![buildah logo](https://cdn.rawgit.com/containers/buildah/main/logos/buildah-logo_large.png) # Changelog ## v1.38.0 (2024-11-08) Bump to c/common v0.61.0, c/image v5.33.0, c/storage v1.56.0 fix(deps): update module golang.org/x/crypto to v0.29.0 fix(deps): update module github.com/moby/buildkit to v0.17.1 fix(deps): update module github.com/containers/storage to v1.56.0 tests: skip two ulimit tests CI VMs: bump f40 -> f41 tests/tools: rebuild tools when we change versions tests/tools: update golangci-lint to v1.61.0 fix(deps): update module github.com/moby/buildkit to v0.17.0 Handle RUN --mount with relative targets and no configured workdir tests: bud: make parallel-safe fix(deps): update module github.com/opencontainers/runc to v1.2.1 fix(deps): update golang.org/x/exp digest to f66d83c fix(deps): update github.com/opencontainers/runtime-tools digest to 6c9570a tests: blobcache: use unique image name tests: sbom: never write to cwd tests: mkcw: bug fixes, refactor deps: bump runc to v1.2.0 deps: switch to moby/sys/userns tests/test_runner.sh: remove some redundancies Integration tests: run git daemon on a random-but-bind()able port fix(deps): update module github.com/opencontainers/selinux to v1.11.1 go.mod: remove unnecessary replace Document more buildah build --secret options Add support for COPY --exclude and ADD --exclude options fix(deps): update github.com/containers/luksy digest to e2530d6 chore(deps): update dependency containers/automation_images to v20241010 fix(deps): update module github.com/cyphar/filepath-securejoin to v0.3.4 Properly validate cache IDs and sources [skip-ci] Packit: constrain koji job to fedora package to avoid dupes Audit and tidy OWNERS fix(deps): update module golang.org/x/crypto to v0.28.0 tests: add quotes to names vendor: update c/common to latest CVE-2024-9407: validate "bind-propagation" flag settings vendor: switch to moby/sys/capability Don't set ambient capabilities Document that zstd:chunked is downgraded to zstd when encrypting fix(deps): update module github.com/cyphar/filepath-securejoin to v0.3.3 buildah-manifest-create.1: Fix manpage section chore(deps): update dependency ubuntu to v24 Make `buildah manifest push --all` true by default chroot: add newlines at the end of printed error messages Do not error on trying to write IMA xattr as rootless fix: remove duplicate conditions fix(deps): update module github.com/moby/buildkit to v0.16.0 fix(deps): update module github.com/cyphar/filepath-securejoin to v0.3.2 Document how entrypoint is configured in buildah config In a container, try to register binfmt_misc imagebuildah.StageExecutor: clean up volumes/volumeCache build: fall back to parsing a TARGETPLATFORM build-arg `manifest add --artifact`: handle multiple values Packit: split out ELN jobs and reuse fedora downstream targets Packit: Enable sidetags for bodhi updates fix(deps): update module github.com/docker/docker to v27.2.1+incompatible tests/bud.bats: add git source add: add support for git source Add support for the new c/common pasta options vendor latest c/common fix(deps): update module golang.org/x/term to v0.24.0 fix(deps): update module github.com/fsouza/go-dockerclient to v1.12.0 packit: update fedora and epel targets cirrus: disable f39 testing cirrus: fix fedora names update to go 1.22 Vendor c/common:9d025e4cb348 copier: handle globbing with "**" path components fix(deps): update golang.org/x/exp digest to 9b4947d fix(deps): update github.com/containers/luksy digest to 2e7307c imagebuildah: make scratch config handling toggleable fix(deps): update module github.com/docker/docker to v27.2.0+incompatible Add a validation script for Makefile $(SOURCES) fix(deps): update module github.com/openshift/imagebuilder to v1.2.15 New VMs Update some godocs, use 0o to prefix an octal in a comment buildah-build.1.md: expand the --layer-label description fix(deps): update module github.com/containers/common to v0.60.2 run: fix a nil pointer dereference on FreeBSD CI: enable the whitespace linter Fix some govet linter warnings Commit(): retry committing to local storage on storage.LayerUnknown CI: enable the gofumpt linter conformance: move weirdly-named files out of the repository fix(deps): update module github.com/docker/docker to v27.1.2+incompatible fix(deps): update module github.com/containers/common to v0.60.1 *: use gofmt -s, add gofmt linter *: fix build tags fix(deps): update module github.com/containers/image/v5 to v5.32.1 Add(): re-escape any globbed items that included escapes conformance tests: use mirror.gcr.io for most images unit tests: use test-specific policy.json and registries.conf fix(deps): update module golang.org/x/sys to v0.24.0 Update to spun-out "github.com/containerd/platforms" Bump github.com/containerd/containerd test/tools/Makefile: duplicate the vendor-in-container target linters: unchecked error linters: don't end loop iterations with "else" when "then" would linters: unused arguments shouldn't have names linters: rename checkIdsGreaterThan5() to checkIDsGreaterThan5() linters: don't name variables "cap" `make lint`: use --timeout instead of --deadline Drop the e2e test suite fix(deps): update module golang.org/x/crypto to v0.26.0 fix(deps): update module github.com/onsi/gomega to v1.34.1 `make vendor-in-container`: use the caller's Go cache if it exists fix(deps): fix test/tools ginkgo typo fix(deps): update module github.com/onsi/ginkgo/v2 to v2.19.1 Update to keep up with API changes in storage fix(deps): update github.com/containers/luksy digest to 1f482a9 install: On Debian/Ubuntu, add installation of libbtrfs-dev fix(deps): update module golang.org/x/sys to v0.23.0 fix(deps): update golang.org/x/exp digest to 8a7402a fix(deps): update module github.com/fsouza/go-dockerclient