------------------------------------------------------------------- Thu Feb 22 12:59:44 UTC 2024 - Thorsten Kukuk - Allow to disable apparmor support (ALP supports only SELinux) ------------------------------------------------------------------- Thu Dec 14 07:42:07 UTC 2023 - danish.prakash@suse.com - Drop 0001-set-makefile-target-entrypoint.gz-as-.PHONY-on-non-x.patch (merged upstream; https://github.com/containers/buildah/pull/5183) - Update to version 1.34.0: * Bump to v1.34.0 * fix(deps): update module github.com/containerd/containerd to v1.7.11 * fix(deps): update github.com/containers/storage digest to 15c3cb7 * fix(deps): update module github.com/onsi/ginkgo/v2 to v2.13.2 * fix(deps): update github.com/containers/common digest to 630c929 * fix(deps): update module github.com/moby/buildkit to v0.12.4 * fix(deps): update github.com/openshift/imagebuilder digest to ef2a5fe * [CI:DOCS] man pages: underscores, too-wide lines * fix(deps): update module github.com/containerd/containerd to v1.7.10 * run.bats: use --quiet --pull=false when using a prefetched image * internal/mkcw/embed/entrypoint.gz: rename to include the arch * internal/mkcw/embed/entrypoint.gz: compress with -n9 * fix(deps): update module golang.org/x/crypto to v0.16.0 * Integration tests: make skip_if_no_unshare check --map-users * fix(deps): update module golang.org/x/term to v0.15.0 * fix(deps): update module golang.org/x/sys to v0.15.0 * fix(deps): update module github.com/onsi/ginkgo to v2 * vendor: update c/{common,image,storage} * run: Allow using just one jail per container on FreeBSD * Remove makefile targets entrypoint{,.gz} for non x86_64 ------------------------------------------------------------------- Mon Nov 27 07:04:59 UTC 2023 - dcermak@suse.com - Update to version 1.33.2: * [release-1.33.2] Bump to v1.33.2 * Update minimum to golang 1.20 * fix(deps): update module github.com/fsouza/go-dockerclient to v1.10.0 * fix(deps): update module github.com/moby/buildkit to v0.12.3 * Bump to v1.33.2-dev ------------------------------------------------------------------- Mon Nov 20 07:16:52 UTC 2023 - dcermak@suse.com - Add patch: * 0001-set-makefile-target-entrypoint.gz-as-.PHONY-on-non-x.patch (fixes builds on non x86_64) - Update to version 1.33.1: * Bump to v1.33.1 * Bump to v1.31.2-dev * Bump to v1.31.1 * fix(deps): update module github.com/moby/buildkit to v0.11.4 [security] * test,heredoc: use fedora instead of docker.io/library/python:latest * Bump to v1.33.1-dev * Bump to v1.33.0 * Never omit layers for emptyLayer instructions when squashing/cwing * Add OverrideChanges and OverrideConfig to CommitOptions * buildah: add heredoc support for RUN, COPY and ADD * vendor: bump imagebuilder to v1.2.6-0.20231110114814-35a50d57f722 * conformance tests: archive the context directory as 0:0 (#5171) * blobcacheinfo,test: blobs must be resued when pushing across registry * Bump c/storage v1.51.0, c/image v5.29.0, c/common v0.57.0 * pkg/util.MirrorToTempFileIfPathIsDescriptor(): don't leak an fd * StageExecutor.Execute: force a commit for --unsetenv, too * Increase a copier+chroot test timeout * Add support for --compat-auth-file in login/logout * Update existing tests for error message change * Update c/image and c/common to latest * fix(deps): update module github.com/containerd/containerd to v1.7.9 * build: downgrade to go 1.20 * Add godoc for pkg/parse.GetTempDir * conformance tests: use go-dockerclient for BuildKit builds * Make TEE types case-insensitive * fix(deps): update module golang.org/x/crypto to v0.15.0 * Tweak some help descriptions * Stop using DefaultNetworkSysctl and use containers.conf only * Implement ADD checksum flag #5135 * vendor of openshift/imagebuilder #5135 * Pass secrets from the host down to internal podman containers * Update cirrus and version of golang * image: replace GetStoreImage with ResolveReference * vendor: bump c/image to 373c52a9466f * pkg/parse.Platform(): minor simplification * createConfigsAndManifests: clear history before cw-specific logic * Use a constant definition instead of "scratch" * conformance: use require.NoErrorf() more * fix(deps): update module golang.org/x/term to v0.14.0 * fix(deps): update module golang.org/x/sync to v0.5.0 * fix(deps): update module github.com/spf13/cobra to v1.8.0 * fix(deps): update module golang.org/x/sys to v0.14.0 * fix(deps): update github.com/containers/common digest to 8354404 * fix(deps): update module github.com/opencontainers/runc to v1.1.10 * fix(deps): update github.com/containers/luksy digest to b5a7f79 * Log the platform for build errors during multi-platform builds * Use mask definitions from containers/common * Vendor in latest containers/common * fix(deps): update module github.com/containerd/containerd to v1.7.8 * fix(deps): update module go.etcd.io/bbolt to v1.3.8 * container.conf: support attributed string slices * fix(deps): update module sigs.k8s.io/yaml to v1.4.0 * Use cutil.StringInSlice rather then contains * Add --no-hostname option to buildah containers * vendor c/common: appendable containers.conf strings, Part 1 * fix(deps): update module github.com/onsi/gomega to v1.28.1 * chroot.setupChrootBindMounts: pay more attention to flags * chore(deps): update dependency containers/automation_images to v20231004 * Vendor containers/common * chore(deps): update module golang.org/x/net to v0.17.0 [security] * run: use internal.GetTempDir with os.MkdirTemp * fix(deps): update module github.com/containerd/containerd to v1.7.7 * imagebuildah,multi-stage: do not remove base images * gitignore: add mkcw binary * mkcw: remove entrypoint binaries * fix(deps): update module golang.org/x/crypto to v0.14.0 * fix(deps): update module golang.org/x/sys to v0.13.0 * fix(deps): update module golang.org/x/sync to v0.4.0 * Update some comments related to confidential workload * Use the parent's image ID in the config that we pass to imagebuilder * fix(deps): update github.com/containers/common digest to 8892536 * fix(deps): update github.com/containers/luksy digest to 6df88cb * bug: Ensure the mount type is always BindMount by default * Protocol can be specified with --port. Ex. --port 514/udp * fix(deps): update module github.com/onsi/gomega to v1.28.0 * build,config: add support for --unsetlabel * tests/bud: add tests * [CI:BUILD] Packit: tag @containers/packit-build on copr build failures * stage_executor: allow images without layers * vendor of containers/common * Removing selinux_tag.sh as no longer needed after 580356f [NO NEW TESTS NEEDED] * add/copy: make sure we handle relative path names correctly * fix(deps): update module github.com/opencontainers/image-spec to v1.1.0-rc5 * Bump to v1.33.0-dev * imagebuildah: consider ignorefile with --build-context ------------------------------------------------------------------- Wed Nov 01 07:26:09 UTC 2023 - dcermak@suse.com - Update to version 1.32.2: * Mask /sys/devices/virtual/powercap by default * tag v1.32.2 ------------------------------------------------------------------- Tue Oct 24 15:18:09 UTC 2023 - dcermak@suse.com - Update to version 1.32.1: * tag v1.32.1 * chroot.setupChrootBindMounts: pay more attention to flags * .cirrus.yml: run tests relative to the release-1.32 branch ------------------------------------------------------------------- Fri Oct 6 13:23:05 UTC 2023 - Dan Čermák - Bump BuildRequired golang version to >= 1.21, fixes bsc#1216005 ------------------------------------------------------------------- Wed Sep 27 06:18:12 UTC 2023 - danish.prakash@suse.com - Update to version 1.32.0: * Tag v1.32.0 * GetTmpDir is not using ImageCopyTmpdir correctly * Run codespell on code * Bump vendor containers/(common, storage, image) * Cirrus: Remove multi-arch buildah image builds * fix(deps): update module github.com/containerd/containerd to v1.7.6 * Split GetTempDir from internal/util * Move most of internal/parse to internal/volumes * copier: remove libimage dependency via util package * Add some docs for `build --cw`, `commit --cw`, and `mkcw` * Add `buildah mkcw`, add `--cw` to `buildah commit` and `buildah build` * Make sure that pathnames picked up from the environment are absolute * fix(deps): update module github.com/cyphar/filepath-securejoin to v0.2.4 * fix(deps): update module github.com/docker/docker to v24.0.6+incompatible * Don't try to look up names when committing images * fix(deps): update module golang.org/x/crypto to v0.13.0 * docs: use valid github repo * fix(deps): update module golang.org/x/sys to v0.12.0 * vendor containers/common@12405381ff45 * push: --force-compression should be true with --compression-format * Update module github.com/containerd/containerd to v1.7.5 * [skip-ci] Update tim-actions/commit-message-checker-with-regex action to v0.3.2 * docs: add reference to oci-hooks * Support passing of ULimits as -1 to mean max * GHA: Attempt to fix discussion_lock workflow * Fixing the owner of the storage.conf. * pkg/chrootuser: Ignore comments when parsing /etc/group on FreeBSD * Use buildah repo rather then podman repo * GHA: Closed issue/PR comment-lock test * fix(deps): update module github.com/containers/storage to v1.49.0 * chore(deps): update dependency containers/automation_images to v20230816 * Replace troff code with markdown in buildah-{copy,add}.1.md * [CI:BUILD] rpm: spdx compatible license field * executor: build-arg warnings must honor global args * fix(deps): update module github.com/containers/ocicrypt to v1.1.8 * chroot: `setSeccomp` add support for `ArchPARISC(64)` and `ArchRISCV64` * make,cross: restore loong64 * Clear CommonBuildOpts when loading Builder status * buildah/push/manifest-push: add support for --force-compression * vendor: bump c/common to v0.55.1-0.20230811093040-524b4d5c12f9 * chore(deps): update dependency containers/automation_images to v20230809 * [CI:BUILD] RPM: fix buildtags * fix(deps): update module github.com/opencontainers/runc to v1.1.9 * chore(deps): update dependency ubuntu to v22 * chore(deps): update dependency containers/automation_images to v20230807 * [CI:BUILD] Packit: add fedora-eln targets * [CI:BUILD] RPM: build docs with vendored go-md2man * packit: Build PRs into default packit COPRs * Update install.md * Update install.md changes current Debian stable version name * fix(deps): update module golang.org/x/term to v0.11.0 * fix(deps): update module golang.org/x/crypto to v0.12.0 * tests: fix layer-label tests * buildah: add --layer-label for setting labels on layers * Cirrus: container/rootless env. var. passthrough * Cirrus: Remove duplicate env. var. definitions * fix(deps): update github.com/containers/storage digest to c3da76f * Add a missing .Close() call on an ImageSource * Create only a reference when that's all we need * Add a missing .Close() call on an ImageDestination * CI:BUILD] RPM: define gobuild macro for rhel/centos stream * manifest/push: add support for --add-compression * manifest/inspect: add support for tls-verify and authfile * vendor: bump c/common to v0.55.1-0.20230727095721-647ed1d4d79a * vendor: bump c/image to v5.26.1-0.20230726142307-8c387a14f4ac * fix(deps): update module github.com/containerd/containerd to v1.7.3 * fix(deps): update module github.com/onsi/gomega to v1.27.10 * fix(deps): update module github.com/docker/docker to v24.0.5+incompatible * fix(deps): update module github.com/containers/image/v5 to v5.26.1 * fix(deps): update module github.com/opencontainers/runtime-spec to v1.1.0 * Update vendor of containers/(storage,image,common) * fix(deps): update module github.com/opencontainers/runc to v1.1.8 * [CI:BUILD] Packit: remove pre-sync action * fix(deps): update module github.com/containers/common to v0.55.2 * [CI:BUILD] Packit: downstream task script needs GOPATH * Vendor in containers/(common, image, storage) * fix(deps): update module golang.org/x/term to v0.10.0 * [CI:BUILD] Packit: fix pre-sync action for downstream tasks * contrib/buildahimage: set config correctly for rootless build user * fix(deps): update module github.com/opencontainers/image-spec to v1.1.0-rc4 * Bump to v1.32.0-dev * Update debian install instructions * pkg/overlay: add limited support for FreeBSD ------------------------------------------------------------------- Wed Sep 13 06:04:08 UTC 2023 - danish.prakash@suse.com - Update to version 1.31.3: * [release-1.31] Bump to v1.31.3 * [release-1.31] Bump c/common 0.55.4, c/image 5.26.2, c/storage 1.48.1 * rpm: spdx compatible license field * RPM: fix buildtags * [release-1.31] Bump to v1.31.3-dev ------------------------------------------------------------------- Fri Aug 11 05:43:19 UTC 2023 - danish.prakash@suse.com - Update to version 1.31.2: * [release-1.31] Bump to v1.31.2 * [release-1.31] Bump to v1.31.2-dev * [release-1.31] Bump to v1.31.1 * [release-1.31] Remove zstd:chunked from man, bump c/common to v0.55.3 * [CI:BUILD] Packit: add fedora-eln targets * [CI:BUILD] RPM: build docs with vendored go-md2man * packit: Build PRs into default packit COPRs * [CI:BUILD] Packit: remove pre-sync action * CI:BUILD] RPM: define gobuild macro for rhel/centos stream ------------------------------------------------------------------- Thu Jul 20 15:49:31 UTC 2023 - dcermak@suse.com - Update to version 1.31.1: * [release-1.31] Bump c/common ------------------------------------------------------------------- Mon Jul 03 06:10:49 UTC 2023 - dcermak@suse.com - Update to version 1.31.0: * Bump 1.31.0 * Bump c/common to 0.55.1 and c/image to 5.26.1 * Update vendor of containers/common * Run unit tests for copier and chroot without -cover * Fix transition test to work with latest selinux policy * Bump c/image to 5.26.0 and c/common to 0.54.0 * chore: replace `github.com/ghodss/yaml` with `sigs.k8s.io/yaml` * rootless: use default_rootless_network_cmd config * vendor: update c/{common,image,storage} to latest * chore: pkg imported more than once * buildah: add pasta(1) support * use slirp4netns package from c/common * update c/common to latest * add hostname to /etc/hosts when running with host network * vendor: update c/common to latest * [CI:BUILD] Packit: add jobs for downstream Fedora package builds * fix(deps): update module golang.org/x/sync to v0.3.0 * fix(deps): update module golang.org/x/crypto to v0.10.0 * Add smoke tests for encryption CLI helpers * fix(deps): update module golang.org/x/term to v0.9.0 * fix(deps): update module github.com/opencontainers/runtime-spec to v1.1.0-rc.3 * Remove device mapper support * Remove use of deprecated tar.TypeRegA * Update tooling to support newer golangci-lint * Make cli.EncryptConfig,DecryptConfig, GetFormat public * Don't decrypt images by default * fix(deps): update module github.com/onsi/gomega to v1.27.8 * fix(deps): update github.com/containers/storage digest to 3f3fb2f * Renovate: Don't touch fragile test stuffs * [CI:DOCS] Update comment to remove ambiguity * fix(deps): update github.com/containers/image/v5 digest to abe5133 * fix(deps): update module github.com/sirupsen/logrus to v1.9.3 * fix(deps): update module github.com/containerd/containerd to v1.7.2 * Explicitly ref. quay images for CI * At startup, log the effective capabilities for debugging * parse: use GetTempDir from internal utils * GetTmpDir: honor image_copy_tmp_dir from containers.conf * docs/Makefile: don't show sed invocations * CI: Support testing w/ podman-next COPR packages * intermediate-images inherit-label test: make it debuggable * fix(deps): update github.com/containers/common digest to 462ccdd * Add a warning to `--secret` docs * vendor: bump c/storage to v1.46.2-0.20230526114421-55ee2d19292f * executor: apply label to only final stage * remove registry.centos.org * Go back to setting SysProcAttr.Pdeathsig for child processes * Fix auth.json path (validated on Fedora 38) wq Signed-off-by: Andreas Mack * fix(deps): update module github.com/stretchr/testify to v1.8.3 * CI: fix test broken by renovatebot * chore(deps): update quay.io/libpod/testimage docker tag to v20221018 * fix(deps): update module github.com/onsi/gomega to v1.27.7 * test: use debian instead of docker.io/library/debian:testing-slim * vendor: bump logrus to 1.9.2 * [skip-ci] Update tim-actions/get-pr-commits action to v1.3.0 * Revert "Proof of concept: nightly dependency treadmill" * fix(deps): update module github.com/sirupsen/logrus to v1.9.1 * vendor in containers/(common,storage,image) * fix(deps): update module github.com/docker/distribution to v2.8.2+incompatible * run: drop Pdeathsig * chroot: lock thread before setPdeathsig * tests: add a case for required=false * fix(deps): update module github.com/openshift/imagebuilder to v1.2.5 * build: validate volumes on backend * secret: accept required flag w/o value * fix(deps): update module github.com/containerd/containerd to v1.7.1 * fix(deps): update module golang.org/x/crypto to v0.9.0 * Update the demos README file to fix minor typos * fix(deps): update module golang.org/x/sync to v0.2.0 * fix(deps): update module golang.org/x/term to v0.8.0 * manifest, push: use source as destination if not specified * run,mount: remove path only if they didnt pre-exist * Cirrus: Fix meta task failing to find commit * parse: filter edge-case for podman-remote * fix(deps): update module github.com/opencontainers/runc to v1.1.7 * fix(deps): update module github.com/docker/docker to v23.0.5+incompatible * build: --platform must accept only arch * fix(deps): update module github.com/containers/common to v0.53.0 * makefile: increase conformance timeout * Cap suffixDigitsModulo to a 9-digits suffix. * Rename conflict to suffixDigitsModulo * fix(deps): update module github.com/opencontainers/runtime-spec to v1.1.0-rc.2 * fix(deps): update module github.com/opencontainers/runc to v1.1.6 * chore(deps): update centos docker tag to v8 * Clarify the need for qemu-user-static package * chore(deps): update quay.io/centos/centos docker tag to v8 * Renovate: Ensure test/tools/go.mod is managed * Revert "buildah image should not enable fuse-overlayfs for rootful mode" * Bump to v1.31.0-dev * parse: add support for relabel bind mount option ------------------------------------------------------------------- Mon Apr 10 05:32:16 UTC 2023 - danish.prakash@suse.com - Update to version 1.30.0: * Bump to v1.30.0 * fix(deps): update module github.com/containers/common to v0.52.0 * fix(deps): update module golang.org/x/crypto to v0.8.0 * chore(deps): update dependency containers/automation_images to v20230405 * vendor c/common ff62cdebdd0e * vendor in latest containers/(storage, image) * fix(deps): update module github.com/opencontainers/runc to v1.1.5 * fix(deps): update module github.com/fsouza/go-dockerclient to v1.9.7 * buildah image should not enable fuse-overlayfs for rootful mode * stage_executor: inline network add default string * build: pass process environment variables by reference * run: pass process environment variables by reference * fix(deps): update module github.com/containers/common to v0.51.2 * chore(deps): update dependency containers/automation_images to v20230330 * fix(deps): update module github.com/docker/docker to v23.0.2+incompatible * chore(deps): update dependency containers/automation_images to v20230320 * fix(deps): update module github.com/onsi/gomega to v1.27.6 * fix(deps): update github.com/opencontainers/runtime-tools digest to e931285 * [skip-ci] Update actions/stale action to v8 * test: don't allow to override io.buildah.version * executor: only apply label on the final stage * Update docs/buildah-build.1.md * update build instruction for Ubuntu * code review * build: accept arguments from file with --build-arg-file * run_linux: Update heuristic for mounting /sys * [CI:BUILD] Packit: Enable Copr builds on PR and commit to main * fix(deps): update module github.com/fsouza/go-dockerclient to v1.9.6 * Update to Go 1.18 * Disable dependabot in favor of renovate * chore(deps): update dependency containers/automation_images to v20230314 * Fix requiring tests on Makefile changes * Vendor in latest containers/(storage, common, image) * imagebuildah: set len(short_image_id) to 12 * Re-enable conformance tests * Skip conformance test failures with Docker 23.0.1 * Cirrus: Replace Ubuntu -> Debian SID * run: add support for inline --network in RUN stmt * vendor: bump imagebuilder to a3c3f8358ca31b1e4daa6 * stage_executor: attempt to push cache only when cacheKey is valid * Add "ifnewer" as option in help message for pull command * build: document behaviour of buildah's distributed cache * fix(deps): update module golang.org/x/term to v0.6.0 * Add default list of capabilities required to run buildah in a container * executor,copy: honor default ARG value while eval stage * sshagent: use ExtendedAgent instead of Agent * tests/bud: remove unwated test * executor: do not warn on builtin default args * executor: don't warn about unused TARGETARCH,TARGETOS,TARGETPLATFORM * Fix tutorial for rootless mode * Vendor in latest containers/(common, storage, image) * Ignore the base image's base image annotations * fix(deps): update module github.com/fsouza/go-dockerclient to v1.9.5 * build(deps): bump github.com/containers/storage from 1.45.3 to 1.45.4 * Vendor in latest containers/common * docs/tutorials/04: add defaults for Run() * imagebuildah.StageExecutor: suppress bogus "Pushing cache []:..." * executor: also add stage with no children to cleanupStages * [CI:BUILD] copr: fix el8 builds * Fix documentation on which Capabilities are allowed by default * Skip subject-length validation for renovate PRs * Temporarily hard-skip bud-multiple-platform-values test * fix(deps): update github.com/openshift/imagebuilder digest to 86828bf * build(deps): bump github.com/containerd/containerd from 1.6.16 to 1.6.17 * build(deps): bump tim-actions/get-pr-commits from 1.1.0 to 1.2.0 * build(deps): bump github.com/containers/image/v5 from 5.24.0 to 5.24.1 * [skip-ci] Update tim-actions/get-pr-commits digest to 55b867b * build(deps): bump github.com/opencontainers/selinux * build(deps): bump golang.org/x/crypto from 0.5.0 to 0.6.0 * Add renovate configuration * Run codespell on codebase * login: support interspersed args for password * conformance: use scratch for minimal test * pkg/parse: expose public CleanCacheMount API * build(deps): bump go.etcd.io/bbolt from 1.3.6 to 1.3.7 * build(deps): bump github.com/containerd/containerd from 1.6.15 to 1.6.16 * docs: specify order preference for FROM * Bump to v1.30.0-dev ------------------------------------------------------------------- Fri Feb 17 04:41:55 UTC 2023 - Danish Prakash - Update to version 1.29.1: * [release-1.29] Bump to Buildah v1.29.1 * Update to c/image 5.24.1 ------------------------------------------------------------------- Thu Jan 26 15:20:28 UTC 2023 - dcermak@suse.com - Update to version 1.29.0: * Bump to v1.29.0 * tests: improve build-with-network-test * Bump c/storagev1.45.3, c/imagev5.24.0, c/commonv0.51.0 * build(deps): bump github.com/onsi/gomega from 1.25.0 to 1.26.0 * Flake 3710 has been closed. Reenable the test. * [CI:DOCS] Fix two diversity issues in a tutorial * build(deps): bump github.com/fsouza/go-dockerclient from 1.9.2 to 1.9.3 * vendor in latests containers/(storage, common, image) * fix bud-multiple-platform-with-base-as-default-arg flake * stage_executor: while mounting stages use freshly built stage * build(deps): bump github.com/fsouza/go-dockerclient from 1.9.0 to 1.9.2 * build(deps): bump github.com/onsi/gomega from 1.24.2 to 1.25.0 * vendor in latests containers/(storage, common, image, ocicyrpt) * [Itests: change the runtime-flag test for crun * [CI:DOCS] README: drop sudo * Fix multi-arch manifest-list build timeouts * Cirrus: Update VM Images * bud: Consolidate multiple synthetic LABEL instructions * build, secret: allow realtive mountpoints wrt to work dir * fixed squash documentation * build(deps): bump github.com/containerd/containerd from 1.6.14 to 1.6.15 * Correct minor comment * Vendor in latest containers/(common, image, storage) * system tests: remove unhelpful assertions * buildah: add prune command and expose CleanCacheMount API * vendor: bump c/storage to a747b27 * Add support for --group-add to buildah from * build(deps): bump actions/stale from 6 to 7 * Add documentation for buildah build --pull=missing * build(deps): bump github.com/containerd/containerd from 1.6.12 to 1.6.14 * build(deps): bump github.com/docker/docker * parse: default ignorefile must not point to symlink outside context * buildah: wrap network setup errors * build, mount: allow realtive mountpoints wrt to work dir * Update to F37 CI VM Images, re-enable prior-fedora * Update vendor or containers/(image, storage, common) * build(deps): bump golang.org/x/crypto from 0.3.0 to 0.4.0 * Update contact information * build(deps): bump golang.org/x/term from 0.2.0 to 0.3.0 * Replace io/ioutil calls with os calls * [skip-ci] GHA/Cirrus-cron: Fix execution order * Vendor in containers/common * build(deps): bump golang.org/x/sys from 0.2.0 to 0.3.0 * remote-cache: support multiple sources and destinations * Update c/storage after https://github.com/containers/storage/pull/1436 * util.SortMounts(): make the returned order more stable * version: Bump to 1.29.0-dev * [CI:BUILD] Cirrus: Migrate OSX task to M1 * Update vendor of containers/(common, storage, image) * mount=type=cache: seperate cache parent on host for each user * Fix installation instructions for Gentoo Linux * build(deps): bump github.com/containerd/containerd from 1.6.9 to 1.6.10 * GHA: Reuse both cirrus rerun and check workflows * Vendor in latest containers/(common,image,storage) * build(deps): bump github.com/onsi/gomega from 1.24.0 to 1.24.1 * copier.Put(): clear up os/syscall mode bit confusion * build(deps): bump golang.org/x/sys from 0.1.0 to 0.2.0 * Use TypeBind consistently to name bind/nullfs mounts * Add no-new-privileges flag * Update vendor of containers/(common, image, storage) * imagebuildah:build with --all-platforms must honor args for base images * codespell code * Expand args and env when using --all-platforms * build(deps): bump github.com/onsi/gomega from 1.23.0 to 1.24.0 * GHA: Simplify Cirrus-Cron check slightly * Stop using ubi8 * remove unnecessary (hence misleading) rmi * chroot: fix mounting of ro bind mounts * executor: honor default ARG value while eval base name * userns: add arbitrary steps/stage to --userns=auto test * Don't set allow.mount in the vnet jail on Freebsd * copier: Preserve file flags when copying archives on FreeBSD * Remove quiet flag, so that it works in podman-remote * test: fix preserve rootfs with --mount for podman-remote * test: fix prune logic for cache-from after adding content summary * vendor in latest containers/(storage, common, image) * Fix RUN --mount=type=bind,from= not preserving rootfs of stage * Define and use a safe, reliable test image * Fix word missing in Container Tools Guide * Makefile: Use $(MAKE) to start sub-makes in install.tools * imagebuildah: pull cache from remote repo after adding content summary * Makefile: Fix install on FreeBSD * Ensure the cache volume locks are unlocked on all paths * Vendor in latest containers/(common,storage) * Simplify the interface of GetCacheMount and getCacheMount * Fix cache locks with multiple mounts * Remove calls to Lockfile.Locked() * Maintain cache mount locks as lock objects instead of paths * test: cleaning cache must not clean lockfiles * run: honor lockfiles for multiple --mount instruction * mount,cache: lockfiles must not be part of users cache content * Update vendor containers/(common,image,storage) * [CI:BUILD] copr: buildah rpm should depend on containers-common-extra * pr-should-include-tests: allow specfile, golangci * build(deps): bump dawidd6/action-send-mail from 3.7.0 to 3.7.1 * build(deps): bump github.com/docker/docker * build(deps): bump github.com/fsouza/go-dockerclient from 1.8.3 to 1.9.0 * Update vendor containers/(common,image,storage) * build(deps): bump actions/upload-artifact from 2 to 3 * build(deps): bump actions/checkout from 2 to 3 * build(deps): bump actions/stale from 1 to 6 * build(deps): bump dawidd6/action-send-mail from 2.2.2 to 3.7.0 * build(deps): bump tim-actions/get-pr-commits from 1.1.0 to 1.2.0 * sshagent: LockOSThread before setting SocketLabel * Update tests for error message changes * Update c/image after https://github.com/containers/image/pull/1299 * Fix ident for dependabot gha block * build(deps): bump github.com/containers/ocicrypt from 1.1.5 to 1.1.6 * Fix man pages to match latest cobra settings * build(deps): bump github.com/spf13/cobra from 1.5.0 to 1.6.0 * build(deps): bump github.com/onsi/gomega from 1.20.2 to 1.22.1 * test: retrofit 'bud with undefined build arg directory' * imagebuildah: warnOnUnsetBuildArgs while processing stages from executor * Update contrib/buildahimage/Containerfile * Cirrus CI add flavor parameter * Correction - `FLAVOR` not `FLAVOUR` * Changed build argument from `RELEASE` to `FLAVOUR` * Combine buildahimage Containerfiles * bud.bats refactoring: $TEST_SCRATCH_DIR, part 2 of 2 * bud.bats refactoring: $TEST_SCRATCH_DIR, part 1 of 2 * System test cleanup: document, clarify, fix * test: removing unneeded/expensive COPY * test: warning behaviour for unset/set TARGETOS,TARGETARCH,TARGETPLATFORM * Bump to v1.28.1-dev ------------------------------------------------------------------- Mon Nov 28 08:55:11 UTC 2022 - dcermak@suse.com - Update to version 1.28.2: * version: bump to 1.28.2 * Stop using ubi8 * Define and use a safe, reliable test image ------------------------------------------------------------------- Wed Nov 23 10:30:12 UTC 2022 - dcermak@suse.com - Update to version 1.28.1: * version: bump to v1.28.1 * copier.Put(): clear up os/syscall mode bit confusion * retrofit, test: ubi8 changed architecture string - Only build targets that we install ------------------------------------------------------------------- Fri Oct 07 08:53:06 UTC 2022 - dcermak@suse.com - Update to version 1.28.0: * Bump to v1.28.0 * No longer modify buildah.spec * Update for https://github.com/klauspost/pgzip/pull/50 * Update vendor containers/(common,image) * [CI:DOCS] Add quay-description update reminder * vendor: bump c/common to v0.49.2-0.20220929111928-2d1b45ae2423 * build(deps): bump github.com/opencontainers/selinux * Vendor in latest containers/storage * Changing shell list operators from `;` to `&&` * Fix buildahimage container.conf permissions regression * Set sysctls from containers.conf * refactor: stop using Normalize directly from containerd package * config,builder: process variant while populating image spec * Proof of concept: nightly dependency treadmill * Run codespell on code * Check for unset build args after TARGET args * pkg/cli: improve completion test * vendor in latest containers/(common,storage,image) * copier: work around freebsd bug for "mkdir /" * vendor: update c/image * test: run in the host cgroup namespace * vendor: update c/storage * vendor: update c/common * cmd: check for user UID instead of privileges * run,build: conflict --isolation=chroot and --network * Fix broken dns test (from merge collision) * Fix stutters * Fix broken command completion * buildah bud --network=none should have no network * build: support --skip-unused-stages for multi-stage builds * Prevent use of --dns* options with --net=none * buildah: make --cache-ttl=0s equivalent to --no-cache * parse: make processing flags in --mount order agnostic * Minor test fix for podman-remote * build: honor .containerignore as ignore file * Update install.md: Debian 11 (Bullseye) is stable * build(deps): bump github.com/docker/docker * Use constants from containers/common for finding seccomp.json * Don't call os.Exit(1) from manifest exist * manifest: add support for buildah manifest exists * Buildah should ignore /etc/crio/seccomp.json * chroot: Fix cross build break * chroot: Move isDevNull to run_common.go * chroot: Fix setRlimit build on FreeBSD * chroot: Move parseRLimits and setRlimits to run_common.go * chroot: Fix runUsingChrootExecMain on FreeBSD * chroot: Move runUsingChrootExecMain to run_common.go * chroot: Factor out Linux-specific unshare options from runUsingChroot * chroot: Move runUsingChroot to run_common.go * chroot: Move RunUsingChroot and runUsingChrootMain to run_common.go * chroot: Factor out /dev/ptmx pty implementation * chroot: Add FreeBSD support for run with chroot isolation * build(deps): bump github.com/docker/go-units from 0.4.0 to 0.5.0 * Replace k8s.gcr.io/pause in tests with registry.k8s.io/pause * build(deps): bump github.com/onsi/gomega from 1.20.0 to 1.20.1 * Cirrus: use image with fewer downloaded dependencies * build(deps): bump github.com/opencontainers/runc from 1.1.3 to 1.1.4 * run: add container gid to additional groups (CVE-2022-2990 / bsc#1202812) * buildah: support for --retry and --retry-delay for push/pull failures * Makefile: always call $(GO) instead of `go` * build(deps): bump github.com/fsouza/go-dockerclient from 1.8.2 to 1.8.3 * test: use `T.TempDir` to create temporary test directory * mount,cache: enable SElinux shared content label option by default * commit: use race-free RemoveNames instead of SetNames * Drop util/util.Cause() * cmd/buildah: add "manifest create --amend" * build(deps): bump github.com/fsouza/go-dockerclient from 1.8.1 to 1.8.2 * docs: specify git protocol is not supported for github hosted repo * Scrub user and group names from layer diffs * build(deps): bump github.com/containerd/containerd from 1.6.6 to 1.6.8 * version: bump to 1.28.0-dev ------------------------------------------------------------------- Wed Sep 21 07:41:42 UTC 2022 - dcermak@suse.com - Update to version 1.27.2: * tag v1.27.2 * Fix broken command completion * build: support --skip-unused-stages for multi-stage builds ------------------------------------------------------------------- Mon Sep 12 09:57:27 UTC 2022 - dcermak@suse.com - Update to version 1.27.1: * release: bump to v1.27.1 * run: add container gid to additional groups - Drop add-container-gid-to-additional-groups.patch (merged upstream) ------------------------------------------------------------------- Fri Aug 26 12:13:12 UTC 2022 - Dan Čermák - Add fix for CVE-2022-2990 / bsc#1202812 add: add-container-gid-to-additional-groups.patch ------------------------------------------------------------------- Tue Aug 09 06:54:52 UTC 2022 - dcermak@suse.com - Update to version 1.27.0: * release: tag v1.27.0 * make,cross: ignore loong64 from target list * Allow chflags operations inside the container * Don't try to call runLabelStdioPipes if spec.Linux is not set * build(deps): bump github.com/golangci/golangci-lint in /tests/tools * build: support filtering cache by duration using --cache-ttl * build: support building from commit when using git repo as build context * build: clean up git repos correctly when using subdirs * integration tests: quote "?" in shell scripts * Fix a copy/paste error * build(deps): bump github.com/golangci/golangci-lint in /tests/tools * vendor c/common@v0.49.1 * test: manifest inspect should have OCIv1 annotation * vendor: bump to c/common@87fab4b7019a * Failure to determine a file or directory should print an error * build(deps): bump github.com/containernetworking/cni from 1.1.1 to 1.1.2 * refactor: remove unused CommitOptions from generateBuildOutput * stage_executor: generate output for cases with no commit * stage_executor, commit: output only if last stage in build * Use errors.Is() instead of os.Is{Not,}Exist * Minor test tweak for podman-remote compatibility * Cirrus: Use the latest imgts container * imagebuildah: complain about the right Dockerfile * tests: don't try to wrap `nil` errors * cmd/buildah.commitCmd: don't shadow "err" * cmd/buildah.pullCmd: complain about DecryptConfig/EncryptConfig * Fix a copy/paste error message * Fix a typo in an error message * build,cache: support pulling/pushing cache layers to/from remote sources * Update vendor of containers/(common, storage, image) * Rename chroot/run.go to chroot/run_linux.go * Don't bother telling codespell to skip files that don't exist * Set user namespace defaults correctly for the library * imagebuildah: optimize cache hits for COPY and ADD instructions * Cirrus: Update VM images w/ updated bats * build(deps): bump github.com/onsi/gomega from 1.19.0 to 1.20.0 * docs, run: show SELinux label flag for cache and bind mounts * build(deps): bump github.com/sirupsen/logrus from 1.8.1 to 1.9.0 * imagebuildah, build: remove undefined concurrent writes * bump github.com/opencontainers/runtime-tools * Add FreeBSD support for 'buildah info' * Vendor in latest containers/(storage, common, image) * Add freebsd cross build targets * Make the jail package build on 32bit platforms * Cirrus: Ensure the build-push VM image is labeled * GHA: Fix dynamic script filename * Vendor in containers/(common, storage, image) * Run codespell * Remove import of github.com/pkg/errors * Avoid using cgo in pkg/jail * Rename footypes to fooTypes for naming consistency * Move cleanupTempVolumes and cleanupRunMounts to run_common.go * Make the various run mounts work for FreeBSD * Move get{Bind,Tmpfs,Secret,SSH}Mount to run_common.go * Move runSetupRunMounts to run_common.go * Move cleanableDestinationListFromMounts to run_common.go * Make setupMounts and runSetupBuiltinVolumes work on FreeBSD * Move setupMounts and runSetupBuiltinVolumes to run_common.go * Tidy up - runMakeStdioPipe can't be shared with linux * Move runAcceptTerminal to run_common.go * Move stdio copying utilities to run_common.go * Move runUsingRuntime and runCollectOutput to run_common.go * Move fileCloser, waitForSync and contains to run_common.go * Move checkAndOverrideIsolationOptions to run_common.go * Move DefaultNamespaceOptions to run_common.go * Move getNetworkInterface to run_common.go * Move configureEnvironment to run_common.go * Don't crash in configureUIDGID