com/containers/buildah/new.go
@@ -360,6 +360,7 @@ func newBuilder(ctx context.Context, store storage.Store, options BuilderOptions
Args: options.Args,
Format: options.Format,
TempVolumes: map[string]bool{},
+ Devices: options.Devices,
}
if options.Mount {
diff --git a/vendor/github.com/containers/buildah/pkg/cli/common.go b/vendor/github.com/containers/buildah/pkg/cli/common.go
index 1a73efb54d..06aec96eaa 100644
--- a/vendor/github.com/containers/buildah/pkg/cli/common.go
+++ b/vendor/github.com/containers/buildah/pkg/cli/common.go
@@ -87,6 +87,7 @@ type FromAndBudResults struct {
CPUSetCPUs string
CPUSetMems string
CPUShares uint64
+ Devices []string
DNSSearch []string
DNSServers []string
DNSOptions []string
@@ -185,6 +186,7 @@ func GetFromAndBudFlags(flags *FromAndBudResults, usernsResults *UserNSResults,
fs.Uint64VarP(&flags.CPUShares, "cpu-shares", "c", 0, "CPU shares (relative weight)")
fs.StringVar(&flags.CPUSetCPUs, "cpuset-cpus", "", "CPUs in which to allow execution (0-3, 0,1)")
fs.StringVar(&flags.CPUSetMems, "cpuset-mems", "", "memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only effective on NUMA systems.")
+ fs.StringArrayVar(&flags.Devices, "device", []string{}, "Additional devices to be used within containers (default [])")
fs.StringSliceVar(&flags.DNSSearch, "dns-search", []string{}, "Set custom DNS search domains")
fs.StringSliceVar(&flags.DNSServers, "dns", []string{}, "Set custom DNS servers or disable it completely by setting it to 'none', which prevents the automatic creation of `/etc/resolv.conf`.")
fs.StringSliceVar(&flags.DNSOptions, "dns-option", []string{}, "Set custom DNS options")
diff --git a/vendor/github.com/containers/buildah/pkg/parse/parse.go b/vendor/github.com/containers/buildah/pkg/parse/parse.go
index 09ca542a17..36ae071906 100644
--- a/vendor/github.com/containers/buildah/pkg/parse/parse.go
+++ b/vendor/github.com/containers/buildah/pkg/parse/parse.go
@@ -886,3 +886,67 @@ func RegistryFromFullName(input string) string {
}
return split[0]
}
+
+// Device parses device mapping string to a src, dest & permissions string
+// Valid values for device looklike:
+// '/dev/sdc"
+// '/dev/sdc:/dev/xvdc"
+// '/dev/sdc:/dev/xvdc:rwm"
+// '/dev/sdc:rm"
+func Device(device string) (string, string, string, error) {
+ src := ""
+ dst := ""
+ permissions := "rwm"
+ arr := strings.Split(device, ":")
+ switch len(arr) {
+ case 3:
+ if !isValidDeviceMode(arr[2]) {
+ return "", "", "", fmt.Errorf("invalid device mode: %s", arr[2])
+ }
+ permissions = arr[2]
+ fallthrough
+ case 2:
+ if isValidDeviceMode(arr[1]) {
+ permissions = arr[1]
+ } else {
+ if len(arr[1]) == 0 || arr[1][0] != '/' {
+ return "", "", "", fmt.Errorf("invalid device mode: %s", arr[1])
+ }
+ dst = arr[1]
+ }
+ fallthrough
+ case 1:
+ if len(arr[0]) > 0 {
+ src = arr[0]
+ break
+ }
+ fallthrough
+ default:
+ return "", "", "", fmt.Errorf("invalid device specification: %s", device)
+ }
+
+ if dst == "" {
+ dst = src
+ }
+ return src, dst, permissions, nil
+}
+
+// isValidDeviceMode checks if the mode for device is valid or not.
+// isValid mode is a composition of r (read), w (write), and m (mknod).