to v1.11.2 Use Epoch: 2 and respect the epoch in dependencies. Bump to Buildah v1.38.0-dev AddAndCopyOptions: add CertPath, InsecureSkipTLSVerify, Retry fields Add PrependedLinkedLayers/AppendedLinkedLayers to CommitOptions integration tests: teach starthttpd() about TLS and pid files ## vv1.37.0 (2024-07-26) Bump c/storage, c/image, c/common for v1.37.0 "build with basename resolving user arg" tests: correct ARG use bud-multiple-platform-no-run test: correct ARG use imagebuildah: always have default values for $TARGET... args ready bump github.com/openshift/imagebuilder to v1.2.14 fix(deps): update module github.com/docker/docker to v27.1.1+incompatible fix(deps): update module github.com/cyphar/filepath-securejoin to v0.3.1 fix(deps): update module github.com/docker/docker to v27.1.0+incompatible CI: use local registry, part 2 of 2 CI: use local registry, part 1 of 2 fix(deps): update module github.com/fsouza/go-dockerclient to v1.11.1 Revert "fix(deps): update github.com/containers/image/v5 to v5.31.1" Replace libimage.LookupReferenceFunc with the manifests version conformance tests: enable testing CompatVolumes conformance tests: add a test that tries to chown a volume imagebuildah: make traditional volume handling not the default StageExecutor.prepare(): mark base image volumes for preservation fix(deps): update module github.com/containers/image/v5 to v5.31.1 Vendor in latest containers/(common, storage, image) fix(deps): update module golang.org/x/term to v0.22.0 fix(deps): update module golang.org/x/sys to v0.22.0 fix(deps): update golang.org/x/exp digest to 7f521ea fix(deps): update github.com/containers/luksy digest to a8846e2 imagebuildah.StageExecutor.Copy(): reject new flags for now bump github.com/openshift/imagebuilder to v1.2.11 Rework parsing of --pull flags fix(deps): update module github.com/containers/image/v5 to v5.31.1 imagebuildah.StageExecutor.prepare(): log the --platform flag CI VMs: bump buildah copy: preserve owner info with --from= a container or image conformance tests: enable testing CompatSetParent containerImageRef.NewImageSource(): move the FROM comment to first commit: set "parent" for docker format only when requested Update godoc for Builder.EnsureContainerPathAs fix(deps): update module github.com/spf13/cobra to v1.8.1 fix(deps): update module github.com/containernetworking/cni to v1.2.0 fix(deps): update module github.com/opencontainers/runc to v1.1.13 Change default for podman build to --pull missing fix(deps): update module github.com/containers/common to v0.59.1 Clarify definition of --pull options buildah: fix a nil pointer reference on FreeBSD Use /var/tmp for $TMPDIR for vfs conformance jobs Cirrus: run `df` during job setup conformance: use quay.io/libpod/centos:7 instead of centos:8 Stop setting "parent" in docker format conformance: check if workdir trims path separator suffixes push integration test: pass password to docker login via stdin Re-enable the "copy with chown" conformance test healthcheck: Add support for `--start-interval` fix(deps): update module github.com/docker/docker to v26.1.4+incompatible fix(deps): update module github.com/containerd/containerd to v1.7.18 tests: set _CONTAINERS_USERNS_CONFIGURED=done for libnetwork Cross-build on Fedora Drop copyStringSlice() and copyStringStringMap() fix(deps): update module golang.org/x/crypto to v0.24.0 fix(deps): update module github.com/openshift/imagebuilder to v1.2.10 Provide an uptime_netbsd.go Spell unix as "!windows" Add netbsd to lists-of-OSes fix(deps): update golang.org/x/exp digest to fd00a4e [skip-ci] Packit: enable c10s downstream sync CI VMs: bump, to debian with cgroups v2 Document when BlobDirectory is overridden fix secret mounts for env vars when using chroot isolation Change to take a types.ImageReference arg imagebuildah: Support custom image reference lookup for cache push/pull fix(deps): update module github.com/onsi/ginkgo/v2 to v2.19.0 Bump to v1.37.0-dev CI: Clarify Debian use for conformance tests ## v1.36.0 (2024-05-23) build: be more selective about specifying the default OS Bump to c/common v0.59.0 Fix buildah prune --help showing the same example twice fix(deps): update module github.com/onsi/ginkgo/v2 to v2.18.0 fix(deps): update module github.com/containers/image/v5 to v5.31.0 bud tests: fix breakage when vendoring into podman Integration tests: fake up a replacement for nixery.dev/shell copierWithSubprocess(): try to capture stderr on io.ErrClosedPipe Don't expand RUN heredocs ourselves, let the shell do it Don't leak temp files on failures Add release note template to split dependency chores fix CentOS/RHEL build - no BATS there fix(deps): update module github.com/containers/luksy to v0.0.0-20240506205542-84b50f50f3ee Address CVE-2024-3727 chore(deps): update module github.com/opencontainers/runtime-spec to v1.2.0 Builder.cdiSetupDevicesInSpecdefConfig(): use configured CDI dirs Setting --arch should set the TARGETARCH build arg fix(deps): update module golang.org/x/exp to v0.0.0-20240416160154-fe59bbe5cc7f [CI:DOCS] Add link to Buildah image page to README.md Don't set GOTOOLCHAIN=local fix(deps): update module github.com/cyphar/filepath-securejoin to v0.2.5 Makefile: set GOTOOLCHAIN=local Integration tests: switch some base images containerImageRef.NewImageSource: merge the tar filters fix(deps): update module github.com/onsi/ginkgo/v2 to v2.17.2 fix(deps): update module github.com/containers/luksy to v0.0.0-20240408185936-afd8e7619947 Disable packit builds for centos-stream+epel-next-8 Makefile: add missing files to $(SOURCES) CI VMs: bump to new versions with tmpfs /tmp chore(deps): update module golang.org/x/net to v0.23.0 [security] integration test: handle new labels in "bud and test --unsetlabel" Switch packit configuration to use epel-9-$arch ... Give unit tests a bit more time Integration tests: remove a couple of duplicated tests Integration tests: whitespace tweaks Integration tests: don't remove images at start or end of test Integration tests: use cached images more Integration tests _prefetch: use registry configs internal: use fileutils.