if Process.Capabilities is nil * Move configureUIDGID to run_common.go * Move runLookupPath to run_common.go * Move setupTerminal to run_common.go * Move etc file generation utilities to run_common.go * Add run support for FreeBSD * Add a simple FreeBSD jail library * Add FreeBSD support to pkg/chrootuser * Sync call signature for RunUsingChroot with chroot/run.go * test: verify feature to resolve basename with args * vendor: bump openshift/imagebuilder to master@4151e43 * GHA: Remove required reserved-name use * buildah: set XDG_RUNTIME_DIR before setting default runroot * imagebuildah: honor build output even if build container is not commited * chroot: honor DefaultErrnoRet * [CI:DOCS] improve pull-policy documentation * tests: retrofit test since --file does not supports dir * Switch to golang native error wrapping * BuildDockerfiles: error out if path to containerfile is a directory * define.downloadToDirectory: fail early if bad HTTP response * GHA: Allow re-use of Cirrus-Cron fail-mail workflow * add: fail on bad http response instead of writing to container * build(deps): bump github.com/stretchr/testify from 1.7.5 to 1.8.0 * [CI:DOCS] Update buildahimage comment * lint: inspectable is never nil * vendor: c/common to common@7e1563b * build: support OCI hooks for ephemeral build containers * [CI:BUILD] Install latest buildah instead of compiling * Add subid support with BuildRequires and BUILDTAG [NO NEW TESTS NEEDED] * build(deps): bump github.com/stretchr/testify from 1.7.2 to 1.7.5 * Make sure cpp is installed in buildah images * demo: use unshare for rootless invocations * buildah.spec.rpkg: initial addition * build: fix test for subid 4 * build(deps): bump github.com/spf13/cobra from 1.4.0 to 1.5.0 * build, userns: add support for --userns=auto * Fix building upstream buildah image * Remove redundant buildahimages-are-sane validation * Docs: Update multi-arch buildah images readme * Cirrus: Migrate multiarch build off github actions * retrofit-tests: we skip unused stages so use stages * stage_executor: dont rely on stage while looking for additional-context * buildkit, multistage: skip computing unwanted stages * More test cleanup * copier: work around freebsd bug for "mkdir /" * Replace $BUILDAH_BINARY with buildah() function * Fix up buildah images * Make util and copier build on FreeBSD * Vendor in latest github.com/sirupsen/logrus * build(deps): bump github.com/opencontainers/runc from 1.1.2 to 1.1.3 * Makefile: allow building without .git * run_unix: don't return an error from getNetworkInterface * run_unix: return a valid DefaultNamespaceOptions * Update vendor of containers/storage * chroot: use ActKillThread instead of ActKill * use resolvconf package from c/common/libnetwork * update c/common to latest main * copier: add `NoOverwriteNonDirDir` option * Sort buildoptions and move cli/build functions to internal * build(deps): bump github.com/fsouza/go-dockerclient from 1.8.0 to 1.8.1 * build(deps): bump github.com/docker/docker * build(deps): bump github.com/stretchr/testify from 1.7.1 to 1.7.2 * build(deps): bump github.com/containerd/containerd from 1.6.5 to 1.6.6 * Fix TODO: de-spaghettify run mounts * Move options parsing out of build.go and into pkg/cli * [CI:DOCS] Tutorial 04 - Include Debian/Ubuntu deps * build, multiarch: support splitting build logs for --platform * build(deps): bump github.com/containerd/containerd from 1.6.4 to 1.6.5 * [CI:BUILD] WIP Cleanup Image Dockerfiles * build(deps): bump github.com/fsouza/go-dockerclient from 1.7.11 to 1.8.0 * cli remove stutter * docker-parity: ignore sanity check if baseImage history is null * build, commit: allow disabling image history with --omit-history * Fix use generic/ambiguous DEBUG name * build(deps): bump github.com/containernetworking/cni from 1.1.0 to 1.1.1 * Cirrus: use Ubuntu 22.04 LTS * Fix codespell errors * Remove util.StringInSlice because it is defined in containers/common * buildah: add support for renaming a device in rootless setups * squash: never use build cache when computing last step of last stage * Update vendor of containers/(common, storage, image) * build(deps): bump github.com/golangci/golangci-lint in /tests/tools * buildkit: supports additionalBuildContext in builds via --build-context * test cleanup * buildah source pull/push: show progress bar * run: allow resuing secret twice in different RUN steps * test helpers: default to being rootless-aware * Add --cpp-flag flag to buildah build * build(deps): bump github.com/golangci/golangci-lint in /tests/tools * build: accept branch and subdirectory when context is git repo * build(deps): bump github.com/docker/docker * Vendor in latest containers/common * build(deps): bump github.com/opencontainers/runc from 1.1.1 to 1.1.2 * vendor: update c/storage and c/image * build(deps): bump github.com/golangci/golangci-lint in /tests/tools * Fix gentoo install docs * build(deps): bump github.com/docker/docker * copier: move NSS load to new process * Add test for prevention of reusing encrypted layers * Make `buildah build --label foo` create an empty "foo" label again * Bump to v1.27.0-dev ------------------------------------------------------------------- Thu Aug 04 06:27:00 UTC 2022 - dcermak@suse.com - Update to version 1.26.4: * tag v1.26.4 * build, multiarch: support splitting build logs for --platform * copier: add `NoOverwriteNonDirDir` option * docker-parity: ignore sanity check if baseImage history is null * build, commit: allow disabling image history with --omit-history * buildkit: supports additionalBuildContext in builds via --build-context * Add --cpp-flag flag to buildah build ------------------------------------------------------------------- Wed Aug 03 11:54:24 UTC 2022 - fcrozat@suse.com - Update to version 1.26.3: * release: bump to v1.26.3 * define.downloadToDirectory: fail early if bad HTTP response * add: fail on bad http response instead of writing to container * squash: never use build cache when computing last step of last stage * run: allow resuing secret twice in different RUN steps * integration tests: update expected error messages * integration tests: quote "?" in shell scripts * Use errors.Is() to check for storage errors * lint: inspectable is never nil * chroot: use ActKillThread instead of ActKill * chroot: honor DefaultErrnoRet * Bump dependencies * Set user namespace defaults correctly for the library * contrib/rpm/buildah.spec: fix `rpm` parser warnings - Drop requires on apparmor pattern, should be moved elsewhere for systems which want AppArmor instead of SELinux. - Drop binutils-gold workaround, no longer needed. - Update BuildRequires to libassuan-devel >= 2.5.2, pkgconfig file is required to build. ------------------------------------------------------------------- Thu Jul 07 09:00:47 UTC 2022 - dcermak@suse.com - Update to version 1.26.2: * Bump to v1.26.2 * Bump github.com/containers/storage from v1.40.2 to v1.40.3 * buildah: add support for renaming a device in rootless setups ------------------------------------------------------------------- Thu May 05 06:18:56 UTC 2022 - dcermak@suse.com - Update to version 1.26.1: * Bump to v1.26.1 * Make `buildah build --label foo` create an empty "foo" label again * Bump to v1.26.0 * build(deps): bump github.com/containerd/containerd from 1.6.3 to 1.6.4 * imagebuildah,build: move deepcopy of args before we spawn goroutine * Vendor in containers/storage v1.40.2 * buildah.BuilderOptions.DefaultEnv is ignored, so mark it as deprecated * help output: get more consistent about option usage text * Handle OS version and features flags * buildah build: --annotation and --label should remove values * buildah build: add a --env * buildah: deep copy options.Args before performing concurrent build/stage * test: inline platform and builtinargs behaviour * vendor: bump imagebuilder to master/009dbc6 * build: automatically set correct TARGETPLATFORM where expected * build(deps): bump github.com/fsouza/go-dockerclient * Vendor in containers/(common, storage, image) * imagebuildah, executor: process arg variables while populating baseMap * buildkit: add support for custom build output with --output * Cirrus: Update CI VMs to F36 * fix staticcheck linter warning for deprecated function * Fix docs build on FreeBSD * build(deps): bump github.com/containernetworking/cni from 1.0.1 to 1.1.0 * copier.unwrapError(): update for Go 1.16 * copier.PutOptions: add StripSetuidBit/StripSetgidBit/StripStickyBit * copier.Put(): write to read-only directories * build(deps): bump github.com/cpuguy83/go-md2man/v2 in /tests/tools * Rename $TESTSDIR (the plural one), step 4 of 3 * Rename $TESTSDIR (the plural one), step 3 of 3 * Rename $TESTSDIR (the plural one), step 2 of 3 * Rename $TESTSDIR (the plural one), step 1 of 3 * build(deps): bump github.com/containerd/containerd from 1.6.2 to 1.6.3 * Ed's periodic test cleanup * using consistent lowercase 'invalid' word in returned err msg * Update vendor of containers/(common,storage,image) * use etchosts package from c/common * run: set actual hostname in /etc/hostname to match docker parity * update c/common to latest main * Update vendor of containers/(common,storage,image) * Stop littering * manifest-create: allow creating manifest list from local image * Update vendor of storage,common,image * Bump golang.org/x/crypto to 7b82a4e * Initialize network backend before first pull * oci spec: change special mount points for namespaces * tests/helpers.bash: assert handle corner cases correctly * buildah: actually use containers.conf settings * integration tests: learn to start a dummy registry * Fix error check to work on Podman * buildah build should accept at most one arg * tests: reduce concurrency for flaky bud-multiple-platform-no-run * vendor in latest containers/common,image,storage * manifest-add: allow override arch,variant while adding image * Remove a stray `\` from .containerenv * Vendor in latest opencontainers/selinux v1.10.1 * build, commit: allow removing default identity labels * Create shorter names for containers based on image IDs * test: skip rootless on cgroupv2 in root env * fix hang when oci runtime fails * Set permissions for GitHub actions * copier test: use correct UID/GID in test archives * run: set parent-death signals and forward SIGHUP/SIGINT/SIGTERM * Bump back to v1.26.0-dev * build(deps): bump github.com/opencontainers/runc from 1.1.0 to 1.1.1 * Included the URL to check the SHA ------------------------------------------------------------------- Thu Mar 31 06:48:03 UTC 2022 - dcermak@suse.com - remove obsolete check for TW, SLE 15 & Leap 15 - add workaround for https://bugzilla.opensuse.org/show_bug.cgi?id=1183043 - Update to version 1.25.1: * Bump to v1.25.1 * buildah: create WORKDIR with USER permissions * vendor: update github.com/openshift/imagebuilder * copier: attempt to open the dir before adding it * Updated dependabot to get updates for GitHub actions. * Switch most calls to filepath.Walk to filepath.WalkDir * build: allow --no-cache and --layers so build cache can be overrided * build(deps): bump github.com/onsi/gomega from 1.18.1 to 1.19.0 * Bump to v1.26.0-dev * build(deps): bump github.com/golangci/golangci-lint in /tests/tools ------------------------------------------------------------------- Wed Mar 30 08:30:01 UTC 2022 - dcermak@suse.com - fixes bsc#1197870 - Update to version 1.25.0: * Bump to v1.25.0 * install: drop RHEL/CentOS 7 doc * build(deps): bump github.com/containers/common from 0.47.4 to 0.47.5 * Bump c/storage to v1.39.0 in main * Add a test for CVE-2022-27651 * build(deps): bump github.com/docker/docker * Bump github.com/prometheus/client_golang to v1.11.1 * [CI:DOCS] man pages: sort flags, and keep them that way * build(deps): bump github.com/containerd/containerd from 1.6.1 to 1.6.2 * Don't pollute * network setup: increase timeout to 4 minutes * do not set the inheritable capabilities * build(deps): bump github.com/golangci/golangci-lint in /tests/tools * build(deps): bump github.com/containers/ocicrypt from 1.1.2 to 1.1.3 * parse: convert exposed GetVolumes to internal only * buildkit: mount=type=cache support locking external cache store * .in support: improve error message when cpp is not installed * buildah image: install cpp * build(deps): bump github.com/stretchr/testify from 1.7.0 to 1.7.1 * build(deps): bump github.com/spf13/cobra from 1.3.0 to 1.4.0 * build(deps): bump github.com/docker/docker * Add --no-hosts flag to eliminate use of /etc/hosts within containers * test: remove skips for rootless users * test: unshare mount/umount if test is_rootless * tests/copy: read correct containers.conf * build(deps): bump github.com/docker/distribution * cirrus: add seperate task and matrix for rootless * tests: skip tests for rootless which need unshare * buildah: test rootless integration * vendor: bump c/storage to main/93ce26691863 * build(deps): bump github.com/fsouza/go-dockerclient from 1.7.9 to 1.7.10 * tests/copy: initialize the network, too * [CI:DOCS] remove references to Kubic for CentOS and Ubuntu * build(deps): bump github.com/containerd/containerd from 1.6.0 to 1.6.1 * use c/image/pkg/blobcache * vendor c/image/v5@v5.20.0 * add: ensure the context directory is an absolute path * executor: docker builds must inherit healthconfig from base if any * docs: Remove Containerfile and containeringore * build(deps): bump github.com/fsouza/go-dockerclient from 1.7.8 to 1.7.9 * helpers.bash: Use correct syntax * speed up combination-namespaces test * build(deps): bump github.com/golangci/golangci-lint in /tests/tools * Bump back to 1.25.0-dev * build(deps): bump github.com/containerd/containerd from 1.5.9 to 1.6.0 ------------------------------------------------------------------- Thu Feb 17 07:58:57 UTC 2022 - dcermak@suse.com - Update to version 1.24.2: * Bump to v1.24.2 * Increase subuid/subgid to 65535 * history: only add proxy vars to history if specified * run_linux: use --systemd-cgroup * buildah: new global option --cgroup-manager * Makefile: build with systemd when available * build(deps): bump github.com/fsouza/go-dockerclient from 1.7.7 to 1.7.8 * Bump c/common to v0.47.4 * Cirrus: Use updated VM images * conformance: add a few "replace-directory-with-symlink" tests * Bump back to v1.25.0-dev ------------------------------------------------------------------- Fri Feb 04 07:31:54 UTC 2022 - dcermak@suse.com - Update to version 1.24.1: * overlay: always honor mountProgram by @giuseppe in https://github.com/containers/buildah/pull/3750 * build(deps): bump github.com/onsi/gomega from 1.18.0 to 1.18.1 by @dependabot in https://github.com/containers/buildah/pull/3754 * imagebuildah.BuildDockerfiles(): create the jobs semaphore by @nalind in https://github.com/containers/buildah/pull/3753 * build(deps): bump github.com/containers/storage from 1.38.1 to 1.38.2 by @dependabot in https://github.com/containers/buildah/pull/3760 * System tests: fix accidental vandalism of source dir by @edsantiago in https://github.com/containers/buildah/pull/3761 * Update vendor of containers/storage and containers/common by @rhatdan in https://github.com/containers/buildah/pull/3759 * Bump version of containers/image and containers/common by @rhatdan in https://github.com/containers/buildah/pull/3764 * Update vendor of openshift/imagebuilder by @rhatdan in https://github.com/containers/buildah/pull/3765 * caps: fix buildah run --cap-add=all by @rhatdan in https://github.com/containers/buildah/pull/3766 * stage_executor: Add support for inline `FROM --platform=` within Containerfile/Dockerfile by @flouthoc in https://github.com/containers/buildah/pull/3757 **Full Changelog**: https://github.com/containers/buildah/compare/v1.24.0...v1.24.1 ------------------------------------------------------------------- Thu Jan 27 07:30:30 UTC 2022 - dcermak@suse.com - Update to version 1.24.0: * Bump to v1.24.0 * Update vendor of containers/common * build(deps): bump github.com/golangci/golangci-lint in /tests/tools * Github-workflow: Report both failures and errors. * build(deps): bump github.com/containers/image/v5 from 5.18.0 to 5.19.0 * Update docs/buildah-build.1.md * [CI:DOCS] Fix typos and improve language * buildah bud --network add support for custom networks * Make pull commands be consistent * docs/buildah-build.1.md: don't imply that -v isn't just a RUN thing * build(deps): bump github.com/onsi/gomega from 1.17.0 to 1.18.0 * Vendor in latest containers/image * Run codespell on code * .github/dependabot.yml: add tests/tools go.mod * CI: rm git-validation, add GHA job to validate PRs * tests/tools: bump go-md2man to v2.0.1 * tests/tools/Makefile: simplify * tests/tools: bump onsi/ginkgo to v1.16.5 * vendor: bump c/common and others * mount: add support for custom upper and workdir with overlay mounts * linux: fix lookup for runtime * overlay: add MountWithOptions to API which extends support for advanced overlay * Allow processing of SystemContext from FlagSet * .golangci.yml: enable unparam linter * util/resolveName: rm bool return * tests/tools: bump golangci-lint * .gitignore: fixups * all: fix capabilities.NewPid deprecation warnings * bind/mount.go: fix linter comment * all: fix gosimple warning S1039 * tests/e2e/buildah_suite_test.go: fix gosimple warnings * imagebuildah/executor.go: fix gosimple warning * util.go: fix gosimple warning * build(deps): bump github.com/opencontainers/runc from 1.0.3 to 1.1.0 * Enable git-daemon tests * Allow processing of id options from FlagSet * Cirrus: Re-order tasks for more parallelism * Cirrus: Freshen VM images * Fix platform handling for empty os/arch values * Allow processing of network options from FlagSet * Fix permissions on secrets directory * Update containers/image and containers/common * bud.bats: use a local git daemon for the git protocol test * Allow processing of common options from FlagSet * Cirrus: Run int. tests in parallel with unit * vendor c/common * Fix default CNI paths * build(deps): bump github.com/fsouza/go-dockerclient from 1.7.6 to 1.7.7 * multi-stage: enable mounting stages across each other with selinux enabled * executor: Share selinux label of first stage with other stages in a build * buildkit: add from field to bind and cache mounts so images can be used as source * Use config.ProxyEnv from containers/common * use libnetwork from c/common for networking * setup the netns in the buildah parent process * build(deps): bump github.com/containerd/containerd from 1.5.8 to 1.5.9 * build(deps): bump github.com/fsouza/go-dockerclient from 1.7.4 to 1.7.6 * build: fix libsubid test * Allow callers to replace the ContainerSuffix * parse: allow parsing anomaly non-human value for memory control group * .cirrus: remove static_build from ci * stage_executor: re-use all possible layers from cache for squashed builds * build(deps): bump github.com/spf13/cobra from 1.2.1 to 1.3.0 * Allow rootless buildah to set resource limits on