+func isValidDeviceMode(mode string) bool {
+ var legalDeviceMode = map[rune]bool{
+ 'r': true,
+ 'w': true,
+ 'm': true,
+ }
+ if mode == "" {
+ return false
+ }
+ for _, c := range mode {
+ if !legalDeviceMode[c] {
+ return false
+ }
+ legalDeviceMode[c] = false
+ }
+ return true
+}
diff --git a/vendor/github.com/containers/buildah/pkg/parse/parse_unix.go b/vendor/github.com/containers/buildah/pkg/parse/parse_unix.go
index 0574fc24ed..238293894f 100644
--- a/vendor/github.com/containers/buildah/pkg/parse/parse_unix.go
+++ b/vendor/github.com/containers/buildah/pkg/parse/parse_unix.go
@@ -5,6 +5,10 @@ package parse
import (
"fmt"
+ "github.com/containers/buildah/pkg/unshare"
+ "github.com/opencontainers/runc/libcontainer/configs"
+ "github.com/opencontainers/runc/libcontainer/devices"
+ "github.com/pkg/errors"
"golang.org/x/sys/unix"
)
@@ -19,3 +23,19 @@ func getDefaultProcessLimits() []string {
}
return defaultLimits
}
+
+func DeviceFromPath(device string) (configs.Device, error) {
+ src, dst, permissions, err := Device(device)
+ if err != nil {
+ return configs.Device{}, err
+ }
+ if unshare.IsRootless() {
+ return configs.Device{}, errors.Errorf("Renaming device %s to %s is not a supported in rootless containers", src, dst)
+ }
+ dev, err := devices.DeviceFromPath(src, permissions)
+ if err != nil {
+ return configs.Device{}, errors.Wrapf(err, "%s is not a valid device", src)
+ }
+ dev.Path = dst
+ return *dev, nil
+}
diff --git a/vendor/github.com/containers/buildah/pkg/parse/parse_unsupported.go b/vendor/github.com/containers/buildah/pkg/parse/parse_unsupported.go
index 7e970624f7..51138f8601 100644
--- a/vendor/github.com/containers/buildah/pkg/parse/parse_unsupported.go
+++ b/vendor/github.com/containers/buildah/pkg/parse/parse_unsupported.go
@@ -2,6 +2,16 @@
package parse
+import (
+ "fmt"
+
+ "github.com/opencontainers/runc/libcontainer/configs"
+)
+
func getDefaultProcessLimits() []string {
return []string{}
}
+
+func DeviceFromPath(device string) (configs.Device, error) {
+ return configs.Device{}, fmt.Errorf("devices not supported")
+}
diff --git a/vendor/github.com/containers/buildah/pkg/secrets/secrets.go b/vendor/github.com/containers/buildah/pkg/secrets/secrets.go
index 70bd6a4b79..9be9bb3b6a 100644
--- a/vendor/github.com/containers/buildah/pkg/secrets/secrets.go
+++ b/vendor/github.com/containers/buildah/pkg/secrets/secrets.go
@@ -7,6 +7,7 @@ import (
"path/filepath"
"strings"
+ "github.com/containers/buildah/pkg/umask"
"github.com/containers/storage/pkg/idtools"
rspec "github.com/opencontainers/runtime-spec/specs-go"
"github.com/opencontainers/selinux/go-selinux/label"
@@ -28,20 +29,22 @@ var (
// secretData stores the name of the file and the content read from it
type secretData struct {
- name string
- data []byte
+ name string
+ data []byte
+ mode os.FileMode
+ dirMode os.FileMode
}
// saveTo saves secret data to given directory
func (s secretData) saveTo(dir string) error {
path := filepath.Join(dir, s.name)