(Le|E)xists pkg/parse: use fileutils.(Le|E)xists buildah: use fileutils.(Le|E)xists chroot: use fileutils.(Le|E)xists vendor: update containers/(common|storage) Fix issue/pr lock workflow [CI:DOCS] Add golang 1.21 update warning heredoc: honor inline COPY irrespective of ignorefiles Update install.md source-push: add support for --digestfile Fix caching when mounting a cached stage with COPY/ADD fix(deps): update github.com/containers/luksy digest to 3d2cf0e Makefile: softcode `strip`, use it from env var Man page updates Add support for passing CDI specs to --device Update comments on some API objects pkg/parse.DeviceFromPath(): dereference src symlinks fix(deps): update module github.com/onsi/ginkgo/v2 to v2.17.1 ## v1.35.0 (2024-03-06) fix(deps): update module github.com/stretchr/testify to v1.9.0 cgroups: reuse version check from c/common Update vendor of containers/(common,image) fix(deps): update github.com/containers/storage digest to eadc620 fix(deps): update github.com/containers/luksy digest to ceb12d4 fix(deps): update github.com/containers/image/v5 digest to cdc6802 manifest add: complain if we get artifact flags without --artifact Use retry logic from containers/common Vendor in containers/(storage,image,common) Update module golang.org/x/crypto to v0.20.0 Add comment re: Total Success task name tests: skip_if_no_unshare(): check for --setuid Properly handle build --pull=false [skip-ci] Update tim-actions/get-pr-commits action to v1.3.1 Update module go.etcd.io/bbolt to v1.3.9 Revert "Reduce official image size" Update module github.com/opencontainers/image-spec to v1.1.0 Reduce official image size Build with CNI support on FreeBSD build --all-platforms: skip some base "image" platforms Bump main to v1.35.0-dev Vendor in latest containers/(storage,image,common) Split up error messages for missing --sbom related flags `buildah manifest`: add artifact-related options cmd/buildah/manifest.go: lock lists before adding/annotating/pushing cmd/buildah/manifest.go: don't make struct declarations aliases Use golang.org/x/exp/slices.Contains Disable loong64 again Fix a couple of typos in one-line comments egrep is obsolescent; use grep -E Try Cirrus with a newer VM version Set CONTAINERS_CONF in the chroot-mount-flags integration test Update to match dependency API update Update github.com/openshift/imagebuilder and containers/common docs: correct default authfile path fix(deps): update module github.com/containerd/containerd to v1.7.13 tests: retrofit test for heredoc summary build, heredoc: show heredoc summary in build output manifest, push: add support for --retry and --retry-delay fix(deps): update github.com/openshift/imagebuilder digest to b767bc3 imagebuildah: fix crash with empty RUN fix(deps): update github.com/containers/luksy digest to b62d551 fix(deps): update module github.com/opencontainers/runc to v1.1.12 [security] fix(deps): update module github.com/moby/buildkit to v0.12.5 [security] Make buildah match podman for handling of ulimits docs: move footnotes to where they're applicable Allow users to specify no-dereference Run codespell on code Fix FreeBSD version parsing Fix a build break on FreeBSD Remove a bad FROM line fix(deps): update module github.com/onsi/gomega to v1.31.1 fix(deps): update module github.com/opencontainers/image-spec to v1.1.0-rc6 docs: use reversed logo for dark theme in README build,commit: add --sbom to scan and produce SBOMs when committing commit: force omitHistory if the parent has layers but no history docs: fix a couple of typos internal/mkcw.Archive(): handle extra image content stage_executor,heredoc: honor interpreter in heredoc stage_executor,layers: burst cache if heredoc content is changed fix(deps): update module golang.org/x/crypto to v0.18.0 Replace map[K]bool with map[K]struct{} where it makes sense fix(deps): update module golang.org/x/sync to v0.6.0 fix(deps): update module golang.org/x/term to v0.16.0 Bump CI VMs Replace strings.SplitN with strings.Cut fix(deps): update github.com/containers/storage digest to ef81e9b fix(deps): update github.com/containers/image/v5 digest to 1b221d4 fix(deps): update module github.com/fsouza/go-dockerclient to v1.10.1 Document use of containers-transports values in buildah fix(deps): update module golang.org/x/crypto to v0.17.0 [security] chore(deps): update dependency containers/automation_images to v20231208 manifest: addCompression use default from containers.conf commit: add a --add-file flag mkcw: populate the rootfs using an overlay chore(deps): update dependency containers/automation_images to v20230517 [skip-ci] Update actions/stale action to v9 fix(deps): update module github.com/containernetworking/plugins to v1.4.0 fix(deps): update github.com/containers/image/v5 digest to 7a40fee Bump to v1.34.1-dev Ignore errors if label.Relabel returns ENOSUP ## v1.34.0 (2023-12-11) vendor: update c/{common,image,storage} run: Allow using just one jail per container on FreeBSD Remove makefile targets entrypoint{,.gz} for non x86_64 ## v1.33.2 (2023-11-22) Update minimum to golang 1.20 fix(deps): update module github.com/fsouza/go-dockerclient to v1.10.0 fix(deps): update module github.com/moby/buildkit to v0.12.3 Bump to v1.33.2-dev ## v1.33.1 (2023-11-18) fix(deps): update module github.com/moby/buildkit to v0.11.4 [security] test,heredoc: use fedora instead of docker.io/library/python:latest Bump to v1.33.1-dev ## v1.33.0 (2023-11-17) Never omit layers for emptyLayer instructions when squashing/cwing Add OverrideChanges and OverrideConfig to CommitOptions buildah: add heredoc support for RUN, COPY and ADD vendor: bump imagebuilder to v1.2.6-0.20231110114814-35a50d57f722 conformance tests: archive the context directory as 0:0 (#5171) blobcacheinfo,test: blobs must be resued when pushing across registry Bump c/storage v1.51.0, c/image v5.29.0, c/common v0.57.0 pkg/util.MirrorToTempFileIfPathIsDescriptor(): don't leak an fd StageExecutor.Execute: force a commit for --unsetenv, too Increase a copier+chroot test timeout Add support for --compat-auth-file in login/logout Update existing tests for error message change Update c/image and c/common to latest fix(deps): update module github.com/containerd/containerd to v1.7.9 build: downgrade to go 1.20 Add godoc for pkg/parse.GetTempDir conformance tests: use go-dockerclient for BuildKit builds Make TEE types case-insensitive fix(deps): update module golang.org/x/crypto to v0.15.0 Tweak some help descriptions Stop using DefaultNetworkSysctl and use containers.conf only Implement ADD checksum flag #5135 vendor of openshift/imagebuilder #5135 Pass secrets from the host down to internal podman containers Update cirrus and version of golang image: replace GetStoreImage with ResolveReference vendor: bump c/image to 373c52a9466f pkg/parse.Platform(): minor simplification createConfigsAndManifests: clear history before cw-specific logic Use a constant definition instead of "scratch" conformance: use require.NoErrorf() more fix(deps): update module golang.org/x/term to v0.14.0 fix(deps): update module golang.org/x/sync to v0.5.0 fix(deps): update module github.com/spf13/cobra to v1.8.0 fix(deps): update module golang.org/x/sys to v0.14.0 fix(deps): update github.com/containers/common digest to 8354404 fix(deps): update module github.com/opencontainers/runc to v1.1.10 fix(deps): update github.com/containers/luksy digest to b5a7f79 Log the platform for build errors during multi-platform builds Use mask definitions from containers/common Vendor in latest containers/common fix(deps): update module github.com/containerd/containerd to v1.7.8 fix(deps): update module go.etcd.io/bbolt to v1.3.8 container.conf: support attributed string slices fix(deps): update module sigs.k8s.io/yaml to v1.4.0 Use cutil.StringInSlice rather then contains Add --no-hostname option to buildah containers vendor c/common: appendable containers.conf strings, Part 1 fix(deps): update module github.com/onsi/gomega to v1.28.1 chroot.setupChrootBindMounts: pay more attention to flags chore(deps): update dependency containers/automation_images to v20231004 Vendor containers/common chore(deps): update module golang.org/x/net to v0.17.0 [security] run: use internal.GetTempDir with os.MkdirTemp fix(deps): update module github.com/containerd/containerd to v1.7.7 imagebuildah,multi-stage: do not remove base images gitignore: add mkcw binary mkcw: remove entrypoint binaries fix(deps): update module golang.org/x/crypto to v0.14.0 fix(deps): update module golang.org/x/sys to v0.13.0 fix(deps): update module golang.org/x/sync to v0.4.0 Update some comments related to confidential workload Use the parent's image ID in the config that we pass to imagebuilder fix(deps): update github.com/containers/common digest to 8892536 fix(deps): update github.com/containers/luksy digest to 6df88cb bug: Ensure the mount type is always BindMount by default Protocol can be specified with --port. Ex. --port 514/udp fix(deps): update module github.com/onsi/gomega to v1.28.0 build,config: add support for --unsetlabel tests/bud: add tests [CI:BUILD] Packit: tag @containers/packit-build on copr build failures stage_executor: allow images without layers vendor of containers/common Removing selinux_tag.sh as no longer needed after 580356f [NO NEW TESTS NEEDED] add/copy: make sure we handle relative path names correctly fix(deps): update module github.com/opencontainers/image-spec to v1.1.0-rc5 Bump to v1.33.0-dev imagebuildah: consider ignorefile with --build-context ## v1.32.0 (2023-09-14) GetTmpDir is not using ImageCopyTmpdir correctly Run codespell on code Bump vendor containers/(common, storage, image) Cirrus: Remove multi-arch buildah image builds fix(deps): update module github.com/containerd/containerd to v1.7.6 Split GetTempDir from internal/util Move most of internal/parse to internal/volumes copier: remove libimage dependency via util package Add some docs for `build --cw`, `commit --cw`, and `mkcw` Add `buildah mkcw`, add `--cw` to `buildah commit` and `buildah build` Make sure that pathnames picked up from the environment are absolute fix(deps): update module github.com/cyphar/filepath-securejoin to v0.2.4 fix(deps): update module github.com/docker/docker to v24.0.6+incompatible Don't try to look up names when committing images fix(deps): update module golang.org/x/crypto to v0.13.0 docs: use valid github repo fix(deps): update module golang.org/x/sys to v0.12.0 vendor containers/common@12405381ff45 push: --force-compression should be true with --compression-format Update module github.com/containerd/containerd to v1.7.5 [skip-ci] Update tim-actions/commit-message-checker-with-regex action to v0.3.2 docs: add reference to oci-hooks Support passing of ULimits as -1 to mean max GHA: Attempt to fix discussion_lock workflow Fixing the owner of the storage.conf. pkg/chrootuser: Ignore comments when parsing /etc/group on FreeBSD Use buildah repo rather then podman repo GHA: Closed issue/PR comment-lock test fix(deps): update module github.com/containers/storage to v1.49.0 chore(deps): update dependency containers/automation_images to v20230816 Replace troff code with markdown in buildah-{copy,add}.1.md [CI:BUILD] rpm: spdx compatible license field executor: build-arg warnings must honor global args fix(deps): update module github.com/containers/ocicrypt to v1.1.8 chroot: `setSeccomp` add support for `ArchPARISC(64)` and `ArchRISCV64` make,cross: restore loong64 Clear CommonBuildOpts when loading Builder status buildah/push/manifest-push: add support for --force-compression vendor: bump c/common to v0.55.1-0.20230811093040-524b4d5c12f9 chore(deps): update dependency containers/automation_images to v20230809 [CI:BUILD] RPM: fix buildtags fix(deps): update module github.com/opencontainers/runc to v1.1.9 chore(deps): update dependency ubuntu to v22 chore(deps): update dependency containers/automation_images to v20230807 [CI:BUILD] Packit: add fedora-eln targets [CI:BUILD] RPM: build docs with vendored go-md2man packit: Build PRs into default packit COPRs Update install.md Update install.md changes current Debian stable version name fix(deps): update module golang.org/x/term to v0.11.0 fix(deps): update module golang.org/x/crypto to v0.12.0 tests: fix layer-label tests buildah: add --layer-label for setting labels on layers Cirrus: container/rootless env. var. passthrough Cirrus: Remove duplicate env. var. definitions fix(deps): update github.com/containers/storage digest to c3da76f Add a missing .Close() call on an ImageSource Create only a reference when that's all we need Add a missing .Close() call on an ImageDestination CI:BUILD] RPM: define gobuild macro for rhel/centos stream manifest/push: add support for --add-compression manifest/inspect: add support for tls-verify and authfile vendor: bump c/common to v0.55.1-0.20230727095721-647ed1d4d79a vendor: bump c/image to v5.26.1-0.20230726142307-8c387a14f4ac fix(deps): update module github.com/containerd/containerd to v1.7.3 fix(deps): update module github.com/onsi/gomega to v1.27.10 fix(deps): update module github.com/docker/docker to v24.0.5+incompatible fix(deps): update module github.com/containers/image/v5 to v5.26.1 fix(deps): update module github.com/opencontainers/runtime-spec to v1.1.0 Update vendor of containers/(storage,image,common) fix(deps): update module github.com/opencontainers/runc to v1.1.8 [CI:BUILD] Packit: remove pre-sync action fix(deps): update module github.com/containers/common to v0.55.2 [CI:BUILD] Packit: downstream task script needs GOPATH Vendor in containers/(common, image, storage) fix(deps): update module golang.org/x/term to v0.10.0 [CI:BUILD] Packit: fix pre-sync action for downstream tasks contrib/buildahimage: set config correctly for rootless build user fix(deps): update module github.com/opencontainers/image-spec to v1.1.0-rc4 Bump to v1.32.0-dev Update debian install instructions pkg/overlay: add limited support for FreeBSD ## v1.31.0 (2023-06-30) Bump c/common to 0.55.1 and c/image to 5.26.1 Bump c/image to 5.26.0 and c/common to 0.54.0 vendor: update c/{common,image,storage} to latest chore: pkg imported more than once buildah: add pasta(1) support use slirp4netns package from c/common update c/common to latest add hostname to /etc/hosts when running with host network vendor: update c/common to latest [CI:BUILD] Packit: add jobs for downstream Fedora package builds fix(deps): update module golang.org/x/sync to v0.3.0 fix(deps): update module golang.org/x/crypto to v0.10.0 Add smoke tests for encryption CLI helpers fix(deps): update module golang.org/x/term to v0.9.0 fix(deps): update module github.com/opencontainers/runtime-spec to v1.1.0-rc.3 Remove device mapper support Remove use of deprecated tar.TypeRegA Update tooling to support newer golangci-lint Make cli.EncryptConfig,DecryptConfig, GetFormat public Don't decrypt images by default fix(deps): update module github.com/onsi/gomega to v1.27.8 fix(deps): update github.com/containers/storage digest to 3f3fb2f Renovate: Don't touch fragile test stuffs [CI:DOCS] Update comment to remove ambiguity fix(deps): update github.com/containers/image/v5 digest to abe5133 fix(deps): update module github.com/sirupsen/logrus to v1.9.3 fix(deps): update module github.com/containerd/containerd to v1.7.2 Explicitly ref. quay images for CI At startup, log the effective capabilities for debugging parse: use GetTempDir from internal utils GetTmpDir: honor image_copy_tmp_dir from containers.conf docs/Makefile: don't show sed invocations CI: Support testing w/ podman-next COPR packages intermediate-images inherit-label test: make it debuggable fix(deps): update github.com/containers/common digest to 462ccdd Add a warning to `--secret` docs vendor: bump c/storage to v1.46.2-0.20230526114421-55ee2d19292f executor: apply label to only final stage remove registry.centos.org Go back to setting SysProcAttr.Pdeathsig for child processes Fix auth.json path (validated on Fedora 38) wq Signed-off-by: Andreas Mack fix(deps): update module github.com/stretchr/testify to v1.8.3 CI: fix test broken by renovatebot chore(deps): update quay.io/libpod/testimage docker tag to v20221018 fix(deps): update module github.com/onsi/gomega to v1.27.7 test: use debian instead of docker.io/library/debian:testing-slim vendor: bump logrus to 1.9.2 [skip-ci] Update tim-actions/get-pr-commits action to v1.3.0 Revert "Proof of concept: nightly dependency treadmill" fix(deps): update module github.com/sirupsen/logrus to v1.9.1 vendor in containers/(common,storage,image) fix(deps): update module github.com/docker/distribution to v2.8.2+incompatible run: drop Pdeathsig chroot: lock thread before setPdeathsig tests: add a case for required=false fix(deps): update module github.com/openshift/imagebuilder to v1.2.5 build: validate volumes on backend secret: accept required flag w/o value fix(deps): update module github.com/containerd/containerd to v1.7.1 fix(deps): update