build: mirror --authfile to filesystem if pointing to FD instead of file

Following commit makes sure that podman mirrors --authfile to a temporary
file in filesystem if arg is pointing to an FD instead of actual file
as FD can be only consumed once.

Reference:
* https://github.com/containers/buildah/pull/3498
* https://github.com/containers/buildah/issues/3070

[NO TESTS NEEDED]

Signed-off-by: Aditya Rajan <arajan@redhat.com>

cmd/podman/images/build.go

@@ -11,6 +11,7 @@ import (
 	buildahDefine "github.com/containers/buildah/define"
 	buildahCLI "github.com/containers/buildah/pkg/cli"
 	"github.com/containers/buildah/pkg/parse"
+	buildahUtil "github.com/containers/buildah/pkg/util"
 	"github.com/containers/common/pkg/auth"
 	"github.com/containers/common/pkg/completion"
 	"github.com/containers/common/pkg/config"
@@ -359,6 +360,12 @@ func buildFlagsWrapperToOptions(c *cobra.Command, contextDir string, flags *buil
 		}
 	}
 
+	cleanTmpFile := false
+	flags.Authfile, cleanTmpFile = buildahUtil.MirrorToTempFileIfPathIsDescriptor(flags.Authfile)
+	if cleanTmpFile {
+		defer os.Remove(flags.Authfile)
+	}
+
 	args := make(map[string]string)
 	if c.Flag("build-arg").Changed {
 		for _, arg := range flags.BuildArg {

vendor/github.com/containers/buildah/pkg/util/util.go

@@ -0,0 +1,81 @@
+package util
+
+import (
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"strings"
+
+	"github.com/pkg/errors"
+)
+
+// Mirrors path to a tmpfile if path points to a
+// file descriptor instead of actual file on filesystem
+// reason: operations with file descriptors are can lead
+// to edge cases where content on FD is not in a consumable
+// state after first consumption.
+// returns path as string and bool to confirm if temp file
+// was created and needs to be cleaned up.
+func MirrorToTempFileIfPathIsDescriptor(file string) (string, bool) {
+	// one use-case is discussed here
+	// https://github.com/containers/buildah/issues/3070
+	if !strings.HasPrefix(file, "/dev/fd") {
+		return file, false
+	}
+	b, err := ioutil.ReadFile(file)
+	if err != nil {
+		// if anything goes wrong return original path
+		return file, false
+	}
+	tmpfile, err := ioutil.TempFile(os.TempDir(), "buildah-temp-file")
+	if err != nil {
+		return file, false
+	}
+	if _, err := tmpfile.Write(b); err != nil {
+		// if anything goes wrong return original path
+		return file, false
+	}
+
+	return tmpfile.Name(), true
+}
+
+// DiscoverContainerfile tries to find a Containerfile or a Dockerfile within the provided `path`.
+func DiscoverContainerfile(path string) (foundCtrFile string, err error) {
+	// Test for existence of the file
+	target, err := os.Stat(path)
+	if err != nil {
+		return "", errors.Wrap(err, "discovering Containerfile")
+	}
+
+	switch mode := target.Mode(); {
+	case mode.IsDir():
+		// If the path is a real directory, we assume a Containerfile or a Dockerfile within it
+		ctrfile := filepath.Join(path, "Containerfile")
+
+		// Test for existence of the Containerfile file
+		file, err := os.Stat(ctrfile)
+		if err != nil {
+			// See if we have a Dockerfile within it
+			ctrfile = filepath.Join(path, "Dockerfile")
+
+			// Test for existence of the Dockerfile file
+			file, err = os.Stat(ctrfile)
+			if err != nil {
+				return "", errors.Wrap(err, "cannot find Containerfile or Dockerfile in context directory")
+			}
+		}
+
+		// The file exists, now verify the correct mode
+		if mode := file.Mode(); mode.IsRegular() {
+			foundCtrFile = ctrfile
+		} else {
+			return "", errors.Errorf("assumed Containerfile %q is not a file", ctrfile)
+		}
+
+	case mode.IsRegular():
+		// If the context dir is a file, we assume this as Containerfile
+		foundCtrFile = path
+	}
+
+	return foundCtrFile, nil
+}

vendor/modules.txt

@@ -97,6 +97,7 @@ github.com/containers/buildah/pkg/overlay
 github.com/containers/buildah/pkg/parse
 github.com/containers/buildah/pkg/rusage
 github.com/containers/buildah/pkg/sshagent
+github.com/containers/buildah/pkg/util
 github.com/containers/buildah/util
 # github.com/containers/common v0.44.0
 github.com/containers/common/libimage