- if err := os.MkdirAll(filepath.Dir(path), 0700); err != nil && !os.IsExist(err) {
+ if err := os.MkdirAll(filepath.Dir(path), s.dirMode); err != nil && !os.IsExist(err) {
return err
}
- return ioutil.WriteFile(path, s.data, 0700)
+ return ioutil.WriteFile(path, s.data, s.mode)
}
-func readAll(root, prefix string) ([]secretData, error) {
+func readAll(root, prefix string, parentMode os.FileMode) ([]secretData, error) {
path := filepath.Join(root, prefix)
data := []secretData{}
@@ -56,7 +59,7 @@ func readAll(root, prefix string) ([]secretData, error) {
}
for _, f := range files {
- fileData, err := readFile(root, filepath.Join(prefix, f.Name()))
+ fileData, err := readFileOrDir(root, filepath.Join(prefix, f.Name()), parentMode)
if err != nil {
// If the file did not exist, might be a dangling symlink
// Ignore the error
@@ -71,7 +74,7 @@ func readAll(root, prefix string) ([]secretData, error) {
return data, nil
}
-func readFile(root, name string) ([]secretData, error) {
+func readFileOrDir(root, name string, parentMode os.FileMode) ([]secretData, error) {
path := filepath.Join(root, name)
s, err := os.Stat(path)
@@ -80,7 +83,7 @@ func readFile(root, name string) ([]secretData, error) {
}
if s.IsDir() {
- dirData, err := readAll(root, name)
+ dirData, err := readAll(root, name, s.Mode())
if err != nil {
return nil, err
}
@@ -90,12 +93,17 @@ func readFile(root, name string) ([]secretData, error) {
if err != nil {
return nil, err
}
- return []secretData{{name: name, data: bytes}}, nil
+ return []secretData{{
+ name: name,
+ data: bytes,
+ mode: s.Mode(),
+ dirMode: parentMode,
+ }}, nil
}
-func getHostSecretData(hostDir string) ([]secretData, error) {
+func getHostSecretData(hostDir string, mode os.FileMode) ([]secretData, error) {
var allSecrets []secretData
- hostSecrets, err := readAll(hostDir, "")
+ hostSecrets, err := readAll(hostDir, "", mode)
if err != nil {
return nil, errors.Wrapf(err, "failed to read secrets from %q", hostDir)
}
@@ -130,10 +138,13 @@ func getMounts(filePath string) []string {
// getHostAndCtrDir separates the host:container paths
func getMountsMap(path string) (string, string, error) {
arr := strings.SplitN(path, ":", 2)
- if len(arr) == 2 {
+ switch len(arr) {
+ case 1:
+ return arr[0], arr[0], nil
+ case 2:
return arr[0], arr[1], nil
}
- return "", "", errors.Errorf("unable to get host and container dir")
+ return "", "", errors.Errorf("unable to get host and container dir from path: %s", path)
}
// SecretMounts copies, adds, and mounts the secrets to the container root filesystem
@@ -162,7 +173,7 @@ func SecretMountsWithUIDGID(mountLabel, containerWorkingDir, mountFile, mountPre
if _, err := os.Stat(file); err == nil {
mounts, err := addSecretsFromMountsFile(file, mountLabel, containerWorkingDir, mountPrefix, uid, gid)
if err != nil {
- logrus.Warnf("error mounting secrets, skipping: %v", err)
+ logrus.Warnf("error mounting secrets, skipping entry in %s: %v", file, err)
}
secretMounts = mounts
break
@@ -220,12 +231,16 @@ func addSecretsFromMountsFile(filePath, mountLabel, containerWorkingDir, mountPr