module golang.org/x/crypto to v0.9.0 Update the demos README file to fix minor typos fix(deps): update module golang.org/x/sync to v0.2.0 fix(deps): update module golang.org/x/term to v0.8.0 manifest, push: use source as destination if not specified run,mount: remove path only if they didnt pre-exist Cirrus: Fix meta task failing to find commit parse: filter edge-case for podman-remote fix(deps): update module github.com/opencontainers/runc to v1.1.7 fix(deps): update module github.com/docker/docker to v23.0.5+incompatible build: --platform must accept only arch fix(deps): update module github.com/containers/common to v0.53.0 makefile: increase conformance timeout Cap suffixDigitsModulo to a 9-digits suffix. Rename conflict to suffixDigitsModulo fix(deps): update module github.com/opencontainers/runtime-spec to v1.1.0-rc.2 fix(deps): update module github.com/opencontainers/runc to v1.1.6 chore(deps): update centos docker tag to v8 Clarify the need for qemu-user-static package chore(deps): update quay.io/centos/centos docker tag to v8 Renovate: Ensure test/tools/go.mod is managed Revert "buildah image should not enable fuse-overlayfs for rootful mode" Bump to v1.31.0-dev parse: add support for relabel bind mount option ## v1.30.0 (2023-04-06) fix(deps): update module github.com/opencontainers/runc to v1.1.5 fix(deps): update module github.com/fsouza/go-dockerclient to v1.9.7 buildah image should not enable fuse-overlayfs for rootful mode stage_executor: inline network add default string fix(deps): update module github.com/containers/common to v0.51.2 chore(deps): update dependency containers/automation_images to v20230330 fix(deps): update module github.com/docker/docker to v23.0.2+incompatible chore(deps): update dependency containers/automation_images to v20230320 fix(deps): update module github.com/onsi/gomega to v1.27.6 fix(deps): update github.com/opencontainers/runtime-tools digest to e931285 [skip-ci] Update actions/stale action to v8 test: don't allow to override io.buildah.version executor: only apply label on the final stage Update docs/buildah-build.1.md update build instruction for Ubuntu code review build: accept arguments from file with --build-arg-file run_linux: Update heuristic for mounting /sys [CI:BUILD] Packit: Enable Copr builds on PR and commit to main fix(deps): update module github.com/fsouza/go-dockerclient to v1.9.6 Update to Go 1.18 Disable dependabot in favor of renovate chore(deps): update dependency containers/automation_images to v20230314 Fix requiring tests on Makefile changes Vendor in latest containers/(storage, common, image) imagebuildah: set len(short_image_id) to 12 Re-enable conformance tests Skip conformance test failures with Docker 23.0.1 Cirrus: Replace Ubuntu -> Debian SID run: add support for inline --network in RUN stmt vendor: bump imagebuilder to a3c3f8358ca31b1e4daa6 stage_executor: attempt to push cache only when cacheKey is valid Add "ifnewer" as option in help message for pull command build: document behaviour of buildah's distributed cache fix(deps): update module golang.org/x/term to v0.6.0 Add default list of capabilities required to run buildah in a container executor,copy: honor default ARG value while eval stage sshagent: use ExtendedAgent instead of Agent tests/bud: remove unwated test executor: do not warn on builtin default args executor: don't warn about unused TARGETARCH,TARGETOS,TARGETPLATFORM Fix tutorial for rootless mode Vendor in latest containers/(common, storage, image) Ignore the base image's base image annotations fix(deps): update module github.com/fsouza/go-dockerclient to v1.9.5 build(deps): bump github.com/containers/storage from 1.45.3 to 1.45.4 Vendor in latest containers/common docs/tutorials/04: add defaults for Run() imagebuildah.StageExecutor: suppress bogus "Pushing cache []:..." executor: also add stage with no children to cleanupStages [CI:BUILD] copr: fix el8 builds Fix documentation on which Capabilities are allowed by default Skip subject-length validation for renovate PRs Temporarily hard-skip bud-multiple-platform-values test fix(deps): update github.com/openshift/imagebuilder digest to 86828bf build(deps): bump github.com/containerd/containerd from 1.6.16 to 1.6.17 build(deps): bump tim-actions/get-pr-commits from 1.1.0 to 1.2.0 build(deps): bump github.com/containers/image/v5 from 5.24.0 to 5.24.1 [skip-ci] Update tim-actions/get-pr-commits digest to 55b867b build(deps): bump github.com/opencontainers/selinux build(deps): bump golang.org/x/crypto from 0.5.0 to 0.6.0 Add renovate configuration Run codespell on codebase login: support interspersed args for password conformance: use scratch for minimal test pkg/parse: expose public CleanCacheMount API build(deps): bump go.etcd.io/bbolt from 1.3.6 to 1.3.7 build(deps): bump github.com/containerd/containerd from 1.6.15 to 1.6.16 docs: specify order preference for FROM Bump to v1.30.0-dev ## v1.29.0 (2023-01-25) tests: improve build-with-network-test Bump c/storagev1.45.3, c/imagev5.24.0, c/commonv0.51.0 build(deps): bump github.com/onsi/gomega from 1.25.0 to 1.26.0 Flake 3710 has been closed. Reenable the test. [CI:DOCS] Fix two diversity issues in a tutorial build(deps): bump github.com/fsouza/go-dockerclient from 1.9.2 to 1.9.3 vendor in latests containers/(storage, common, image) fix bud-multiple-platform-with-base-as-default-arg flake stage_executor: while mounting stages use freshly built stage build(deps): bump github.com/fsouza/go-dockerclient from 1.9.0 to 1.9.2 build(deps): bump github.com/onsi/gomega from 1.24.2 to 1.25.0 vendor in latests containers/(storage, common, image, ocicyrpt) [Itests: change the runtime-flag test for crun [CI:DOCS] README: drop sudo Fix multi-arch manifest-list build timeouts