[1.19] copier: add GetOptions.IgnoreUnreadable #3063
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…9 branch Cherry pick @vrothberg's "use local image name for pull policy checks" containers#2908 and update the cirrus and git validations so the test will run on this new(ish) branch. From @vrothberg: Some pull policies require to first look up a local image and compare that to the remote counter part. When looking up the remote image, we need to make sure to use the name of the local image, if it exists. This fixes a bug where a short name resolved to an image with the "localhost/" prefix. This prefix is only used for local image look ups via shortnames.ResolveLocally. Hence, when looking up the remote counter part, we must preserve this prefix. Fixes: containers#2904 Signed-off-by: TomSweeneyRedHat <[email protected]>
…/picknew Cherry pick localhost fix and update CI configuration for release-1.1…
As per title Signed-off-by: Ashley Cui <[email protected]>
When using volume mounts, the destination directory will get created if it does not exists. The current code blows up when the destination directory did not exists. Signed-off-by: Daniel J Walsh <[email protected]>
Signed-off-by: Daniel J Walsh <[email protected]>
Currently we have a weird situation where the user sets the default runtime in his containers.conf for podman but Buildah is still falling back to use runc because it was hard coded as the default for Buildah. I would like to remove this default, but that would theoretically break the API promise of Buildah. This should fix containers/podman#8893 Signed-off-by: Daniel J Walsh <[email protected]>
If a user sets the ENV to be used with the build-arg flag in the local environment by exporting it, look it up and use the value set there for that ENV. Add tests to cover this use case as well. Signed-off-by: Urvashi Mohnani <[email protected]>
[release-1.19] Use build-arg ENV val from local environment if set
Pick default OCI Runtime from containers.conf
Detect local-image lookups by digest. Those clearly refer to local images only, so we must not proceed to remote lookups. Note that the specifed digest refers to an image ID and not to the digest of an image's manifest. Fixes: containers#2836 Signed-off-by: Valentin Rothberg <[email protected]>
local image lookup by digest
Signed-off-by: TomSweeneyRedHat <[email protected]>
Bump golang.org/x/crypto to latest rel-1.19
Check whether the ARG in the containerfile is changed by either the --build-arg flag or local environment and use the cached layer or rebuild the layer accordingly. Add tests for this use case as well. Signed-off-by: Urvashi Mohnani <[email protected]>
Signed-off-by: Daniel J Walsh <[email protected]>
[release-1.19] Rebuild layer if a change in ARG is detected
Signed-off-by: Daniel J Walsh <[email protected]>
Vendor in containers/image v5.10.1
[ci:docs] Fix man page for buildah push
Signed-off-by: TomSweeneyRedHat <[email protected]>
Bump to v1.19.3
Fix the check on build args to be the length of the map and not whether the map is nil. The nil check was causing the cache layer to not be used as it would give a false result. Signed-off-by: Urvashi Mohnani <[email protected]>
Fix build arg check
Currently if you attempt to build create a manifest and add a local image, the command blows up. The current code always looks for a remote image. This PR fixes the code to use the local image if it exists. Signed-off-by: Daniel J Walsh <[email protected]>
Buildah bud --manifest XYZ was not working. The manifest was never created. This PR Finishes the plumbing and allows users to create a manifest while building an image in one single command. Signed-off-by: Daniel J Walsh <[email protected]>
Signed-off-by: Lokesh Mandvekar <[email protected]>
[1.19] buildah manifest add localimage should work
bump containernetworking/cni library to v0.8.1 - fix for CVE-2021-20206
check the pidns is shared with the host only when the pidns mode is specified. Signed-off-by: Giuseppe Scrivano <[email protected]>
One of the auth tests is failing on RHEL8.4: # buildah push --tls-verify=true ... Get "https://localhost:5000/v2/": x509: certificate relies on legacy Common Name field, use SANs or temporarily enable Common Name matching with GODEBUG=x509ignoreCN=0 (Expected output: ' x509: certificate signed by unknown authority') Cause: who knows? Some internal Go change. Solution: set magic GODEBUG envariable in the buildah invocation. This makes that message go away, and gives us the expected one. Indicate that this may be a temporary workaround. I vaguely recall reading that a future version of Go would remove it. We'll deal with that then. Signed-off-by: Ed Santiago <[email protected]>
Bz1914884 backport
Cherrypick containers#2978 to fix and issue when copying files to an empty directory on a container. Signed-off-by: TomSweeneyRedHat <[email protected]>
…dir_1.19 Don't fail copy to emptydir - v1.19
Signed-off-by: TomSweeneyRedHat <[email protected]>
…2_v1.24.6 Bump containers/storage v1.24.6
Signed-off-by: TomSweeneyRedHat <[email protected]>
Bulidah v1.19.6
If the subprocess exits with an error, but we can't decode its stdout as a proper status result, check if it produced error output. If it did, then return its error output as the error. Signed-off-by: Nalin Dahyabhai <[email protected]>
When attempting to handle renames, we'd fail to correctly handle renames of prefixes of a given item's path because of a string handling error, and add a unit test for the rename logic (finally). Signed-off-by: Nalin Dahyabhai <[email protected]>
Add copier.Eval(), for expanding paths using symbolic links in a chrooted scope, without failing if a path component doesn't exist. Signed-off-by: Nalin Dahyabhai <[email protected]>
Add a NoDerefSymlinks flag to force items that are matched to the Globs we're given to be treated as symlinks, rather than dereferencing them as we would need to do for sources for ADD or COPY. Signed-off-by: Nalin Dahyabhai <[email protected]>
Always create the destination directory first when ADDing or COPYing content into a container, then extract contents into it using the destination directory as the chroot instead of the container's root directory. Signed-off-by: Nalin Dahyabhai <[email protected]>
[release-1.19] ADD/COPY: create the destination directory first, chroot to it
We are setting the permissions based on the dest dir rather then the source dir. Since we want this to work identical to a bind mount, we need to have the permissions align. There is also an issue where overlays on existing mounts is blowing up. Signed-off-by: Daniel J Walsh <[email protected]>
Signed-off-by: Daniel J Walsh <[email protected]>
Cherry-pick: Set upperdir permissions based on source
Add an IgnoreUnreadable flag to copier.GetOptions to suppress errors from copier.Get() that would pass the os.IsPermission() test, if they're encountered while attempting to read files or descend into directories. Signed-off-by: Nalin Dahyabhai <[email protected]>
* copier: add GetOptions.IgnoreUnreadable Signed-off-by: Valentin Rothberg <[email protected]>
Signed-off-by: Valentin Rothberg <[email protected]>
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: vrothberg The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
@vrothberg: PR needs rebase. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
openshift-ci-robot
added
the
needs-rebase
|
Wrong target branch. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
@nalind @rhatdan PTAL
I want that in containers/podman#9630. Vendoring master barks as the F33 images need an updated libcap.