return nil, err
}
+ // Don't let the umask have any influence on the file and directory creation
+ oldUmask := umask.SetUmask(0)
+ defer umask.SetUmask(oldUmask)
+
switch mode := fileInfo.Mode(); {
case mode.IsDir():
- if err = os.MkdirAll(ctrDirOrFileOnHost, 0755); err != nil {
+ if err = os.MkdirAll(ctrDirOrFileOnHost, mode.Perm()); err != nil {
return nil, errors.Wrapf(err, "making container directory %q failed", ctrDirOrFileOnHost)
}
- data, err := getHostSecretData(hostDirOrFile)
+ data, err := getHostSecretData(hostDirOrFile, mode.Perm())
if err != nil {
return nil, errors.Wrapf(err, "getting host secret data failed")
}
@@ -235,16 +250,16 @@ func addSecretsFromMountsFile(filePath, mountLabel, containerWorkingDir, mountPr
}
}
case mode.IsRegular():
- data, err := readFile("", hostDirOrFile)
+ data, err := readFileOrDir("", hostDirOrFile, mode.Perm())
if err != nil {
return nil, errors.Wrapf(err, "error reading file %q", hostDirOrFile)
}
for _, s := range data {
- if err := os.MkdirAll(filepath.Dir(ctrDirOrFileOnHost), 0700); err != nil {
+ if err := os.MkdirAll(filepath.Dir(ctrDirOrFileOnHost), s.dirMode); err != nil {
return nil, err
}
- if err := ioutil.WriteFile(ctrDirOrFileOnHost, s.data, 0700); err != nil {
+ if err := ioutil.WriteFile(ctrDirOrFileOnHost, s.data, s.mode); err != nil {
return nil, errors.Wrapf(err, "error saving data to container filesystem on host %q", ctrDirOrFileOnHost)
}
}
diff --git a/vendor/github.com/containers/buildah/pkg/umask/umask_unix.go b/vendor/github.com/containers/buildah/pkg/umask/umask_unix.go
new file mode 100644
index 0000000000..02e10945b9
--- /dev/null
+++ b/vendor/github.com/containers/buildah/pkg/umask/umask_unix.go
@@ -0,0 +1,20 @@
+// +build linux darwin
+
+package umask
+
+import (
+ "syscall"
+
+ "github.com/sirupsen/logrus"
+)
+
+func CheckUmask() {
+ oldUmask := syscall.Umask(0022)
+ if (oldUmask & ^0022) != 0 {
+ logrus.Debugf("umask value too restrictive. Forcing it to 022")
+ }
+}
+
+func SetUmask(value int) int {
+ return syscall.Umask(value)
+}
diff --git a/vendor/github.com/containers/buildah/pkg/umask/umask_unsupported.go b/vendor/github.com/containers/buildah/pkg/umask/umask_unsupported.go
new file mode 100644
index 0000000000..20913a7185
--- /dev/null
+++ b/vendor/github.com/containers/buildah/pkg/umask/umask_unsupported.go
@@ -0,0 +1,7 @@
+// +build !linux,!darwin
+
+package umask
+
+func CheckUmask() {}
+
+func SetUmask(int) int { return 0 }
diff --git a/vendor/github.com/containers/buildah/run.go b/vendor/github.com/containers/buildah/run.go
index 88900b6b7a..bec1738e69 100644
--- a/vendor/github.com/containers/buildah/run.go
+++ b/vendor/github.com/containers/buildah/run.go
@@ -4,6 +4,7 @@ import (
"fmt"
"io"
+ "github.com/opencontainers/runc/libcontainer/configs"
"github.com/opencontainers/runtime-spec/specs-go"
)
@@ -167,6 +168,8 @@ type RunOptions struct {
// after processing the AddCapabilities set. If a capability appears in both
// lists, it will be dropped.