Cirrus: Update VM Images bud: Consolidate multiple synthetic LABEL instructions build, secret: allow realtive mountpoints wrt to work dir fixed squash documentation build(deps): bump github.com/containerd/containerd from 1.6.14 to 1.6.15 Correct minor comment Vendor in latest containers/(common, image, storage) system tests: remove unhelpful assertions buildah: add prune command and expose CleanCacheMount API vendor: bump c/storage to a747b27 Add support for --group-add to buildah from build(deps): bump actions/stale from 6 to 7 Add documentation for buildah build --pull=missing build(deps): bump github.com/containerd/containerd from 1.6.12 to 1.6.14 build(deps): bump github.com/docker/docker parse: default ignorefile must not point to symlink outside context buildah: wrap network setup errors build, mount: allow realtive mountpoints wrt to work dir Update to F37 CI VM Images, re-enable prior-fedora Update vendor or containers/(image, storage, common) build(deps): bump golang.org/x/crypto from 0.3.0 to 0.4.0 Update contact information build(deps): bump golang.org/x/term from 0.2.0 to 0.3.0 Replace io/ioutil calls with os calls [skip-ci] GHA/Cirrus-cron: Fix execution order Vendor in containers/common build(deps): bump golang.org/x/sys from 0.2.0 to 0.3.0 remote-cache: support multiple sources and destinations Update c/storage after https://github.com/containers/storage/pull/1436 util.SortMounts(): make the returned order more stable version: Bump to 1.29.0-dev [CI:BUILD] Cirrus: Migrate OSX task to M1 Update vendor of containers/(common, storage, image) mount=type=cache: seperate cache parent on host for each user Fix installation instructions for Gentoo Linux build(deps): bump github.com/containerd/containerd from 1.6.9 to 1.6.10 GHA: Reuse both cirrus rerun and check workflows Vendor in latest containers/(common,image,storage) build(deps): bump github.com/onsi/gomega from 1.24.0 to 1.24.1 copier.Put(): clear up os/syscall mode bit confusion build(deps): bump golang.org/x/sys from 0.1.0 to 0.2.0 Use TypeBind consistently to name bind/nullfs mounts Add no-new-privileges flag Update vendor of containers/(common, image, storage) imagebuildah:build with --all-platforms must honor args for base images codespell code Expand args and env when using --all-platforms build(deps): bump github.com/onsi/gomega from 1.23.0 to 1.24.0 GHA: Simplify Cirrus-Cron check slightly Stop using ubi8 remove unnecessary (hence misleading) rmi chroot: fix mounting of ro bind mounts executor: honor default ARG value while eval base name userns: add arbitrary steps/stage to --userns=auto test Don't set allow.mount in the vnet jail on Freebsd copier: Preserve file flags when copying archives on FreeBSD Remove quiet flag, so that it works in podman-remote test: fix preserve rootfs with --mount for podman-remote test: fix prune logic for cache-from after adding content summary vendor in latest containers/(storage, common, image) Fix RUN --mount=type=bind,from= not preserving rootfs of stage Define and use a safe, reliable test image Fix word missing in Container Tools Guide Makefile: Use $(MAKE) to start sub-makes in install.tools imagebuildah: pull cache from remote repo after adding content summary Makefile: Fix install on FreeBSD Ensure the cache volume locks are unlocked on all paths Vendor in latest containers/(common,storage) Simplify the interface of GetCacheMount and getCacheMount Fix cache locks with multiple mounts Remove calls to Lockfile.Locked() Maintain cache mount locks as lock objects instead of paths test: cleaning cache must not clean lockfiles run: honor lockfiles for multiple --mount instruction mount,cache: lockfiles must not be part of users cache content Update vendor containers/(common,image,storage) [CI:BUILD] copr: buildah rpm should depend on containers-common-extra pr-should-include-tests: allow specfile, golangci build(deps): bump dawidd6/action-send-mail from 3.7.0 to 3.7.1 build(deps): bump github.com/docker/docker build(deps): bump github.com/fsouza/go-dockerclient from 1.8.3 to 1.9.0 Update vendor containers/(common,image,storage) build(deps): bump actions/upload-artifact from 2 to 3 build(deps): bump actions/checkout from 2 to 3 build(deps): bump actions/stale from 1 to 6 build(deps): bump dawidd6/action-send-mail from 2.2.2 to 3.7.0 build(deps): bump tim-actions/get-pr-commits from 1.1.0 to 1.2.0 sshagent: LockOSThread before setting SocketLabel Update tests for error message changes Update c/image after https://github.com/containers/image/pull/1299 Fix ident for dependabot gha block build(deps): bump github.com/containers/ocicrypt from 1.1.5 to 1.1.6 Fix man pages to match latest cobra settings build(deps): bump github.com/spf13/cobra from 1.5.0 to 1.6.0 build(deps): bump github.com/onsi/gomega from 1.20.2 to 1.22.1 test: retrofit 'bud with undefined build arg directory' imagebuildah: warnOnUnsetBuildArgs while processing stages from executor Update contrib/buildahimage/Containerfile Cirrus CI add flavor parameter Correction - `FLAVOR` not `FLAVOUR` Changed build argument from `RELEASE` to `FLAVOUR` Combine buildahimage Containerfiles bud.bats refactoring: $TEST_SCRATCH_DIR, part 2 of 2 bud.bats refactoring: $TEST_SCRATCH_DIR, part 1 of 2 System test cleanup: document, clarify, fix test: removing unneeded/expensive COPY test: warning behaviour for unset/set TARGETOS,TARGETARCH,TARGETPLATFORM Bump to v1.28.1-dev ## v1.28.0 (2022-09-30) Update vendor containers/(common,image) [CI:DOCS] Add quay-description update reminder vendor: bump c/common to v0.49.2-0.20220929111928-2d1b45ae2423 build(deps): bump github.com/opencontainers/selinux Vendor in latest containers/storage Changing shell list operators from `;` to `&&` Fix buildahimage container.conf permissions