cgroup V2 * build(deps): bump github.com/docker/docker * tests: move buildkit mount tests files from TESTSDIR to TESTDIR before modification * build(deps): bump github.com/opencontainers/runc from 1.0.2 to 1.0.3 * Wire logger through to config * copier.Put: check for is-not-a-directory using lstat, not stat * Turn on rootless cgroupv2 tests * Grab all of the containers.conf settings for namespaces. * image: set MediaType in OCI manifests * copier: RemoveAll possibly-directories * Simple README fix * images: accept multiple filter with logical AND * build(deps): bump github.com/containernetworking/cni from 0.8.1 to 1.0.1 * UPdate vendor of container/storage * build(deps): bump github.com/onsi/gomega from 1.16.0 to 1.17.0 * build(deps): bump github.com/containers/image/v5 from 5.16.1 to 5.17.0 * Make LocalIP public function so Podman can use it * Fix UnsetEnv for buildah bud * Tests should rely only on static/unchanging images * run: ensure that stdio pipes are labeled correctly * build(deps): bump github.com/docker/docker * Cirrus: Bump up to Fedora 35 & Ubuntu 21.10 * chroot: don't use the generate default seccomp filter for unit tests * build(deps): bump github.com/containerd/containerd from 1.5.7 to 1.5.8 * ssh-agent: Increase timeout before we explicitly close connection * docs/tutorials: update * Clarify that manifest defaults to localhost as the registry name * "config": remove a stray bit of debug output * "commit": fix a flag typo * Fix an error message: unlocking vs locking * Expand the godoc for CommonBuildOptions.Secrets * chroot: accept an "rw" option * Add --unsetenv option to buildah commit and build * define.TempDirForURL(): show CombinedOutput when a command fails * config: support the variant field * rootless: do not bind mount /sys if not needed * Fix tutorial to specify command on buildah run line * build: history should not contain ARG values * docs: Use guaranteed path for go-md2man * run: honor --network=none from builder if nothing specified * networkpolicy: Should be enabled instead of default when explictly set * Add support for env var secret sources * build(deps): bump github.com/docker/docker * fix: another non-portable shebang * Rootless containers users should use additional groups * Support overlayfs path contains colon * Report ignorefile location when no content added * Add support for host.containers.internal in the /etc/hosts * build(deps): bump github.com/onsi/ginkgo from 1.16.4 to 1.16.5 * imagebuildah: fix nil deref * buildkit: add support for mount=type=cache * Default secret mode to 400 * [CI:DOCS] Include manifest example usage * docs: update buildah-from, buildah-pull 'platform' option compatibility notes * docs: update buildah-build 'platform' option compatibility notes * De-dockerize the man page as much as possible * [CI:DOCS] Touch up Containerfile man page to show ARG can be 1st * docs: Fix and Update Containerfile man page with supported mount types * mount: add tmpcopyup to tmpfs mount option * buildkit: Add support for --mount=type=tmpfs * build(deps): bump github.com/opencontainers/selinux from 1.8.5 to 1.9.1 * Fix command doc links in README.md * build(deps): bump github.com/containers/image/v5 from 5.16.0 to 5.16.1 * build: Add support for buildkit like --mount=type=bind * Bump containerd to v1.5.7 * build(deps): bump github.com/docker/docker * tests: stop pulling php, composer * Fix .containerignore link file * Cirrus: Fix defunct package metadata breaking cache * build(deps): bump github.com/containers/storage from 1.36.0 to 1.37.0 * buildah build: add --all-platforms * Add man page for Containerfile and .containerignore * Plumb the remote logger throughut Buildah * Replace fmt.Sprintf("%d", x) with strconv.Itoa(x) * Run: Cleanup run directory after every RUN step * build(deps): bump github.com/containers/common from 0.45.0 to 0.46.0 * Makefile: adjust -ldflags/-gcflags/-gccgoflags depending on the go implementation * Makefile: check for `-race` using `-mod=vendor` * imagebuildah: fix an attempt to write to a nil map * push: support to specify the compression format * conformance: allow test cases to specify dockerUseBuildKit * build(deps): bump github.com/containers/common from 0.44.1 to 0.45.0 * build(deps): bump github.com/containers/common from 0.44.0 to 0.44.1 * unmarshalConvertedConfig(): handle zstd compression * tests/copy/copy: wire up compression options * Update to github.com/vbauerster/mpb v7.1.5 * Add flouthoc to OWNERS * build: Add additional step nodes when labels are modified * Makefile: turn on race detection whenever it's available * conformance: add more tests for exclusion short-circuiting * Update VM Images + Drop prior-ubuntu testing * Bump to v1.24.0-dev ------------------------------------------------------------------- Thu Nov 25 15:11:21 UTC 2021 - Dan Čermák - Sync package with Factory (bsc#1192999) - remove no longer used CVE-2019-10214.patch ------------------------------------------------------------------- Fri Oct 22 10:16:47 UTC 2021 - rpm@fthiessen.de - Update to version 1.23.1: * Update dependencies * Bugfixes ------------------------------------------------------------------- Fri Sep 17 10:08:13 UTC 2021 - alexandre.vicenzi@suse.com - Update to version 1.23.0: * Update dependencies * Bugfixes ------------------------------------------------------------------- Thu Sep 02 15:16:02 UTC 2021 - alexandre.vicenzi@suse.com - Update to version 1.22.3: * Update dependencies * Post-branch commit * Accept repositories on login/logout ------------------------------------------------------------------- Fri Aug 06 09:31:59 UTC 2021 - alexandre.vicenzi@suse.com - Update to version 1.22.0: * Bump to v1.22.0 [NO TESTS NEEDED] * c/image, c/storage, c/common vendor before Podman 3.3 release * WIP: tests: new assert() * Proposed patch for 3399 (shadowutils) * Fix handling of --restore shadow-utils * build(deps): bump github.com/containers/image/v5 from 5.13.2 to 5.14.0 * runtime-flag (debug) test: handle old & new runc * build(deps): bump github.com/containers/storage from 1.32.6 to 1.33.0 * Allow dst and destination for target in secret mounts * Multi-arch: Always push updated version-tagged img * Add a few tests on cgroups V2 * imagebuildah.stageExecutor.prepare(): remove pseudonym check * refine dangling filter * Chown with environment variables not set should fail * Just restore protections of shadow-utils * build(deps): bump github.com/opencontainers/runc from 1.0.0 to 1.0.1 * Remove specific kernel version number requirement from install.md * Multi-arch image workflow: Make steps generic * chroot: fix environment value leakage to intermediate processes * Update nix pin with `make nixpkgs` * buildah source - create and manage source images * Update cirrus-cron notification GH workflow * Reuse code from containers/common/pkg/parse * Cirrus: Freshen VM images * Fix excludes exception begining with / or ./ * Fix syntax for --manifest example * build(deps): bump github.com/onsi/gomega from 1.13.0 to 1.14.0 * vendor containers/common@main * Cirrus: Drop dependence on fedora-minimal * Adjust conformance-test error-message regex * Workaround appearance of differing debug messages * Cirrus: Install docker from package cache * build(deps): bump github.com/containers/ocicrypt from 1.1.1 to 1.1.2 * Switch rusagelogfile to use options.Out * build(deps): bump github.com/containers/storage from 1.32.4 to 1.32.5 * Turn stdio back to blocking when command finishes * Add support for default network creation * Cirrus: Updates for master->main rename * Change references from master to main * Add `--env` and `--workingdir` flags to run command * build(deps): bump github.com/opencontainers/runc * [CI:DOCS] buildah bud: spelling --ignore-file requires parameter * [CI:DOCS] push/pull: clarify supported transports * Remove unused function arguments * Create mountOptions for mount command flags * Extract version command implementation to function * Add --json flags to `mount` and `version` commands * build(deps): bump github.com/containers/storage from 1.32.2 to 1.32.3 * build(deps): bump github.com/containers/common from 0.40.0 to 0.40.1 * copier.Put(): set xattrs after ownership * buildah add/copy: spelling * build(deps): bump github.com/containers/common from 0.39.0 to 0.40.0 * buildah copy and buildah add should support .containerignore * Remove unused util.StartsWithValidTransport * Fix documentation of the --format option of buildah push * Don't use alltransports.ParseImageName with known transports * build(deps): bump github.com/containers/image/v5 from 5.13.0 to 5.13.1 * man pages: clarify `rmi` removes dangling parents * tests: make it easer to override the location of the copy helper * build(deps): bump github.com/containers/image/v5 from 5.12.0 to 5.13.0 * [CI:DOCS] Fix links to c/image master branch * imagebuildah: use the specified logger for logging preprocessing warnings * Fix copy into workdir for a single file * Fix docs links due to branch rename * Update nix pin with `make nixpkgs` * build(deps): bump github.com/fsouza/go-dockerclient from 1.7.2 to 1.7.3 * build(deps): bump github.com/opencontainers/selinux from 1.8.1 to 1.8.2 * build(deps): bump go.etcd.io/bbolt from 1.3.5 to 1.3.6 * build(deps): bump github.com/containers/storage from 1.32.1 to 1.32.2 * build(deps): bump github.com/mattn/go-shellwords from 1.0.11 to 1.0.12 * build(deps): bump github.com/onsi/ginkgo from 1.16.3 to 1.16.4 * fix(docs): typo * Move to v1.22.0-dev * Fix handling of auth.json file while in a user namespace * Add rusage-logfile flag to optionally send rusage to a file * imagebuildah: redo step logging * build(deps): bump github.com/onsi/ginkgo from 1.16.2 to 1.16.3 * build(deps): bump github.com/containers/storage from 1.32.0 to 1.32.1 * Add volumes to make running buildah within a container easier * build(deps): bump github.com/onsi/gomega from 1.12.0 to 1.13.0 * Add and use a "copy" helper instead of podman load/save * Bump github.com/containers/common from 0.38.4 to 0.39.0 * containerImageRef/containerImageSource: don't buffer uncompressed layers * containerImageRef(): squashed images have no parent images * Sync. workflow across skopeo, buildah, and podman * Bump github.com/containers/storage from 1.31.1 to 1.31.2 * Bump github.com/opencontainers/runc from 1.0.0-rc94 to 1.0.0-rc95 * Bump to v1.21.1-dev [NO TESTS NEEDED] ------------------------------------------------------------------- Fri Jul 23 08:35:11 UTC 2021 - alexandre.vicenzi@suse.com - Update to version 1.21.4: * Bump to v1.21.4 * tests: make it easer to override the location of the copy helper * Add and use a "copy" helper instead of podman load/save * vendor containers/common@v0.38.16 * Bump to v1.21.3 * chroot: fix environment value leakage to intermediate processes * [release-1.21] Bump to Buildah v1.21.2 * vendor common@v0.38.12 and storage@v1.31.3 * Bump to v1.21.1 * Fix handling of auth.json file while in a user namespace ------------------------------------------------------------------- Mon Jul 19 12:09:41 UTC 2021 - Fabian Vogt - Set -buildmode=pie properly using GOFLAGS instead of just LDFLAGS - Exclude building on ppc64, not supported ------------------------------------------------------------------- Mon May 24 13:59:14 UTC 2021 - alexandre.vicenzi@suse.com - Update to version 1.21.0: * Bump to v1.21.0 - [NO TESTS NEEDED] * Don't blow up if cpp detects errors * Vendor in containers/common v0.38.4 * Remove 'buildah run --security-opt' from completion * update c/common * Fix handling of --default-mounts-file * update vendor of containers/storage v1.31.1 * Bump github.com/containers/storage from 1.30.3 to 1.31.0 * Send logrus messages back to caller when building * github: Fix bad repo. ref in workflow config * Check earlier for bad image tags name * buildah bud: fix containers/podman/issues/10307 * Bump github.com/containers/storage from 1.30.1 to 1.30.3 * Cirrus: Support [CI:DOCS] test skipping * Notification email for cirrus-cron build failures * Bump github.com/opencontainers/runc from 1.0.0-rc93 to 1.0.0-rc94 * Fix race condition * Fix copy race while walking paths * Preserve ownership of lower directory when doing an overlay mount * Bump github.com/onsi/gomega from 1.11.0 to 1.12.0 * Update nix pin with `make nixpkgs` * codespell cleanup * Multi-arch github-action workflow unification * Bump github.com/containers/image/v5 from 5.11.1 to 5.12.0 * Bump github.com/onsi/ginkgo from 1.16.1 to 1.16.2 * imagebuildah: ignore signatures when tagging images * update to latest libimage * Bump github.com/containers/common from 0.37.0 to 0.37.1 * Bump github.com/containers/storage from 1.30.0 to 1.30.1 * Upgrade to GitHub-native Dependabot * Document location of auth.json file if XDG_RUNTIME_DIR is not set * run.bats: fix flake in run-user test * Cirrus: Update F34beta -> F34 * pr-should-include-tests: try to make work in buildah * runUsingRuntime: when relaying error from the runtime, mention that * Run(): avoid Mkdir() into the rootfs * imagebuildah: replace archive with chrootarchive * imagebuildah.StageExecutor.volumeCacheSaveVFS(): set up bind mounts * conformance: use :Z with transient mounts when SELinux is enabled * bud.bats: fix a bats warning * imagebuildah: create volume directories when using overlays * imagebuildah: drop resolveSymlink() * namespaces test - refactoring and cleanup * Refactor 'idmapping' system test * Cirrus: Update Ubuntu images to 21.04 * Tiny fixes in bud system tests * Add compabitility wrappers for removed packages * Fix expected message at pulling image * Fix system tests of 'bud' subcommand * [CI:DOCS] Update steps for CentOS runc users * Add support for secret mounts * Add buildah manifest rm command * restore push/pull and util API * [CI:DOCS] Remove older distro docs * Rename rhel secrets to subscriptions * vendor in openshift/imagebuilder * Remove buildah bud --loglevel ... * use new containers/common/libimage package * Fix copier when using globs * Test namespace flags of 'bud' subcommand * Add system test of 'bud' subcommand * Output names of multiple tags in buildah bud * push to docker test: don't get fooled by podman * copier: add Remove() * build(deps): bump github.com/containers/image/v5 from 5.10.5 to 5.11.1 * Restore log timestamps * Add system test of 'buildah help' with a tiny fix * tests: copy.bats: fix infinite hang * Do not force hard code to crun in rootless mode * build(deps): bump github.com/openshift/imagebuilder from 1.2.0 to 1.2.1 * build(deps): bump github.com/containers/ocicrypt from 1.1.0 to 1.1.1 * build(deps): bump github.com/containers/common from 0.35.4 to 0.36.0 * Fix arg missing warning in bud * Check without flag in 'from --cgroup-parent' test * Minor fixes to Buildah as a library tutorial documentation * Add system test of 'buildah version' for packaged buildah * Add a few system tests of 'buildah from' * Log the final error with %+v at logging level "trace" * copier: add GetOptions.NoCrossDevice * Update nix pin with `make nixpkgs` * Bump to v1.20.2-dev ------------------------------------------------------------------- Thu Apr 15 12:28:09 UTC 2021 - alexandre.vicenzi@suse.com - Update to version 1.20.1: * Bump to v1.20.1 * Run container with isolation type set at 'from' * bats helpers.bash - minor refactoring * Bump containers/storage vendor to v1.29.0 * build(deps): bump github.com/onsi/ginkgo from 1.16.0 to 1.16.1 * Cirrus: Update VMs w/ F34beta * CLI add/copy: add a --from option * build(deps): bump github.com/onsi/ginkgo from 1.15.2 to 1.16.0 * Add authentication system tests for 'commit' and 'bud' * fix local image lookup for custom platform * Double-check existence of OCI runtimes * Cirrus: Make use of shared get_ci_vm container * Add system tests of "buildah run" * Update nix pin with `make nixpkgs` * Remove some stuttering on returns errors * Setup alias for --tty to --terminal * Add conformance tests for COPY /... * Put a few more minutes on the clock for the CI conformance test * Add a conformance test for COPY --from $symlink * Add conformance tests for COPY "" * Check for symlink in builtin volume * Sort all mounts by destination directory * System-test cleanup * Export parse.Platform string to be used by podman-remote * blobcache: fix sequencing error * build(deps): bump github.com/containers/common from 0.35.3 to 0.35.4 * Fix URL in demos/buildah_multi_stage.sh * Add a few system tests * [NO TESTS NEEDED] Use --recurse-modules when building git context * Bump to v1.20.1-dev ------------------------------------------------------------------- Mon Mar 29 21:02:40 UTC 2021 - alexandre.vicenzi@suse.com - Update to version 1.20.0: * Bump to v1.20.0 * Fix release.sh to generate good releases * vendor in containers/storage v1.28.1 * build(deps): bump github.com/containers/common from 0.35.2 to 0.35.3 * tests: prefetch: use buildah, not podman, for pulls * Use faster way to check image tag existence during multi-arch build * Add information about multi-arch images to the Readme * COPY --chown: expand the conformance test * pkg/chrootuser: use a bufio.Scanner * [CI:DOCS] Fix rootful typo in docs * build(deps): bump github.com/onsi/ginkgo from 1.15.1 to 1.15.2 * Add documentation and testing for .containerignore * build(deps): bump github.com/sirupsen/logrus from 1.8.0 to 1.8.1 * build(deps): bump github.com/hashicorp/go-multierror from 1.1.0 to 1.1.1 * Lookup Containerfile if user specifies a directory * Add Tag format placeholder to docs * copier: ignore sockets * image: propagate errors from extractRootfs * Remove system test of 'buildah containers -a' * Clarify userns options are usable only as root in man pages * Fix system test of 'containers -a' * Remove duplicated code in addcopy * build(deps): bump github.com/onsi/ginkgo from 1.15.0 to 1.15.1 * build(deps): bump github.com/onsi/gomega from 1.10.5 to 1.11.0 * build(deps): bump github.com/fsouza/go-dockerclient from 1.7.1 to 1.7.2 * Update multi-arch buildah build setup with new logic * Update nix pin with `make nixpkgs` * overlay.bats: fix the "overlay source permissions" test * imagebuildah: use overlay for volumes when using overlay * Make PolicyMap and PullPolicy names align * copier: add GetOptions.IgnoreUnreadable * Check local image to match system context * fix: Containerfiles - smaller set of userns u/gids * Set upperdir permissions based on source * Shrink the vendoring size of pkc/cli * Clarify image name match failure message * ADD/COPY: create the destination directory first, chroot to it * copier.GetOptions: add NoDerefSymLinks * copier: add an Eval function * Update system test for 'from --cap-add/drop' * copier: fix a renaming bug * copier: return child process stderr if we can't JSON decode the response * Add some system tests * build(deps): bump github.com/containers/storage from 1.26.0 to 1.27.0 * complement add/copy --chmod documentation * buildah login and logout, do not need to enter user namespace * Add