DropCapabilities []string
+ // Devices are the additional devices to add to the containers
+ Devices []configs.Device
}
// Find the configuration for the namespace of the given type. If there are
diff --git a/vendor/github.com/containers/buildah/run_linux.go b/vendor/github.com/containers/buildah/run_linux.go
index aeb9f5bbb3..624da9dae1 100644
--- a/vendor/github.com/containers/buildah/run_linux.go
+++ b/vendor/github.com/containers/buildah/run_linux.go
@@ -36,6 +36,7 @@ import (
"github.com/docker/libnetwork/types"
"github.com/opencontainers/go-digest"
"github.com/opencontainers/runtime-spec/specs-go"
+ spec "github.com/opencontainers/runtime-spec/specs-go"
"github.com/opencontainers/runtime-tools/generate"
"github.com/opencontainers/selinux/go-selinux/label"
"github.com/pkg/errors"
@@ -121,6 +122,20 @@ func (b *Builder) Run(command []string, options RunOptions) error {
g.SetProcessArgs(nil)
}
+ for _, d := range b.Devices {
+ sDev := spec.LinuxDevice{
+ Type: string(d.Type),
+ Path: d.Path,
+ Major: d.Major,
+ Minor: d.Minor,
+ FileMode: &d.FileMode,
+ UID: &d.Uid,
+ GID: &d.Gid,
+ }
+ g.AddDevice(sDev)
+ g.AddLinuxResourcesDevice(true, string(d.Type), &d.Major, &d.Minor, d.Permissions)
+ }
+
setupMaskedPaths(g)
setupReadOnlyPaths(g)
@@ -181,6 +196,24 @@ func (b *Builder) Run(command []string, options RunOptions) error {
}
bindFiles["/etc/resolv.conf"] = resolvFile
}
+ // Empty file, so no need to recreate if it exists
+ if _, ok := bindFiles["/run/.containerenv"]; !ok {
+ // Empty string for now, but we may consider populating this later
+ containerenvPath := filepath.Join(path, "/run/.containerenv")
+ if err = os.MkdirAll(filepath.Dir(containerenvPath), 0755); err != nil && !os.IsExist(err) {
+ return err
+ }
+ emptyFile, err := os.Create(containerenvPath)
+ if err != nil {
+ return err
+ }
+ emptyFile.Close()
+ if err := label.Relabel(containerenvPath, b.MountLabel, false); err != nil {
+ return errors.Wrapf(err, "error relabeling %q in container %q", containerenvPath, b.ContainerID)
+ }
+
+ bindFiles["/run/.containerenv"] = containerenvPath
+ }
err = b.setupMounts(mountPoint, spec, path, options.Mounts, bindFiles, volumes, b.CommonBuildOpts.Volumes, b.CommonBuildOpts.ShmSize, namespaceOptions)
if err != nil {
diff --git a/vendor/github.com/containers/buildah/util/util.go b/vendor/github.com/containers/buildah/util/util.go
index 4be0b2de80..8ec7676019 100644
--- a/vendor/github.com/containers/buildah/util/util.go
+++ b/vendor/github.com/containers/buildah/util/util.go
@@ -381,3 +381,17 @@ func LogIfNotRetryable(err error, what string) (retry bool) {
func LogIfUnexpectedWhileDraining(err error, what string) {
logIfNotErrno(err, what, syscall.EINTR, syscall.EAGAIN, syscall.EIO)
}
+
+// TruncateString trims the given string to the provided maximum amount of
+// characters and shortens it with `...`.
+func TruncateString(str string, to int) string {
+ newStr := str
+ if len(str) > to {
+ const tr = "..."
+ if to > len(tr) {
+ to -= len(tr)
+ }
+ newStr = str[0:to] + tr
+ }
+ return newStr
+}
diff --git a/vendor/github.com/coreos/go-systemd/activation/listeners.go b/vendor/github.com/coreos/go-systemd/activation/listeners.go
index bb5cc2311e..3dbe2b0877 100644
--- a/vendor/github.com/coreos/go-systemd/activation/listeners.go
+++ b/vendor/github.com/coreos/go-systemd/activation/listeners.go
@@ -67,7 +67,7 @@ func TLSListeners(tlsConfig *tls.Config) ([]net.Listener, error) {
return nil, err
}
- if tlsConfig != nil && err == nil {
+ if tlsConfig != nil {
for i, l := range listeners {
// Activate TLS only for TCP sockets
if l.Addr().Network() == "tcp" {
@@ -88,7 +88,7 @@ func TLSListenersWithNames(tlsConfig *tls.Config) (map[string][]net.Listener, er
return nil, err
}
- if tlsConfig != nil && err == nil {
+ if tlsConfig != nil {
for _, ll := range listeners {
// Activate TLS only for TCP sockets
for i, l := range ll {
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/utils.go b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/utils.go
index 9717acc729..ec79ae7672 100644
--- a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/utils.go
+++ b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/utils.go
@@ -22,6 +22,13 @@ const (
CgroupProcesses = "cgroup.procs"
)
+// HugePageSizeUnitList is a list of the units used by the linux kernel when
+// naming the HugePage control files.
+// https://www.kernel.org/doc/Documentation/cgroup-v1/hugetlb.txt
+// TODO Since the kernel only use KB, MB and GB; TB and PB should be removed,
+// depends on https://github.com/docker/go-units/commit/a09cd47f892041a4fac473133d181f5aea6fa393
+var HugePageSizeUnitList = []string{"B", "KB", "MB", "GB", "TB", "PB"}
+
// https://www.kernel.org/doc/Documentation/cgroup-v1/cgroups.txt
func FindCgroupMountpoint(cgroupPath, subsystem string) (string, error) {
mnt, _, err := FindCgroupMountpointAndRoot(cgroupPath, subsystem)
@@ -409,19 +416,26 @@ func RemovePaths(paths map[string]string) (err error) {
}
func GetHugePageSize() ([]string, error) {
- var pageSizes []string
- sizeList := []string{"B", "kB", "MB", "GB", "TB", "PB"}
files, err := ioutil.ReadDir("/sys/kernel/mm/hugepages")
if err != nil {
- return pageSizes, err
+ return []string{}, err
}
+ var fileNames []string
for _, st := range files {
- nameArray := strings.Split(st.Name(), "-")
+ fileNames = append(fileNames, st.Name())
+ }
+ return getHugePageSizeFromFilenames(fileNames)
+}
+
+func getHugePageSizeFromFilenames(fileNames []string) ([]string, error) {
+ var pageSizes []string
+ for _, fileName := range fileNames {
+ nameArray := strings.Split(fileName, "-")
pageSize, err := units.RAMInBytes(nameArray[1])
if err != nil {
return []string{}, err
}
- sizeString := units.CustomSize("%g%s", float64(pageSize), 1024.0, sizeList)
+ sizeString := units.CustomSize("%g%s", float64(pageSize), 1024.0, HugePageSizeUnitList)
pageSizes = append(pageSizes, sizeString)
}
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/configs/cgroup_windows.go b/vendor/github.com/opencontainers/runc/libcontainer/configs/cgroup_unsupported.go
similarity index 89%
rename from vendor/github.com/opencontainers/runc/libcontainer/configs/cgroup_windows.go
rename to vendor/github.com/opencontainers/runc/libcontainer/configs/cgroup_unsupported.go
index d74847b0db..c0c23d7000 100644
--- a/vendor/github.com/opencontainers/runc/libcontainer/configs/cgroup_windows.go
+++ b/vendor/github.com/opencontainers/runc/libcontainer/configs/cgroup_unsupported.go
@@ -1,3 +1,5 @@
+// +build !linux
+
package configs
// TODO Windows: This can ultimately be entirely factored out on Windows as
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/devices/devices.go b/vendor/github.com/opencontainers/runc/libcontainer/devices/devices.go
index 5e2ab0581e..5dabe06cef 100644
--- a/vendor/github.com/opencontainers/runc/libcontainer/devices/devices.go
+++ b/vendor/github.com/opencontainers/runc/libcontainer/devices/devices.go
@@ -7,11 +7,11 @@ import (
"path/filepath"
"github.com/opencontainers/runc/libcontainer/configs"
-
"golang.org/x/sys/unix"
)
var (
+ // ErrNotADevice denotes that a file is not a valid linux device.