multi-arch image build * chmod/chown added/fixed in bash completions * OWNERS: add @lsm5 * buildah add/copy --chmod dockerfile implementation * bump github.com/openshift/imagebuilder from 1.1.8 to 1.2.0 * buildah add/copy --chmod cli implementation for files and urls * Make sure we set the buildah version label * Isolation strings, should match user input * [CI:DOCS] buildah-from.md: remove dup arch,os * build(deps): bump github.com/containers/image/v5 from 5.10.2 to 5.10.3 * Cirrus: Temp. disable prior-fedora (F32) testing * pr-should-include-tests: recognized "renamed" tests * build(deps): bump github.com/sirupsen/logrus from 1.7.0 to 1.8.0 * build(deps): bump github.com/fsouza/go-dockerclient from 1.7.0 to 1.7.1 * build(deps): bump github.com/containers/common from 0.34.2 to 0.35.0 * Fix reaping of stages with no instructions * add stale bot * Add base image name to comment * build(deps): bump github.com/spf13/cobra from 1.1.1 to 1.1.3 * Don't fail copy to emptydir * buildah: use volatile containers * vendor: update containers/storage * Eliminate the use of containers/building import in pkg subdirs * Add more support for removing config * Improve messages about --cache-from not being supported * Revert patch to allow COPY/ADD of empty dirs. * Don't fail copy to emptydir * Fix tutorial for rootless mode * Fix caching layers with build args * Vendor in containers/image v5.10.2 * build(deps): bump github.com/containers/common from 0.34.0 to 0.34.2 * build(deps): bump github.com/onsi/ginkgo from 1.14.2 to 1.15.0 * 'make validate': require PRs to include tests * build(deps): bump github.com/onsi/gomega from 1.10.4 to 1.10.5 * build(deps): bump github.com/containers/storage from 1.24.5 to 1.25.0 * Use chown function for U volume flag from containers/common repository * --iidfile: print hash prefix * bump containernetworking/cni to v0.8.1 - fix for CVE-2021-20206 (bsc#1181961) * run: fix check for host pid namespace * Finish plumbing for buildah bud --manifest * buildah manifest add localimage should work * Stop testing directory permissions with latest docker * Fix build arg check * build(deps): bump github.com/containers/ocicrypt from 1.0.3 to 1.1.0 * [ci:docs] Fix man page for buildah push * Update nix pin with `make nixpkgs` * Bump to containers/image v5.10.1 * Rebuild layer if a change in ARG is detected * Bump golang.org/x/crypto to the latest * Add Ashley and Urvashi to Approvers * local image lookup by digest * Use build-arg ENV val from local environment if set * Pick default OCI Runtime from containers.conf * Added required devel packages * Cirrus: Native OSX Build * Cirrus: Two minor cleanup items * Workaround for RHEL gating test failure * build(deps): bump github.com/stretchr/testify from 1.6.1 to 1.7.0 * build(deps): bump github.com/mattn/go-shellwords from 1.0.10 to 1.0.11 * Reset upstream branch to dev version * If destination does not exists, do not throw error * Fix version of release to v1.19.1 * use local image name for pull policy checks * Vendor in common 0.33.1 * Fix conformance test false-failures * Fix config-flags-verification test on F33 * Fix bud capabilities test * Cirrus: Support new VM Images in get_ci_vm.sh * Cirrus: Make tests pass with new VM Images * Cirrus: Collect cri-o-runc version * Cirrus: Update VM Images + Rearrange tasks * Cirrus: Clarify task names / improve readability * Stop overriding the location of the blob info cache * build(deps): bump github.com/fsouza/go-dockerclient from 1.6.6 to 1.7.0 * Update nix pin with `make nixpkgs` * Bump to v1.20.0-dev * Bump to v1.19.0 * Update vendor of containers/storage and containers/common * Buildah inspect should be able to inspect manifests * Make buildah push support pushing manifests lists and digests * Fix handling of TMPDIR environment variable * Add support for --manifest flags * Upper directory should match mode of destination directory * Only grab the OS, Arch if the user actually specified them * Use --arch and --os and --variant options to select architecture and os * Cirrus: Track libseccomp and golang version * copier.PutOptions: add an "IgnoreDevices" flag * fix: `rmi --prune` when parent image is in store. * build(deps): bump github.com/containers/storage from 1.24.3 to 1.24.4 * build(deps): bump github.com/containers/common from 0.31.1 to 0.31.2 * Allow users to specify stdin into containers * Drop log message on failure to mount on /sys file systems to info * Spelling * SELinux no longer requires a tag. * build(deps): bump github.com/containers/common from 0.31.0 to 0.31.1 * Update nix pin with `make nixpkgs` * Switch references of /var/run -> /run * Allow FROM to be overriden with from option * copier: don't assume we can chroot() on Unixy systems * copier: add PutOptions.NoOverwriteDirNonDir, Get/PutOptions.Rename * copier: handle replacing directories with not-directories * copier: Put: skip entries with zero-length names * build(deps): bump github.com/containers/storage from 1.24.2 to 1.24.3 * Add U volume flag to chown source volumes * Turn off PRIOR_UBUNTU Test until vm is updated * pkg, cli: rootless uses correct isolation * build(deps): bump github.com/onsi/gomega from 1.10.3 to 1.10.4 * update installation doc to reflect current status * Move away from using docker.io * enable short-name aliasing * build(deps): bump github.com/containers/storage from 1.24.1 to 1.24.2 * build(deps): bump github.com/containers/common from 0.30.0 to 0.31.0 * Throw errors when using bogus --network flags * pkg/supplemented test: replace our null blobinfocache * build(deps): bump github.com/containers/common from 0.29.0 to 0.30.0 * inserts forgotten quotation mark * Not prefer use local image create/add manifest * Add container information to .containerenv * Add --ignorefile flag to use alternate .dockerignore flags * Add a source debug build * Fix crash on invalid filter commands * Switch to using containers/common pkg's * fix: non-portable shebang #2812 * Remove copy/paste errors that leaked `Podman` into man pages. * Add suggests cpp to spec file * Apply suggestions from code review * update docs for debian testing and unstable * imagebuildah: disable pseudo-terminals for RUN * Compute diffID for mapped-layer at creating image source * intermediateImageExists: ignore images whose history we can't read * Bump to v1.19.0-dev * Bump to v1.18.0 * build(deps): bump github.com/containers/common from 0.26.3 to 0.27.0 * Fix testing error caused by simultanious merge * Vendor in containers/storage v1.24.0 * short-names aliasing * Add --policy flag to buildah pull * Stop overwrapping and stuttering * copier.Get(): ignore ENOTSUP/ENOSYS when listing xattrs * Run: don't forcibly disable UTS namespaces in rootless mode * test: ensure non-directory in a Dockerfile path is handled correctly * Add a few tests for `pull` command * Fix buildah config --cmd to handle array * build(deps): bump github.com/containers/storage from 1.23.8 to 1.23.9 * Fix NPE when Dockerfile path contains non-directory entries * Update buildah bud man page from podman build man page * Move declaration of decryption-keys to common cli * Run: correctly call copier.Mkdir * util: digging UID/GID out of os.FileInfo should work on Unix * imagebuildah.getImageTypeAndHistoryAndDiffIDs: cache results * Verify userns-uid-map and userns-gid-map input * Use CPP, CC and flags in dep check scripts * Avoid overriding LDFLAGS in Makefile * ADD: handle --chown on URLs * Update nix pin with `make nixpkgs` * (*Builder).Run: MkdirAll: handle EEXIST error * copier: try to force loading of nsswitch modules before chroot() * fix MkdirAll usage * build(deps): bump github.com/containers/common from 0.26.2 to 0.26.3 * build(deps): bump github.com/containers/storage from 1.23.7 to 1.23.8 * Use osusergo build tag for static build * imagebuildah: cache should take image format into account * Bump to v1.18.0-dev * Bump to v1.17.0 * Handle cases where other tools mount/unmount containers * overlay.MountReadOnly: support RO overlay mounts * overlay: use fusermount for rootless umounts * overlay: fix umount * Switch default log level of Buildah to Warn. Users need to see these messages * Drop error messages about OCI/Docker format to Warning level * build(deps): bump github.com/containers/common from 0.26.0 to 0.26.2 * tests/testreport: adjust for API break in storage v1.23.6 * build(deps): bump github.com/containers/storage from 1.23.5 to 1.23.7 * build(deps): bump github.com/fsouza/go-dockerclient from 1.6.5 to 1.6.6 * copier: put: ignore Typeflag="g" * Use curl to get repo file (fix #2714) * build(deps): bump github.com/containers/common from 0.25.0 to 0.26.0 * build(deps): bump github.com/spf13/cobra from 1.0.0 to 1.1.1 * Remove docs that refer to bors, since we're not using it * Buildah bud should not use stdin by default * bump containerd, docker, and golang.org/x/sys * Makefile: cross: remove windows.386 target * copier.copierHandlerPut: don't check length when there are errors * Stop excessive wrapping * CI: require that conformance tests pass * bump(github.com/openshift/imagebuilder) to v1.1.8 * Skip tlsVerify insecure BUILD_REGISTRY_SOURCES * Fix build path wrong https://github.com/containers/podman/issues/7993 * refactor pullpolicy to avoid deps * build(deps): bump github.com/containers/common from 0.24.0 to 0.25.0 * CI: run gating tasks with a lot more memory * ADD and COPY: descend into excluded directories, sometimes * copier: add more context to a couple of error messages * copier: check an error earlier * copier: log stderr output as debug on success * Update nix pin with `make nixpkgs` * Set directory ownership when copied with ID mapping * Cirrus: Remove bors artifacts * Sort build flag definitions alphabetically * ADD: only expand archives at the right time * Remove configuration for bors * Shell Completion for podman build flags * Bump c/common to v0.24.0 * New CI check: xref --help vs man pages * CI: re-enable several linters * Move --userns-uid-map/--userns-gid-map description into buildah man page * add: preserve ownerships and permissions on ADDed archives * Makefile: tweak the cross-compile target * Bump containers/common to v0.23.0 * chroot: create bind mount targets 0755 instead of 0700 * Change call to Split() to safer SplitN() * chroot: fix handling of errno seccomp rules * build(deps): bump github.com/containers/image/v5 from 5.5.2 to 5.6.0 * Add In Progress section to contributing * integration tests: make sure tests run in ${topdir}/tests * Run(): ignore containers.conf's environment configuration * Warn when setting healthcheck in OCI format * Cirrus: Skip git-validate on branches * tools: update git-validation to the latest commit * tools: update golangci-lint to v1.18.0 * Add a few tests of push command * Add(): fix handling of relative paths with no ContextDir * build(deps): bump github.com/containers/common from 0.21.0 to 0.22.0 * Lint: Use same linters as podman * Validate: reference HEAD * Fix buildah mount to display container names not ids * Update nix pin with `make nixpkgs` * Add missing --format option in buildah from man page * Fix up code based on codespell * build(deps): bump github.com/openshift/imagebuilder from 1.1.6 to 1.1.7 * build(deps): bump github.com/containers/storage from 1.23.4 to 1.23.5 * Improve buildah completions * Cirrus: Fix validate commit epoch * Fix bash completion of manifest flags * Uniform some man pages * Update Buildah Tutorial to address BZ1867426 * Update bash completion of `manifest add` sub command * copier.Get(): hard link targets shouldn't be relative paths * build(deps): bump github.com/onsi/gomega from 1.10.1 to 1.10.2 * Pass timestamp down to history lines * Timestamp gets updated everytime you inspect an image * bud.bats: use absolute paths in newly-added tests * contrib/cirrus/lib.sh: don't use CN for the hostname * tests: Add some tests * Update `manifest add` man page * Extend flags of `manifest add` * build(deps): bump github.com/containers/storage from 1.23.3 to 1.23.4 * build(deps): bump github.com/onsi/ginkgo from 1.14.0 to 1.14.1 * Bump to v1.17.0-dev * Bump to v1.16.0 * CI: expand cross-compile checks * fix build on 32bit arches * StageExecutor.intermediateImageExists: recognize cached images based on scratch * containerImageRef.NewImageSource(): don't always force timestamps * Add fuse module warning to image readme * Heed our retry delay option values when retrying commit/pull/push * Switch to containers/common for seccomp * Use --timestamp rather then --omit-timestamp * docs: remove outdated notice * docs: remove outdated notice * build-using-dockerfile: add a hidden --log-rusage flag * build(deps): bump github.com/containers/image/v5 from 5.5.1 to 5.5.2 * Discard ReportWriter if user sets options.Quiet * build(deps): bump github.com/containers/common from 0.19.0 to 0.20.3 * Fix ownership of content copied using COPY --from * newTarDigester: zero out timestamps in tar headers * Update nix pin with `make nixpkgs` * bud.bats: correct .dockerignore integration tests * Use pipes for copying * run: include stdout in error message * run: use the correct error for errors.Wrapf * copier: un-export internal types * copier: add Mkdir() * in_podman: don't get tripped up by $CIRRUS_CHANGE_TITLE * docs/buildah-commit.md: tweak some wording, add a --rm example * imagebuildah: don’t blank out destination names when COPYing * Replace retry functions with common/pkg/retry * StageExecutor.historyMatches: compare timestamps using .Equal * Update vendor of containers/common * Fix errors found in coverity scan * Change namespace handling flags to better match podman commands * conformance testing: ignore buildah.BuilderIdentityAnnotation labels * Vendor in containers/storage v1.23.0 * Add buildah.IsContainer interface * Avoid feeding run_buildah to pipe * fix(buildahimage): add xz dependency in buildah image * Bump github.com/containers/common from 0.15.2 to 0.18.0 * Howto for rootless image building from OpenShift * Add --omit-timestamp flag to buildah bud * Update nix pin with `make nixpkgs` * Shutdown storage on failures * Handle COPY --from when an argument is used * Bump github.com/seccomp/containers-golang from 0.5.0 to 0.6.0 * Cirrus: Use newly built VM images * Bump github.com/opencontainers/runc from 1.0.0-rc91 to 1.0.0-rc92 * Enhance the .dockerignore man pages * conformance: add a test for COPY from subdirectory * fix bug manifest inspct * Add documentation for .dockerignore * Add BuilderIdentityAnnotation to identify buildah version * DOC: Add quay.io/containers/buildah image to README.md * Update buildahimages readme * fix spelling mistake in "info" command result display * Don't bind /etc/host and /etc/resolv.conf if network is not present * blobcache: avoid an unnecessary NewImage() * Build static binary with `buildGoModule` * copier: split StripSetidBits into StripSetuidBit/StripSetgidBit/StripStickyBit * tarFilterer: handle multiple archives * Fix a race we hit during conformance tests * Rework conformance testing * Update 02-registries-repositories.md * test-unit: invoke cmd/buildah tests with --flags * parse: fix a type mismatch in a test * Fix compilation of tests/testreport/testreport * build.sh: log the version of Go that we're using * test-unit: increase the test timeout to 40/45 minutes * Add the "copier" package * Fix & add notes regarding problematic language in codebase * Add dependency on github.com/stretchr/testify/require * CompositeDigester: add the ability to filter tar streams * BATS tests: make more robust * vendor golang.org/x/text@v0.3.3 * Switch golang 1.12 to golang 1.13 * imagebuildah: wait for stages that might not have even started yet * chroot, run: not fail on bind mounts from /sys * chroot: do not use setgroups if it is blocked * Set engine env from containers.conf * imagebuildah: return the right stage's image as the "final" image * Fix a help string * Deduplicate environment variables * switch containers/libpod to containers/podman * Bump github.com/containers/ocicrypt from 1.0.2 to 1.0.3 * Bump github.com/opencontainers/selinux from 1.5.2 to 1.6.0 * Mask out /sys/dev to prevent information leak * linux: skip errors from the runtime kill * Mask over the /sys/fs/selinux in mask branch * Add VFS additional image store to container * tests: add auth tests * Allow "readonly" as alias to "ro" in mount options * Ignore OS X specific consistency mount option * Bump github.com/onsi/ginkgo from 1.13.0 to 1.14.0 * Bump github.com/containers/common from 0.14.0 to 0.15.2 * Rootless Buildah should default to IsolationOCIRootless * imagebuildah: fix inheriting multi-stage builds * Make imagebuildah.BuildOptions.Architecture/OS optional * Make imagebuildah.BuildOptions.Jobs optional * Resolve a possible race in imagebuildah.Executor.startStage() * Switch scripts to use containers.conf * Bump openshift/imagebuilder to v1.1.6 * Bump go.etcd.io/bbolt from 1.3.4 to 1.3.5 * buildah, bud: support --jobs=N for parallel execution * executor: refactor build code inside new function * Add bud regression tests * Cirrus: Fix missing htpasswd in registry img * docs: clarify the 'triples' format * CHANGELOG.md: Fix markdown formatting * Add nix derivation for static builds * Bump to v1.16.0-dev * Bump to v1.15.0 * vendor github.com/containers/image/v5@v5.5.1 * add version centos7 for compatible * vendor github.com/containers/common v0.14.0 * Bump ImageBuilder to v1.1.5 * Bump github.com/containers/common from 0.12.0 to 0.13.1 * Bump github.com/containers/storage from 1.20.1 to 1.20.2 * Bump github.com/seccomp/containers-golang from 0.4.1 to 0.5.0 * Bump github.com/stretchr/testify from 1.6.0 to 1.6.1 * Bump github.com/opencontainers/runc from 1.0.0-rc9 to 1.0.0-rc90 * Add CVE-2020-10696 to CHANGELOG.md and changelog.txt (bsc#1167864) * Bump github.com/stretchr/testify from 1.5.1 to 1.6.0 * Bump github.com/onsi/ginkgo from 1.12.2 to 1.12.3 * Vendor in containers/common v0.12.0 * fix lighttpd example * Vendor in new go.etcd.io/bbolt * Bump github.com/onsi/ginkgo from 1.12.1 to 1.12.2 * Bump imagebuilder for ARG fix * Bump github.com/containers/common from 0.11.2 to 0.11.4 * remove dependency on openshift struct * Warn on unset build arguments * vendor: update seccomp/containers-golang to v0.4.1 * Ammended docs * Updated docs * clean up comments * update exit code for tests * Implement commit for encryption * implementation of encrypt/decrypt push/pull/bud/from * fix resolve docker image name as transport * Bump github.com/opencontainers/go-digest from 1.0.0-rc1 to 1.0.0 * Bump github.com/onsi/ginkgo from 1.12.0 to 1.12.1 * Bump github.com/containers/storage from 1.19.1 to 1.19.2 * Bump github.com/containers/image/v5 from 5.4.3 to 5.4.4 * Add preliminary profiling support to the CLI * Bump github.com/containers/common from 0.10.0 to 0.11.2 * Evaluate symlinks in build context directory * fix error info about get signatures for containerImageSource * Add Security Policy * Cirrus: Fixes from review feedback * Bump github.com/containers/storage from 1.19.0 to 1.19.1 * Bump github.com/sirupsen/logrus from 1.5.0 to 1.6.0 * imagebuildah: stages shouldn't count as their base images * Update containers/common v0.10.0 * Bump github.com/fsouza/go-dockerclient from 1.6.4 to 1.6.5 * Add registry to buildahimage Dockerfiles * Cirrus: Use pre-installed VM packages + F32 * Cirrus: Re-enable all distro versions * Cirrus: Update to F31 + Use cache images * golangci-lint: Disable gosimple * Lower number of golangci-lint threads * Fix permissions on containers.conf * Don't force tests to use runc * Bump github.com/containers/common from 0.9.1 to 0.9.5 * Return exit code from failed containers * Bump github.com/containers/storage from 1.18.2 to 1.19.0 * Bump github.com/containers/common from 0.9.0 to 0.9.1 * cgroup_manager should be under [engine] * Use c/common/pkg/auth in login/logout * Cirrus: Temporarily disable Ubuntu 19 testing * Add containers.conf to stablebyhand build * Update gitignore to exclude test Dockerfiles * Bump github.com/fsouza/go-dockerclient from 1.6.3 to 1.6.4 * Bump github.com/containers/common from 0.8.1 to 0.9.0 * Bump back to v1.15.0-dev * Bump to v1.14.8 * Remove warning for systemd inside of container * Run (make vendor) * Run (make -C tests/tools vendor) * Run (go mod tidy) before (go mod vendor) again * Fix (make vendor) * Bump validation * Bump back to v1.15.0-dev * Bump to v1.14.7 * Bump github.com/containers/image/v5 from 5.3.1 to 5.4.3 * make vendor: run `tidy` after `vendor` * Do not skip the directory when the ignore pattern matches * Bump github.com/containers/common from 0.7.0 to 0.8.1 * Downgrade siruspen/logrus from 1.4.2 * Fix errorf conventions * dockerignore tests : remove symlinks, rework * Bump back to v1.15.0-dev * Bump to v1.14.6 * bud.bats - cleanup, refactoring * vendor in latest containers/storage 1.18.0 and containers/common v0.7.0 * Bump github.com/spf13/cobra from 0.0.6 to 0.0.7 * Bump github.com/containers/storage from 1.16.5 to 1.17.0 * Bump github.com/containers/image/v5 from 5.2.1 to 5.3.1 * Fix Amazon install step * Bump back to v1.15.0-dev * Bump to v1.14.5 * Fix bud-build-arg-cache test * Make image history work correctly with new args handling * Don't add args to the RUN environment from the Builder * Update github.com/openshift/imagebuilder to v1.1.4 * revert #2246 FIPS mode change * Add .swp files to .gitignore * Bump back to v1.15.0-dev * Bump to v1.14.4 * image with dup layers: we now have one on quay * Fix fips-mode check for RHEL8 boxes * digest test : make more robust * Fix potential CVE in tarfile w/ symlink * Fix .dockerignore with globs and ! commands * update install steps for Amazon Linux 2 * Bump github.com/openshift/imagebuilder from 1.1.2 to 1.1.3 * Add comment for RUN command in volume ownership test * Run stat command directly for volume ownership test * vendor in containers/common v0.6.1 * Cleanup go.sum * Bump back to v1.15.0-dev * Bump to v1.14.3 * Update containers/storage to v1.16.5 * Bump github.com/containers/storage from 1.16.2 to 1.16.4 * Bump github.com/openshift/imagebuilder from 1.1.1 to 1.1.2 * Update github.com/openshift/imagebuilder vendoring * Update unshare man page to fix script example * Fix compilation errors on non linux platforms * Bump containers/common and opencontainers/selinux versions * Add tests for volume ownership * Preserve volume uid and gid through subsequent commands * Fix FORWARD_NULL errors found by Coverity * Bump github.com/containers/storage from 1.16.1 to 1.16.2 * Fix errors found by codespell * Bump back to v1.15.0-dev * Bump to v1.14.2 * Add Pull Request Template * Bump to containers/storage v1.16.1 * run_linux: fix tight loop if file is not pollable * Bump github.com/opencontainers/selinux from 1.3.2 to 1.3.3 * Bump github.com/containers/common from 0.4.1 to 0.4.2 * Bump back to v1.15.0-dev * Bump to v1.14.1 * Search for local runtime per values in containers.conf * Set correct ownership on working directory * BATS : in teardown, umount stale mounts * Add Containerfile to build a versioned stable image on quay.io * Bump github.com/spf13/cobra from 0.0.5 to 0.0.6 * Bump github.com/fsouza/go-dockerclient from 1.6.1 to 1.6.3 * Bump github.com/stretchr/testify from 1.4.0 to 1.5.1 * Replace unix with syscall to allow vendoring into libpod * Update to containers/common v0.4.1 * Improve remote manifest retrieval * Fix minor spelling errors in containertools README * Clear the right variable in buildahimage * Correct a couple of incorrect format specifiers * Update to containers/common v0.3.0 * manifest push --format: force an image type, not a list type * run: adjust the order in which elements are added to $PATH * getDateAndDigestAndSize(): handle creation time not being set * Bump github.com/containers/common from 0.2.0 to 0.2.1 * include installation steps for CentOS 8 and Stream * include installation steps for CentOS7 and forks * Adjust Ubuntu install info to also work on Pop!_OS * Make the commit id clear like Docker * Show error on copied file above context directory in build * Bump github.com/containers/image/v5 from 5.2.0 to 5.2.1 * pull/from/commit/push: retry on most failures * Makefile: fix install.cni.sudo * Repair buildah so it can use containers.conf on the server side * Bump github.com/mattn/go-shellwords from 1.0.9 to 1.0.10 * Bump github.com/fsouza/go-dockerclient from 1.6.0 to 1.6.1 * Fixing formatting & build instructions * Add Code of Conduct * Bors: Fix no. req. github reviews * Cirrus+Bors: Simplify temp branch skipping * Bors-ng: Add documentation and status-icon * Bump github.com/onsi/ginkgo from 1.11.0 to 1.12.0 * fix XDG_RUNTIME_DIR for authfile * Bump to v1.15.0-dev * Bump to v1.14.0 * Cirrus: Disable F29 testing * Cirrus: Add jq package * Cirrus: Fix lint + validation using wrong epoch * Stop using fedorproject registry * Bors: Workaround ineffective required statuses * Bors: Enable app + Disable Travis * Cirrus: Add standardized log-collection * Cirrus: Improve automated lint + validation * Allow passing options to golangci-lint * Cirrus: Fixes from review feedback * Cirrus: Temporarily ignore VM testing failures * Cirrus: Migrate off papr + implement VM testing * Cirrus: Update packages + fixes for get_ci_vm.sh * Show validation command-line * Skip overlay test w/ vfs driver * use alpine, not centos, for various tests * manifest add: always read the individual image manifest * Flake handling: cache and prefetch images * Close tarSource when finished using it * bump github.com/mtrmac/gpgme * Update containers/common to v0.1.4 * manifest push: add --format option * Bump github.com/onsi/gomega from 1.8.1 to 1.9.0 * vendor github.com/containers/image/v5@v5.2.0 * info test: deal with random key order * Bump back to v1.14.0-dev * Bump to v1.13.2 * selinux spc test: fix CI breakage * sign test: fix gpg failure on Rawhide * Adjust copy destination for linked tar files in ADD * sign.bats: set GPG_TTY=/dev/null * Fix parse_unsupported.go * getDateAndDigestAndSize(): use manifest.Digest * Bump github.com/opencontainers/selinux from 1.3.0 to 1.3.1 * Bump github.com/containers/common from 0.1.0 to 0.1.2 * Touch up os/arch doc * chroot: handle slightly broken seccomp defaults * buildahimage: specify fuse-overlayfs mount options * Bump github.com/mattn/go-shellwords from 1.0.7 to 1.0.9 * copy.bats: make sure we detect failures due to missing source * parse: don't complain about not being able to rename something to itself * Makefile: use a $(GO_TEST) macro, fix a typo * manifests: unit test fix * Fix build for 32bit platforms * Allow users to set OS and architecture on bud * Fix COPY in containerfile with envvar * Bump c/storage to v1.15.7 * add --sign-by to bud/commit/push, --remove-signatures for pull/push * Remove cut/paste error in CHANGELOG.md * Update vendor of containers/common to v0.1.0 * update install instructions for Debian, Raspbian and Ubuntu * Add support for containers.conf * Bump back to v1.14.0-dev * Bump to v1.13.1 * Bump github.com/containers/common from 0.0.5 to 0.0.7 * Bump github.com/onsi/ginkgo from 1.10.3 to 1.11.0 * Bump github.com/pkg/errors from 0.8.1 to 0.9.0 * Bump github.com/onsi/gomega from 1.7.1 to 1.8.1 * Add codespell support * copyFileWithTar: close source files at the right time * copy: don't digest files that we ignore * Check for .dockerignore specifically * Travis: rm go 1.12.x * Don't setup excludes, if their is only one pattern to match * set HOME env to /root on chroot-isolation by default * docs: fix references to containers-*.5 * update openshift/api * fix bug Add check .dockerignore COPY file * buildah bud --volume: run from tmpdir, not source dir * Fix imageNamePrefix to give consistent names in buildah-from * cpp: use -traditional and -undef flags * Fix image reference in tutorial 4 * discard outputs coming from onbuild command on buildah-from --quiet * make --format columnizing consistent with buildah images * Bump to v1.14.0-dev * Bump to v1.13.0 * Bump to c/storage v1.15.5 * Update container/storage to v1.15.4 * Fix option handling for volumes in build * Rework overlay pkg for use with libpod * Fix buildahimage builds for buildah * Add support for FIPS-Mode backends * Set the TMPDIR for pulling/pushing image to $TMPDIR * WIP: safer test for pull --all-tags * BATS major cleanup: blobcache.bats: refactor * BATS major cleanup: part 4: manual stuff * BATS major cleanup, step 3: yet more run_buildah * BATS major cleanup, part 2: use more run_buildah * BATS major cleanup, part 1: log-level * Bump github.com/containers/image/v5 from 5.0.0 to 5.1.0 * Bump github.com/containers/common from 0.0.3 to 0.0.5 * Bump to v1.13.0-dev ------------------------------------------------------------------- Sat Feb 20 10:16:36 UTC 2021 - info@paolostivanin.com - Update to version 1.19.6: * Bump c/containers/storage v1.24.6 * Don't fail copy to emptydir * Workaround for RHEL gating test failure * Fix config-flags-verification test on F33 * Fix bud capabilities test * Stop overriding the location of the blob info cache * Fix caching layers with build args * Vendor in latest containers/image and common ------------------------------------------------------------------- Fri Feb 12 08:54:54 UTC 2021 - Paolo Stivanin - Update to version 1.19.4: * run: fix check for host pid namespace * bump containernetworking/cni library to v0.8.1 - fix for CVE-2021-20206 (bsc#1181961) * Finish plumbing for buildah bud --manifest * buildah manifest add localimage should work * Fix build arg check * [ci:docs] Fix man page for buildah push * Vendor in containers/image v5.10.1 * Rebuild layer if a change in ARG is detected * Bump golang.org/x/crypto to latest rel-1.19 * local image lookup by digest * Use build-arg ENV val from local environment if set * Pick default OCI Runtime from containers.conf ------------------------------------------------------------------- Fri Jan 22 23:28:28 UTC 2021 - dmueller@suse.com - Update to version 1.19.2: * Update vendor of containers/storage and containers/common * Buildah inspect should be able to inspect manifests * Make buildah push support pushing manifests lists and digests * Fix handling of TMPDIR environment variable * Add support for --manifest flags * Upper directory should match mode of destination directory * Only grab the OS, Arch if the user actually specified them * Use --arch and --os and --variant options to select architecture and os * Cirrus: Track libseccomp and golang version * copier.PutOptions: add an "IgnoreDevices" flag * fix: `rmi --prune` when parent image is in store. * build(deps): bump github.com/containers/storage from 1.24.3 to 1.24.4 * build(deps): bump github.com/containers/common from 0.31.1 to 0.31.2 * Allow users to specify stdin into containers * Drop log message on failure to mount on /sys file systems to info * Spelling * SELinux no longer requires a tag. * build(deps): bump github.com/opencontainers/selinux from 1.6.0 to 1.8.0 * build(deps): bump github.com/containers/common from 0.31.0 to 0.31.1 * Update nix pin with `make nixpkgs` * Switch references of /var/run -> /run * Allow FROM to be overriden with from option * copier: don't assume we can chroot() on Unixy systems * copier: add PutOptions.NoOverwriteDirNonDir, Get/PutOptions.Rename * copier: handle replacing directories with not-directories * copier: Put: skip entries with zero-length names * build(deps): bump github.com/containers/storage from 1.24.2 to 1.24.3 * Add U volume flag to chown source volumes * Turn off PRIOR_UBUNTU Test until vm is updated * pkg, cli: rootless uses correct isolation * build(deps): bump github.com/onsi/gomega from 1.10.3 to 1.10.4 * update installation doc to reflect current status * Move away from using docker.io * enable short-name aliasing * build(deps): bump github.com/containers/storage from 1.24.1 to 1.24.2 * build(deps): bump github.com/containers/common from 0.30.0 to 0.31.0 * Throw errors when using bogus --network flags * pkg/supplemented test: replace our null blobinfocache * build(deps): bump github.com/containers/common from 0.29.0 to 0.30.0 * inserts forgotten quotation mark * Not prefer use local image create/add manifest * Add container information to .containerenv * Add --ignorefile flag to use alternate .dockerignore flags * Add a source debug build * Fix crash on invalid filter commands * build(deps): bump github.com/containers/common from 0.27.0 to 0.29.0 * Switch to using containers/common pkg's * fix: non-portable shebang #2812 * Remove copy/paste errors that leaked `Podman` into man pages. * Add suggests cpp to spec file * Apply suggestions from code review * update docs for debian testing and unstable * imagebuildah: disable pseudo-terminals for RUN * Compute diffID for mapped-layer at creating image source * intermediateImageExists: ignore images whose history we can't read * Bump to v1.19.0-dev * build(deps): bump github.com/containers/common from 0.26.3 to 0.27.0 * Fix testing error caused by simultanious merge * Vendor in containers/storage v1.24.0 * short-names aliasing * Add --policy flag to buildah pull * Stop overwrapping and stuttering * copier.Get(): ignore ENOTSUP/ENOSYS when listing xattrs * Run: don't forcibly disable UTS namespaces in rootless mode * test: ensure non-directory in a Dockerfile path is handled correctly * Add a few tests for `pull` command * Fix buildah config --cmd to handle array * build(deps): bump github.com/containers/storage from 1.23.8 to 1.23.9 * Fix NPE when Dockerfile path contains non-directory entries * Update buildah bud man page from podman build man page * Move declaration of decryption-keys to common cli * Run: correctly call copier.Mkdir * util: digging UID/GID out of os.FileInfo should work on Unix * imagebuildah.getImageTypeAndHistoryAndDiffIDs: cache results * Verify userns-uid-map and userns-gid-map input * Use CPP, CC and flags in dep check scripts * Avoid overriding LDFLAGS in Makefile * ADD: handle --chown on URLs * Update nix pin with `make nixpkgs` * (*Builder).Run: MkdirAll: handle EEXIST error * copier: try to force loading of nsswitch modules before chroot() * fix MkdirAll usage * build(deps): bump github.com/containers/common from 0.26.2 to 0.26.3 * build(deps): bump github.com/containers/storage from 1.23.7 to 1.23.8 * Use osusergo build tag for static build * imagebuildah: cache should take image format into account * Bump to v1.18.0-dev ------------------------------------------------------------------- Fri Jan 08 11:52:40 UTC 2021 - rbrown@suse.com - Update to version 1.17.1: * tag v1.17.1 * copier.Get(): ignore ENOTSUP/ENOSYS when listing xattrs * copier: try to force loading of nsswitch modules before chroot() * ADD: handle --chown on URLs * imagebuildah: cache should take image format into account * Update CI configuration for the release-1.17 branch ------------------------------------------------------------------- Mon Nov 30 13:24:14 UTC 2020 - Christian Goll - added cni to requires as its needed for buildah to run (bsc#1187812) ------------------------------------------------------------------- Tue Nov 3 14:44:18 UTC 2020 - Ralf Haferkamp - Update to v1.17.0 (bsc#1165184) * Handle cases where other tools mount/unmount containers * overlay.MountReadOnly: support RO overlay mounts * overlay: use fusermount for rootless umounts * overlay: fix umount * Switch default log level of Buildah to Warn. Users need to see these messages * Drop error messages about OCI/Docker format to Warning level * build(deps): bump github.com/containers/common from 0.26.0 to 0.26.2 * tests/testreport: adjust for API break in storage v1.23.6 * build(deps): bump github.com/containers/storage from 1.23.5 to 1.23.7 * build(deps): bump github.com/fsouza/go-dockerclient from 1.6.5 to 1.6.6 * copier: put: ignore Typeflag="g" * Use curl to get repo file (fix #2714) * build(deps): bump github.com/containers/common from 0.25.0 to 0.26.0 * build(deps): bump github.com/spf13/cobra from 1.0.0 to 1.1.1 * Remove docs that refer to bors, since we're not using it * Buildah bud should not use stdin by default * bump containerd, docker, and golang.org/x/sys * Makefile: cross: remove windows.386 target * copier.copierHandlerPut: don't check length when there are errors * Stop excessive wrapping * CI: require that conformance tests pass * bump(github.com/openshift/imagebuilder) to v1.1.8 * Skip tlsVerify insecure BUILD_REGISTRY_SOURCES * Fix build path wrong containers/podman#7993 * refactor pullpolicy to avoid deps * build(deps): bump github.com/containers/common from 0.24.0 to 0.25.0 * CI: run gating tasks with a lot more memory * ADD and COPY: descend into excluded directories, sometimes * copier: add more context to a couple of error messages * copier: check an error earlier * copier: log stderr output as debug on success * Update nix pin with make nixpkgs * Set directory ownership when copied with ID mapping * build(deps): bump github.com/sirupsen/logrus from 1.6.0 to 1.7.0 * build(deps): bump github.com/containers/common from 0.23.0 to 0.24.0 * Cirrus: Remove bors artifacts * Sort build flag definitions alphabetically * ADD: only expand archives at the right time * Remove configuration for bors * Shell Completion for podman build flags * Bump c/common to v0.24.0 * New CI check: xref --help vs man pages * CI: re-enable several linters * Move --userns-uid-map/--userns-gid-map description into buildah man page * add: preserve ownerships and permissions on ADDed archives * Makefile: tweak the cross-compile target * Bump containers/common to v0.23.0 * chroot: create bind mount targets 0755 instead of 0700 * Change call to Split() to safer SplitN() * chroot: fix handling of errno seccomp rules * build(deps): bump github.com/containers/image/v5 from 5.5.2 to 5.6.0 * Add In Progress section to contributing * integration tests: make sure tests run in ${topdir}/tests * Run(): ignore containers.conf's environment configuration * Warn when setting healthcheck in OCI format * Cirrus: Skip git-validate on branches * tools: update git-validation to the latest commit * tools: update golangci-lint to v1.18.0 * Add a few tests of push command * Add(): fix handling of relative paths with no ContextDir * build(deps): bump github.com/containers/common from 0.21.0 to 0.22.0 * Lint: Use same linters as podman * Validate: reference HEAD * Fix buildah mount to display container names not ids * Update nix pin with make nixpkgs * Add missing --format option in buildah from man page * Fix up code based on codespell * build(deps): bump github.com/openshift/imagebuilder from 1.1.6 to 1.1.7 * build(deps): bump github.com/containers/storage from 1.23.4 to 1.23.5 * Improve buildah completions * Cirrus: Fix validate commit epoch * Fix bash completion of manifest flags * Uniform some man pages * Update Buildah Tutorial to address BZ1867426 * Update bash completion of manifest add sub command * copier.Get(): hard link targets shouldn't be relative paths * build(deps): bump github.com/onsi/gomega from 1.10.1 to 1.10.2 * Pass timestamp down to history lines * Timestamp gets updated everytime you inspect an image * bud.bats: use absolute paths in newly-added tests * contrib/cirrus/lib.sh: don't use CN for the hostname * tests: Add some tests * Update manifest add man page * Extend flags of manifest add * build(deps): bump github.com/containers/storage from 1.23.3 to 1.23.4 * build(deps): bump github.com/onsi/ginkgo from 1.14.0 to 1.14.1 * Bump to v1.17.0-dev * CI: expand cross-compile checks - SLE: Remove unneeded patch: CVE-2019-10214.patch ------------------------------------------------------------------- Wed Sep 30 09:01:59 UTC 2020 - Flavio Castelli - Update to v1.16.2 * fix build on 32bit arches * containerImageRef.NewImageSource(): don't always force timestamps * Add fuse module warning to image readme * Heed our retry delay option values when retrying commit/pull/push * Switch to containers/common for seccomp * Use --timestamp rather then --omit-timestamp * docs: remove outdated notice * docs: remove outdated notice * build-using-dockerfile: add a hidden --log-rusage flag * build(deps): bump github.com/containers/image/v5 from 5.5.1 to 5.5.2 * Discard ReportWriter if user sets options.Quiet * build(deps): bump github.com/containers/common from 0.19.0 to 0.20.3 * Fix ownership of content copied using COPY --from * newTarDigester: zero out timestamps in tar headers * Update nix pin with `make nixpkgs` * bud.bats: correct .dockerignore integration tests * Use pipes for copying * run: include stdout in error message * run: use the correct error for errors.Wrapf * copier: un-export internal types * copier: add Mkdir() * in_podman: don't get tripped up by $CIRRUS_CHANGE_TITLE * docs/buildah-commit.md: tweak some wording, add a --rm example * imagebuildah: don’t blank out destination names when COPYing * Replace retry functions with common/pkg/retry * StageExecutor.historyMatches: compare timestamps using .Equal * Update vendor of containers/common * Fix errors found in coverity scan * Change namespace handling flags to better match podman commands * conformance testing: ignore buildah.BuilderIdentityAnnotation labels * Vendor in containers/storage v1.23.0 * Add buildah.IsContainer interface * Avoid feeding run_buildah to pipe * fix(buildahimage): add xz dependency in buildah image * Bump github.com/containers/common from 0.15.2 to 0.18.0 * Howto for rootless image building from OpenShift * Add --omit-timestamp flag to buildah bud * Update nix pin with `make nixpkgs` * Shutdown storage on failures * Handle COPY --from when an argument is used * Bump github.com/seccomp/containers-golang from 0.5.0 to 0.6.0 * Cirrus: Use newly built VM images * Bump github.com/opencontainers/runc from 1.0.0-rc91 to 1.0.0-rc92 * Enhance the .dockerignore man pages * conformance: add a test for COPY from subdirectory * fix bug manifest inspct * Add documentation for .dockerignore * Add BuilderIdentityAnnotation to identify buildah version * DOC: Add quay.io/containers/buildah image to README.md * Update buildahimages readme * fix spelling mistake in "info" command result display * Don't bind /etc/host and /etc/resolv.conf if network is not present * blobcache: avoid an unnecessary NewImage() * Build static binary with `buildGoModule` * copier: split StripSetidBits into StripSetuidBit/StripSetgidBit/StripStickyBit * tarFilterer: handle multiple archives * Fix a race we hit during conformance tests * Rework conformance testing * Update 02-registries-repositories.md * test-unit: invoke cmd/buildah tests with --flags * parse: fix a type mismatch in a test * Fix compilation of tests/testreport/testreport * build.sh: log the version of Go that we're using * test-unit: increase the test timeout to 40/45 minutes * Add the "copier" package * Fix & add notes regarding problematic language in codebase * Add dependency on github.com/stretchr/testify/require * CompositeDigester: add the ability to filter tar streams * BATS tests: make more robust * vendor golang.org/x/text@v0.3.3 * Switch golang 1.12 to golang 1.13 * imagebuildah: wait for stages that might not have even started yet * chroot, run: not fail on bind mounts from /sys * chroot: do not use setgroups if it is blocked * Set engine env from containers.conf * imagebuildah: return the right stage's image as the "final" image * Fix a help string * Deduplicate environment variables * switch containers/libpod to containers/podman * Bump github.com/containers/ocicrypt from 1.0.2 to 1.0.3 * Bump github.com/opencontainers/selinux from 1.5.2 to 1.6.0 * Mask out /sys/dev to prevent information leak * linux: skip errors from the runtime kill * Mask over the /sys/fs/selinux in mask branch * Add VFS additional image store to container * tests: add auth tests * Allow "readonly" as alias to "ro" in mount options * Ignore OS X specific consistency mount option * Bump github.com/onsi/ginkgo from 1.13.0 to 1.14.0 * Bump github.com/containers/common from 0.14.0 to 0.15.2 * Rootless Buildah should default to IsolationOCIRootless * imagebuildah: fix inheriting multi-stage builds * Make imagebuildah.BuildOptions.Architecture/OS optional * Make imagebuildah.BuildOptions.Jobs optional * Resolve a possible race in imagebuildah.Executor.startStage() * Switch scripts to use containers.conf * Bump openshift/imagebuilder to v1.1.6 * Bump go.etcd.io/bbolt from 1.3.4 to 1.3.5 * buildah, bud: support --jobs=N for parallel execution * executor: refactor build code inside new function * Add bud regression tests * Cirrus: Fix missing htpasswd in registry img * docs: clarify the 'triples' format * CHANGELOG.md: Fix markdown formatting * Add nix derivation for static builds * Bump to v1.16.0-dev ------------------------------------------------------------------- Mon Aug 3 06:39:53 UTC 2020 - Sascha Grunert - Update to v1.15.1 * Mask over the /sys/fs/selinux in mask branch * chroot: do not use setgroups if it is blocked * chroot, run: not fail on bind mounts from /sys * Allow "readonly" as alias to "ro" in mount options * Add VFS additional image store to container * vendor golang.org/x/text@v0.3.3 * Make imagebuildah.BuildOptions.Architecture/OS optional ------------------------------------------------------------------- Wed Jun 24 13:24:58 UTC 2020 - Ralf Haferkamp - Update to v1.15.0 * Add CVE-2020-10696 to CHANGELOG.md and changelog.txt (bsc#1167864) * fix lighttpd example * remove dependency on openshift struct * Warn on unset build arguments * vendor: update seccomp/containers-golang to v0.4.1 * Updated docs * clean up comments * update exit code for tests * Implement commit for encryption * implementation of encrypt/decrypt push/pull/bud/from * fix resolve docker image name as transport * Add preliminary profiling support to the CLI * Evaluate symlinks in build context directory * fix error info about get signatures for containerImageSource * Add Security Policy * Cirrus: Fixes from review feedback * imagebuildah: stages shouldn't count as their base images * Update containers/common v0.10.0 * Add registry to buildahimage Dockerfiles * Cirrus: Use pre-installed VM packages + F32 * Cirrus: Re-enable all distro versions * Cirrus: Update to F31 + Use cache images * golangci-lint: Disable gosimple * Lower number of golangci-lint threads * Fix permissions on containers.conf * Don't force tests to use runc * Return exit code from failed containers * cgroup_manager should be under [engine] * Use c/common/pkg/auth in login/logout * Cirrus: Temporarily disable Ubuntu 19 testing * Add containers.conf to stablebyhand build * Update gitignore to exclude test Dockerfiles * Remove warning for systemd inside of container ------------------------------------------------------------------- Mon Apr 6 06:39:00 UTC 2020 - Sascha Grunert - Update to v1.14.6 * Make image history work correctly with new args handling * Don't add args to the RUN environment from the Builder ------------------------------------------------------------------- Mon Mar 30 06:48:28 UTC 2020 - Sascha Grunert - Update to v1.14.5 * Revert FIPS mode change ------------------------------------------------------------------- Fri Mar 27 07:46:03 UTC 2020 - Sascha Grunert - Update to v1.14.4 * Update unshare man page to fix script example * Fix compilation errors on non linux platforms * Preserve volume uid and gid through subsequent commands * Fix potential CVE in tarfile w/ symlink (CVE-2020-10696 / bsc#1167864) * Fix .dockerignore with globs and ! commands ------------------------------------------------------------------- Wed Mar 4 13:43:36 UTC 2020 - Sascha Grunert - Update to v1.14.2 * Search for local runtime per values in containers.conf * Set correct ownership on working directory * Improve remote manifest retrieval * Correct a couple of incorrect format specifiers * manifest push --format: force an image type, not a list type * run: adjust the order in which elements are added to $ * getDateAndDigestAndSize(): handle creation time not being set * Make the commit id clear like Docker * Show error on copied file above context directory in build * pull/from/commit/push: retry on most failures * Repair buildah so it can use containers.conf on the server side * Fixing formatting & build instructions * Fix XDG_RUNTIME_DIR for authfile * Show validation command-line ------------------------------------------------------------------- Thu Feb 13 08:22:30 UTC 2020 - Sascha Grunert - Update to v1.14.0 * getDateAndDigestAndSize(): use manifest.Digest * Touch up os/arch doc * chroot: handle slightly broken seccomp defaults * buildahimage: specify fuse-overlayfs mount options * parse: don't complain about not being able to rename something to itself * Fix build for 32bit platforms * Allow users to set OS and architecture on bud * Fix COPY in containerfile with envvar * Add --sign-by to bud/commit/push, --remove-signatures for pull/push * Add support for containers.conf * manifest push: add --format option ------------------------------------------------------------------- Wed Jan 15 07:44:30 UTC 2020 - Sascha Grunert - Update to v1.13.1 * copyFileWithTar: close source files at the right time * copy: don't digest files that we ignore * Check for .dockerignore specifically * Don't setup excludes, if their is only one pattern to match * set HOME env to /root on chroot-isolation by default * docs: fix references to containers-*.5 * fix bug Add check .dockerignore COPY file * buildah bud --volume: run from tmpdir, not source dir * Fix imageNamePrefix to give consistent names in buildah-from * cpp: use -traditional and -undef flags * discard outputs coming from onbuild command on buildah-from --quiet * make --format columnizing consistent with buildah images * Fix option handling for volumes in build * Rework overlay pkg for use with libpod * Fix buildahimage builds for buildah * Add support for FIPS-Mode backends * Set the TMPDIR for pulling/pushing image to $TMPDIR ------------------------------------------------------------------- Mon Dec 16 08:54:54 UTC 2019 - Sascha Grunert - Update to v1.12.0 * Allow ADD to use http src * imgtype: reset storage opts if driver overridden * Start using containers/common * overlay.bats typo: fuse-overlays should be fuse-overlayfs * chroot: Unmount with MNT_DETACH instead of UnmountMountpoints() * bind: don't complain about missing mountpoints * imgtype: check earlier for expected manifest type * Add history names support ------------------------------------------------------------------- Thu Dec 5 08:11:11 UTC 2019 - Sascha Grunert - Update to v1.11.6 * Handle missing equal sign in --from and --chown flags for COPY/ADD * bud COPY does not download URL * Fix .dockerignore exclude regression * commit(docker): always set ContainerID and ContainerConfig * Touch up commit man page image parameter * Add builder identity annotations. ------------------------------------------------------------------- Tue Nov 12 14:57:37 UTC 2019 - Sascha Grunert - Update to v1.11.5 * buildah: add "manifest" command * pkg/supplemented: add a package for grouping images together * pkg/manifests: add a manifest list build/manipulation API * Update for ErrUnauthorizedForCredentials API change in containers/image * Update for manifest-lists API changes in containers/image * version: also note the version of containers/image * Move to containers/image v5.0.0 * Enable --device directory as src device * Add clarification to the Tutorial for new users * Silence "using cache" to ensure -q is fully quiet * Move runtime flag to bud from common * Commit: check for storage.ErrImageUnknown using errors.Cause() * Fix crash when invalid COPY --from flag is specified. ------------------------------------------------------------------- Tue Oct 29 09:08:07 UTC 2019 - Sascha Grunert - Update to v1.11.4 * buildah: add a "manifest" command * pkg/manifests: add a manifest list build/manipulation API * Update for ErrUnauthorizedForCredentials API change in containers/image * Update for manifest-lists API changes in containers/image * Move to containers/image v5.0.0 * Enable --device directory as src device * Add clarification to the Tutorial for new users * Silence "using cache" to ensure -q is fully quiet * Move runtime flag to bud from common * Commit: check for storage.ErrImageUnknown using errors.Cause() * Fix crash when invalid COPY --from flag is specified. ------------------------------------------------------------------- Mon Oct 7 06:54:05 UTC 2019 - Sascha Grunert - Update to v1.11.3 * Add cgroups2 * Add support for retrieving context from stdin "-" * Added tutorial on how to include Buildah as library * Fix --build-args handling * Print build 'STEP' line to stdout, not stderr * Use Containerfile by default ------------------------------------------------------------------- Mon Sep 23 15:32:41 UTC 2019 - Richard Brown - Update to v1.11.2 * Add some cleanup code * Move devices code to unit specific directory. ------------------------------------------------------------------- Fri Sep 13 07:07:28 UTC 2019 - Sascha Grunert - Update to v1.11.1 * Add --devices flag to bud and from * Add support for /run/.containerenv * Allow mounts.conf entries for equal source and destination paths * Fix label and annotation for 1-line Dockerfiles * Preserve file and directory mount permissions * Replace --debug=false with --log-level=error * Set TMPDIR to /var/tmp by default * Truncate output of too long image names * Ignore EmptyLayer if Squash is set ------------------------------------------------------------------- Thu Sep 5 15:02:56 UTC 2019 - Sascha Grunert - Update to v1.11.0 * Add --digestfile and Re-add push statement as debug * Add --log-level command line option and deprecate --debug * Add security-related volume options to validator * Allow buildah bud to be called without arguments * Allow to override build date with SOURCE_DATE_EPOCH * Correctly detect ExitError values from Run() * Disable empty logrus timestamps to reduce logger noise * Fix directory pull image names * Fix handling of /dev/null masked devices * Fix possible runtime panic on bud * Update bud/from help to contain indicator for --dns=none * Update documentation about bud * Update shebangs to take env into consideration * Use content digests in ADD/COPY history entries * add support for cgroupsV2 * add: add a DryRun flag to AddAndCopyOptions * add: handle hard links when copying with .dockerignore * add: teach copyFileWithTar() about symlinks and directories * imagebuilder: fix detection of referenced stage roots * pull/commit/push: pay attention to $BUILD_REGISTRY_SOURCES * run_linux: fix mounting /sys in a userns - Remove hardly set build tags in favor of the Makefile ------------------------------------------------------------------- Mon Sep 2 12:02:44 UTC 2019 - Sascha Grunert - Add patch for CVE-2019-10214. bsc#1144065 + CVE-2019-10214.patch ------------------------------------------------------------------- Fri Aug 16 06:32:33 UTC 2019 - Sascha Grunert - Update to v1.10.1 * Add automatic apparmor tag discovery * Add overlayfs to fuse-overlayfs tip * Bug fix for volume minus syntax * Bump container/storage v1.13.1 and containers/image v3.0.1 * Bump containers/image to v3.0.2 to fix keyring issue * Fix bug whereby --get-login has no effect * Bump github.com/containernetworking/cni to v0.7.1 - Add appamor-pattern requirement ------------------------------------------------------------------- Mon Aug 5 10:41:41 UTC 2019 - Sascha Grunert - Update build process to match the latest repository architecture - Update to v1.10.0 * vendor github.com/containers/image@v3.0.0 * Remove GO111MODULE in favor of -mod=vendor * Vendor in containers/storage v1.12.16 * Add '-' minus syntax for removal of config values * tests: enable overlay tests for rootless * rootless, overlay: use fuse-overlayfs * vendor github.com/containers/image@v2.0.1 * Added '-' syntax to remove volume config option * delete successfully pushed message * Add golint linter and apply fixes * vendor github.com/containers/storage@v1.12.15 * Change wait to sleep in buildahimage readme * Handle ReadOnly images when deleting images * Add support for listing read/only images * from/import: record the base image's digest, if it has one * Fix CNI version retrieval to not require network connection * Add misspell linter and apply fixes * Add goimports linter and apply fixes * Add stylecheck linter and apply fixes * Add unconvert linter and apply fixes * image: make sure we don't try to use zstd compression * run.bats: skip the "z" flag when testing --mount * Update to runc v1.0.0-rc8 * Update to match updated runtime-tools API * bump github.com/opencontainers/runtime-tools to v0.9.0 * Build e2e tests using the proper build tags * Add unparam linter and apply fixes * Run: correct a typo in the --cap-add help text * unshare: add a --mount flag * fix push check image name is not empty * add: fix slow copy with no excludes * Add errcheck linter and fix missing error check * Improve tests/tools/Makefile parallelism and abstraction * Fix response body not closed resource leak * Switch to golangci-lint * Add gomod instructions and mailing list links * On Masked path, check if /dev/null already mounted before mounting * Update to containers/storage v1.12.13 * Refactor code in package imagebuildah * Add rootless podman with NFS issue in documentation * Add --mount for buildah run * import method ValidateVolumeOpts from libpod * Fix typo * Makefile: set GO111MODULE=off * rootless: add the built-in slirp DNS server * Update docker/libnetwork to get rid of outdated sctp package * Update buildah-login.md * migrate to go modules * install.md: mention go modules * tests/tools: go module for test binaries * fix --volume splits comma delimited option * Add bud test for RUN with a priv'd command * vendor logrus v1.4.2 * pkg/cli: panic when flags can't be hidden * pkg/unshare: check all errors * pull: check error during report write * run_linux.go: ignore unchecked errors * conformance test: catch copy error * chroot/run_test.go: export funcs to actually be executed * tests/imgtype: ignore error when shutting down the store * testreport: check json error * bind/util.go: remove unused func * rm chroot/util.go * imagebuildah: remove unused dedupeStringSlice * StageExecutor: EnsureContainerPath: catch error from SecureJoin() * imagebuildah/build.go: return instead of branching * rmi: avoid redundant branching * conformance tests: nilness: allocate map * imagebuildah/build.go: avoid redundant filepath.Join() * imagebuildah/build.go: avoid redundant os.Stat() * imagebuildah: omit comparison to bool * fix "ineffectual assignment" lint errors * docker: ignore "repeats json tag" lint error * pkg/unshare: use ... instead of iterating a slice * conformance: bud test: use raw strings for regexes * conformance suite: remove unused func/var * buildah test suite: remove unused vars/funcs * testreport: fix golangci-lint errors * util: remove redundant return statement * chroot: only log clean-up errors * images_test: ignore golangci-lint error * blobcache: log error when draining the pipe * imagebuildah: check errors in deferred calls * chroot: fix error handling in deferred funcs * cmd: check all errors * chroot/run_test.go: check errors * chroot/run.go: check errors in deferred calls * imagebuildah.Executor: remove unused onbuild field * docker/types.go: remove unused struct fields * util: use strings.ContainsRune instead of index check * Cirrus: Initial implementation * buildah-run: fix-out-of-range panic (2) * Update containers/image to v2.0.0 * run: fix hang with run and --isolation=chroot * run: fix hang when using run * chroot: drop unused function call * remove --> before imgageID on build * Always close stdin pipe * Write deny to setgroups when doing single user mapping * Avoid including linux/memfd.h * Add a test for the symlink pointing to a directory * Add missing continue * Fix the handling of symlinks to absolute paths * Only set default network sysctls if not rootless * Support --dns=none like podman * fix bug --cpu-shares parsing typo * Fix validate complaint * Update vendor on containers/storage to v1.12.10 * Create directory paths for COPY thereby ensuring correct perms * imagebuildah: use a stable sort for comparing build args * imagebuildah: tighten up cache checking * bud.bats: add a test verying the order of --build-args * add -t to podman run * imagebuildah: simplify screening by top layers * imagebuildah: handle ID mappings for COPY --from * imagebuildah: apply additionalTags ourselves * bud.bats: test additional tags with cached images * bud.bats: add a test for WORKDIR and COPY with absolute destinations * Cleanup Overlay Mounts content * Add support for file secret mounts * Add ability to skip secrets in mounts file * allow 32bit builds * fix tutorial instructions * imagebuilder: pass the right contextDir to Add() * add: use fileutils.PatternMatcher for .dockerignore * bud.bats: add another .dockerignore test * unshare: fallback to single usermapping * addHelperSymlink: clear the destination on os.IsExist errors * bud.bats: test replacing symbolic links * imagebuildah: fix handling of destinations that end with '/' * bud.bats: test COPY with a final "/" in the destination * linux: add check for sysctl before using it * unshare: set _CONTAINERS_ROOTLESS_GID * Rework buildahimamges * build context: support https git repos * Add a test for ENV special chars behaviour * Check in new Dockerfiles * Apply custom SHELL during build time * config: expand variables only at the command line * SetEnv: we only need to expand v once * Add default /root if empty on chroot iso * Add support for Overlay volumes into the container. * Export buildah validate volume functions so it can share code with libpod * Bump baseline test to F30 * Fix rootless handling of /dev/shm size * Avoid fmt.Printf() in the library * imagebuildah: tighten cache checking back up * Handle WORKDIR with dangling target * Default Authfile to proper path * Make buildah run --isolation follow BUILDAH_ISOLATION environment * Vendor in latest containers/storage and containers/image * getParent/getChildren: handle layerless images * imagebuildah: recognize cache images for layerless images * bud.bats: test scratch images with --layers caching * Get CHANGELOG.md updates * Add some symlinks to test our .dockerignore logic * imagebuildah: addHelper: handle symbolic links * commit/push: use an everything-allowed policy * Correct manpage formatting in files section * Remove must be root statement from buildah doc * Change image names to stable, testing and upstream * Don't create directory on container * Replace kubernetes/pause in tests with k8s.gcr.io/pause * imagebuildah: don't remove intermediate images if we need them * Rework buildahimagegit to buildahimageupstream * Fix Transient Mounts * Handle WORKDIRs that are symlinks * allow podman to build a client for windows * Touch up 1.9-dev to 1.9.0-dev * Resolve symlink when checking container path * commit: commit on every instruction, but not always with layers * CommitOptions: drop the unused OnBuild field * makeImageRef: pass in the whole CommitOptions structure * cmd: API cleanup: stores before images * run: check if SELinux is enabled * Fix buildahimages Dockerfiles to include support for additionalimages mounted from host. * Detect changes in rootdir * Fix typo in buildah-pull(1) * Vendor in latest containers/storage * Keep track of any build-args used during buildah bud --layers * commit: always set a parent ID * imagebuildah: rework unused-argument detection * fix bug dest path when COPY .dockerignore * Move Host IDMAppings code from util to unshare * Add BUILDAH_ISOLATION rootless back * Travis CI: fail fast, upon error in any step * imagebuildah: only commit images for intermediate stages if we have to * Use errors.Cause() when checking for IsNotExist errors * auto pass http_proxy to container * imagebuildah: don't leak image structs * Add Dockerfiles for buildahimages * Bump to Replace golang 1.10 with 1.12 * add --dns* flags to buildah bud * Add hack/build_speed.sh test speeds on building container images * Create buildahimage Dockerfile for Quay * rename 'is' to 'expect_output' * squash.bats: test squashing in multi-layered builds * bud.bats: test COPY --from in a Dockerfile while using the cache * commit: make target image names optional * Fix bud-args to allow comma separation * oops, missed some tests in commit.bats * new helper: expect_line_count * New tests for #1467 (string slices in cmdline opts) * Workarounds for dealing with travis; review feedback * BATS tests - extensive but minor cleanup * imagebuildah: defer pulling images for COPY --from * imagebuildah: centralize COMMIT and image ID output * Travis: do not use traviswait * imagebuildah: only initialize imagebuilder configuration once per stage * Make cleaner error on Dockerfile build errors * unshare: move to pkg/ * unshare: move some code from cmd/buildah/unshare * Fix handling of Slices versus Arrays * imagebuildah: reorganize stage and per-stage logic * imagebuildah: add empty layers for instructions * Add missing step in installing into Ubuntu * fix bug in .dockerignore support * imagebuildah: deduplicate prepended "FROM" instructions * Touch up intro * commit: set created-by to the shell if it isn't set * commit: check that we always set a "created-by" * docs/buildah.md: add "containers-" prefixes under "SEE ALSO" ------------------------------------------------------------------- Mon Apr 1 14:47:27 UTC 2019 - Richard Brown - Update to v1.7.2 * Updates vendored containers/storage to latest version * rootless: by default use the host network namespace ------------------------------------------------------------------- Fri Mar 1 10:12:50 UTC 2019 - Richard Brown - Update to v1.7.1 * Minor fix to vendor in github.com/containers/image 1.5 version * This fixes a crash on pulling of images - Stop building from specific commit ------------------------------------------------------------------- Tue Feb 26 16:51:30 UTC 2019 - Richard Brown - Update to v1.7 * vendor containers/image v1.4 * Make "images --all" faster * Remove quiet option from pull options * Support oci layout format ------------------------------------------------------------------- Thu Jan 17 14:21:58 UTC 2019 - Richard Brown - Update to v1.6 * unshare: do not set USER=root * run: ignore EIO when flushing at the end, avoid double log * build-using-dockerfile,commit: disable compression by default * Make rootless work under no_pivot_root * Properly format images JSON output * Assume user 0 group 0, if /etc/passwd file in container. * Add buildah info command - Full changelog: https://github.com/containers/buildah/releases/tag/v1.6 ------------------------------------------------------------------- Fri Nov 23 07:57:58 UTC 2018 - Valentin Rothberg - Changelog for v1.5-1 (2018-11-21) * Print command in SystemExec as debug information * Sort CLI flags * Update imagebuild depdency to support heading ARGs in Dockerfile * rootless: do not specify --rootless to the OCI runtime * Exclude --force-rm from common bud cli flags * run: bind mount /etc/hosts and /etc/resolv.conf if not in a volume * rootless: use slirp4netns to setup the network namespace * rootless: only discard network configuration names * run: only set up /etc/hosts or /etc/resolv.conf with network * Handle directories better in bud -f * common: support a per-user registries conf file * unshare: do not override the configuration * common: honor the rootless configuration file * unshare: create a new mount namespace * unshare: support libpod rootless pkg * Allow container storage to manage the SELinux labels * imagebuilder.BuildDockerfiles: return the image ID * Allow setting --no-pivot default with an env var * Add man page and bash completion, for --no-pivot * Add the --no-pivot flag to the run command * Improve reporting about individual pull failures * Fix From As in Dockerfile * Sort CLI flags of buildah bud * unshare: detect when unprivileged userns are disabled * buildah: use the same logic for XDG_RUNTIME_DIR as podman * Make sure we log or return every error * Correctly set DockerInsecureSkipTLSVerify when pulling images * chroot: set up seccomp and capabilities after supplemental groups * chroot: fix capabilities list setup and application ------------------------------------------------------------------- Sun Nov 4 08:49:19 UTC 2018 - Valentin Rothberg - Require slirp4netns to enable networking for unprivileged network namespaces aka networking for rootless buildah. ------------------------------------------------------------------- Wed Oct 3 07:32:39 UTC 2018 - Valentin Rothberg - Changelog for v1.4 (2018-10-02) * Touchup pull manpage * Export buildah ReserveSELinuxLables so podman can use it * Update rmi man for prune changes * Copy ExposedPorts from base image into the config * Change rmi --prune to not accept an imageID * Builtin volumes should be owned by the UID/GID of the container * Move buildah from projecatatomic/buildah to containers/buildah * bash: Completion options * Don't build btrfs if it is not installed * Push: Allow an empty destination * Fix arg usage in buildah-tag * Evaluate symbolic links on Add/Copy Commands * Retain bounding set when running containers as non root * push: show image digest after push succeed * Exclude --layers from the common bug cli flags * Make buildah-from error message clear when flags are after arg * Warn about using Commands in Dockerfile that are not supported by OCI. * Document BUILDAH_* environment variables in buildah bud --help output * Fix --layers ADD from url issue * Display the correct ID after deleting image * Handle COPY --chown in Dockerfile * Document STORAGE_DRIVER and STORAGE_OPTS environment variable * Expand variables names for --env ------------------------------------------------------------------- Wed Sep 5 07:47:01 UTC 2018 - Valentin Rothberg - Set the correct commit for `buildah version`. - Set the cnilib version for `buildah version`. ------------------------------------------------------------------- Mon Aug 6 06:17:06 UTC 2018 - vrothberg@suse.com - Update buildah to v1.3: * bud should not search context directory for Dockerfile * Set BUILDAH_ISOLATION=rootless when running unprivileged * Fix rmi to remove intermediate images associated with an image * Set the default ulimits to match Docker * buildah: no args is out of bounds * preprocess ".in" suffixed Dockerfiles * Add support for multiple Short options * Update to latest urvave/cli * Create buildah pull command * Allow ping command without NET_RAW Capabilities * Allow Dockerfile content to come from stdin * add rename command * Completion command * Update vendor for runc to fix 32 bit builds ------------------------------------------------------------------- Mon Jul 16 06:33:14 UTC 2018 - vrothberg@suse.com - Update buildah to v1.2: * build-using-dockerfile: let -t include transports again * Block use of /proc/acpi and /proc/keys from inside containers * Fix handling of -registries-conf * Add -cidfile option to from * Add a -loglevel option to build-with-dockerfile * docs: Follow man-pages(7) suggestions for SYNOPSIS * umount: add all option to umount all mounted containers * Fix buildah bud -layers * Force ownership of /etc/hosts and /etc/resolv.conf to 0:0 * build without seccomp * Add Capabilities lists to BuilderInfo * Fix ARGS parsing for run commands * Add info on registries.conf to from manpage * mount: support multiple inputs * Allow -userns-uid-map/-userns-gid-map to be global options * Add -rm and -force-rm to buildah bud * Add -all,-a flag to buildah images * Add environment variable BUILDAH_RUNTIME * Add -layers and -no-cache to buildah bud * Change 'registries' to 'container registries' in man * Add registries.conf link to a few man pages - install missing buildah (1) manpage - install bash completion at /usr/share/bash-completion/completions - buildmode=pie: build position independent code ------------------------------------------------------------------- Mon Jun 11 05:52:37 UTC 2018 - vrothberg@suse.com - Update buildah to v1.1: * Drop capabilities if running container processes as non root * Print Warning message if cmd will not be used based on entrypoint * Shouldn't add insecure registries to list of search registries * Report errors on bad transports specification when pushing images * Add disable-content-trust noop flag to bud * runCopyStdio(): don't close stdin unless we saw POLLHUP * Add registry errors for pull * Give better messages to users when image can not be found * Add environment variable to buildah --format * Accept json array input for config entrypoint * Add OnBuild support for Dockerfiles * buildah bud should require a context directory or URL * buildah bud picks up ENV from base image * Add CLI options for specifying namespace and cgroup setup * Read UID/GID mapping information from containers and images * build-using-dockerfile: add --annotation * Implement --squash for build-using-dockerfile and commit * Vendor in latest container/storage for devicemapper support * Test with Go 1.10, too * Handle /etc/hosts and /etc/resolv.conf properly in container * Add support for buildah bud --label * buildah push/from can push and pull images with no reference * builder-inspect: fix format option * Add cpu-shares short flag (-c) and cpu-shares CI tests ------------------------------------------------------------------- Sun Jun 10 23:44:35 UTC 2018 - jengelh@inai.de - Use noun phrase in summary. ------------------------------------------------------------------- Thu Jun 7 06:46:21 UTC 2018 - vrothberg@suse.com - Update buildah to v1.0: * Update option and documentation for --force-rm * Update buildah run to make command required * Do not print directly to stdout in Commit() * Force "localhost" as a default registry * Validate host and container paths passed to --volume * Add --compress, --rm, --squash flags as a noop for bud * Add FIPS mode secret to buildah run and bud * Add config --comment/--domainname/--history-comment/--hostname * 'buildah config': stop replacing Created-By whenever it's not specified * Modify man pages so they compile correctly in mandb * Add description on how to do --isolation to buildah-bud man page * Add support for --iidfile to bud and commit * Remove tarball as an option from buildah push --help * Fix secrets patch * Display imageId after commit * config: add support for StopSignal * Allow referencing stages as index and names * Add multi-stage builds support * Allow umount to have multi-containers * buildah bud walks symlinks * Allow --cmd parameter to have commands as values * Make default-mounts-file a hidden option * Add various transport support to buildah from * shallowCopy: avoid a second read of the container's layer * Add openSUSE in install section * run: do not open /etc/hosts if not needed ------------------------------------------------------------------- Tue Jun 5 08:18:08 UTC 2018 - dcassany@suse.com - Refactor %license usage to a simpler form ------------------------------------------------------------------- Mon Jun 4 08:54:58 UTC 2018 - dcassany@suse.com - Make use of %license macro ------------------------------------------------------------------- Wed Apr 4 09:52:25 UTC 2018 - vrothberg@suse.com - Change build date to SOURCE_DATE_EPOCH to make builds reproducible. ------------------------------------------------------------------- Thu Mar 29 08:50:12 UTC 2018 - vrothberg@suse.com - Fix `buildah version` by compiling the build date into the binary. ------------------------------------------------------------------- Tue Mar 6 08:28:55 UTC 2018 - vrothberg@suse.com - Package buildah v0.12. Buildah is a tool to build OCI images, and is used by podman-build.