ErrNotADevice = errors.New("not a device node")
)
@@ -21,7 +21,8 @@ var (
ioutilReadDir = ioutil.ReadDir
)
-// Given the path to a device and its cgroup_permissions(which cannot be easily queried) look up the information about a linux device and return that information as a Device struct.
+// Given the path to a device and its cgroup_permissions(which cannot be easily queried) look up the
+// information about a linux device and return that information as a Device struct.
func DeviceFromPath(path, permissions string) (*configs.Device, error) {
var stat unix.Stat_t
err := unixLstat(path, &stat)
@@ -60,25 +61,29 @@ func DeviceFromPath(path, permissions string) (*configs.Device, error) {
}, nil
}
+// HostDevices returns all devices that can be found under /dev directory.
func HostDevices() ([]*configs.Device, error) {
- return getDevices("/dev")
+ return GetDevices("/dev")
}
-func getDevices(path string) ([]*configs.Device, error) {
+// GetDevices recursively traverses a directory specified by path
+// and returns all devices found there.
+func GetDevices(path string) ([]*configs.Device, error) {
files, err := ioutilReadDir(path)
if err != nil {
return nil, err
}
- out := []*configs.Device{}
+ var out []*configs.Device
for _, f := range files {
switch {
case f.IsDir():
switch f.Name() {
// ".lxc" & ".lxd-mounts" added to address https://github.com/lxc/lxd/issues/2825
- case "pts", "shm", "fd", "mqueue", ".lxc", ".lxd-mounts":
+ // ".udev" added to address https://github.com/opencontainers/runc/issues/2093
+ case "pts", "shm", "fd", "mqueue", ".lxc", ".lxd-mounts", ".udev":
continue
default:
- sub, err := getDevices(filepath.Join(path, f.Name()))
+ sub, err := GetDevices(filepath.Join(path, f.Name()))
if err != nil {
return nil, err
}
diff --git a/vendor/modules.txt b/vendor/modules.txt
index d0fcf879a2..1de9fede0b 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -49,7 +49,7 @@ github.com/containernetworking/plugins/pkg/ip
github.com/containernetworking/plugins/plugins/ipam/host-local/backend/allocator
github.com/containernetworking/plugins/pkg/utils/hwaddr
github.com/containernetworking/plugins/plugins/ipam/host-local/backend
-# github.com/containers/buildah v1.11.0
+# github.com/containers/buildah v1.11.2
github.com/containers/buildah
github.com/containers/buildah/imagebuildah
github.com/containers/buildah/pkg/chrootuser
@@ -65,6 +65,7 @@ github.com/containers/buildah/pkg/blobcache
github.com/containers/buildah/pkg/overlay
github.com/containers/buildah/pkg/unshare
github.com/containers/buildah/pkg/cgroups
+github.com/containers/buildah/pkg/umask
# github.com/containers/image v3.0.2+incompatible
github.com/containers/image/directory
github.com/containers/image/docker
@@ -151,7 +152,7 @@ github.com/containers/storage/pkg/ostree
github.com/containers/storage/drivers/copy
# github.com/coreos/go-iptables v0.4.2
github.com/coreos/go-iptables/iptables
-# github.com/coreos/go-systemd v0.0.0-20190620071333-e64a0ec8b42a
+# github.com/coreos/go-systemd v0.0.0-20190719114852-fd7a80b32e1f
github.com/coreos/go-systemd/activation
github.com/coreos/go-systemd/dbus
github.com/coreos/go-systemd/sdjournal
@@ -354,7 +355,7 @@ github.com/opencontainers/go-digest
# github.com/opencontainers/image-spec v1.0.1
github.com/opencontainers/image-spec/specs-go/v1
github.com/opencontainers/image-spec/specs-go
-# github.com/opencontainers/runc v1.0.0-rc8
+# github.com/opencontainers/runc v1.0.0-rc8.0.20190827142921-dd075602f158
github.com/opencontainers/runc/libcontainer/user
github.com/opencontainers/runc/libcontainer/apparmor
github.com/opencontainers/runc/libcontainer/configs