regression Set sysctls from containers.conf refactor: stop using Normalize directly from containerd package config,builder: process variant while populating image spec Proof of concept: nightly dependency treadmill Run codespell on code Check for unset build args after TARGET args pkg/cli: improve completion test vendor in latest containers/(common,storage,image) copier: work around freebsd bug for "mkdir /" vendor: update c/image test: run in the host cgroup namespace vendor: update c/storage vendor: update c/common cmd: check for user UID instead of privileges run,build: conflict --isolation=chroot and --network Fix broken dns test (from merge collision) Fix stutters Fix broken command completion buildah bud --network=none should have no network build: support --skip-unused-stages for multi-stage builds Prevent use of --dns* options with --net=none buildah: make --cache-ttl=0s equivalent to --no-cache parse: make processing flags in --mount order agnostic Minor test fix for podman-remote build: honor .containerignore as ignore file Update install.md: Debian 11 (Bullseye) is stable build(deps): bump github.com/docker/docker Use constants from containers/common for finding seccomp.json Don't call os.Exit(1) from manifest exist manifest: add support for buildah manifest exists Buildah should ignore /etc/crio/seccomp.json chroot: Fix cross build break chroot: Move isDevNull to run_common.go chroot: Fix setRlimit build on FreeBSD chroot: Move parseRLimits and setRlimits to run_common.go chroot: Fix runUsingChrootExecMain on FreeBSD chroot: Move runUsingChrootExecMain to run_common.go chroot: Factor out Linux-specific unshare options from runUsingChroot chroot: Move runUsingChroot to run_common.go chroot: Move RunUsingChroot and runUsingChrootMain to run_common.go chroot: Factor out /dev/ptmx pty implementation chroot: Add FreeBSD support for run with chroot isolation build(deps): bump github.com/docker/go-units from 0.4.0 to 0.5.0 Replace k8s.gcr.io/pause in tests with registry.k8s.io/pause build(deps): bump github.com/onsi/gomega from 1.20.0 to 1.20.1 Cirrus: use image with fewer downloaded dependencies build(deps): bump github.com/opencontainers/runc from 1.1.3 to 1.1.4 run: add container gid to additional groups buildah: support for --retry and --retry-delay for push/pull failures Makefile: always call $(GO) instead of `go` build(deps): bump github.com/fsouza/go-dockerclient from 1.8.2 to 1.8.3 test: use `T.TempDir` to create temporary test directory mount,cache: enable SElinux shared content label option by default commit: use race-free RemoveNames instead of SetNames Drop util/util.Cause() cmd/buildah: add "manifest create --amend" build(deps): bump github.com/fsouza/go-dockerclient from 1.8.1 to 1.8.2 docs: specify git protocol is not supported for github hosted repo Scrub user and group names from layer diffs build(deps): bump github.com/containerd/containerd from 1.6.6 to 1.6.8 version: bump to 1.28.0-dev ## v1.27.0 (2022-08-01) build: support filtering cache by duration using `--cache-ttl`. build: support building from commit when using git repo as build context. build: clean up git repos correctly when using subdirs. build: add support for distributing cache to remote sources using `--cache-to` and `--cache-from`. imagebuildah: optimize cache hits for `COPY` and `ADD` instructions. build: support OCI hooks for ephemeral build containers. build: add support for `--userns=auto`. copier: add NoOverwriteNonDirDir option . add initial support for building images using Buildah on FreeBSD. multistage: this now skips the computing of unwanted stages to improve performance. multiarch: support splitting build logs for `--platform` using `--logsplit`. build: add support for building images where the base image has no history. commit: allow disabling image history with `--omit-history`. build: add support for renaming a device in rootless setups. build: now supports additionalBuildContext in builds via the `--build-context` option. build: `--output` produces artifacts even if the build container is not committed. build: now accepts `-cpp-flag`, allowing users to pass in CPP flags when processing a Containerfile with C Preprocessor-like syntax. build: now accepts a branch and a subdirectory when the build context is a git repository. build: output now shows a progress bar while pushing and pulling images build: now errors out if the path to Containerfile is a directory. build: support building container images on environments that are rootless and without any valid login sessions. fix: `--output` now generates artifacts even if the entire build is cached. fix: `--output` generates artifacts only for the target stage in multi-stage builds. fix,add: now fails on a bad HTTP response instead of writing to container fix,squash: never use build cache when computing the last step of the last stage fix,build,run: allow reusing secret more than once in different RUN steps fix: compatibility with Docker build by making its --label and --annotate options set empty labels and annotations when given a name but no `=` or label value. ## v1.26.0 (2022-05-04) imagebuildah,build: move deepcopy of args before we spawn goroutine Vendor in containers/storage v1.40.2 buildah.BuilderOptions.DefaultEnv is ignored, so mark it as deprecated help output: get more consistent about option usage text Handle OS version and features flags buildah build: --annotation and --label should remove values buildah build: add a --env buildah: deep copy options.Args before performing concurrent build/stage test: inline platform and builtinargs behaviour vendor: bump imagebuilder to master/009dbc6 build: automatically set correct TARGETPLATFORM where expected build(deps): bump github.com/fsouza/go-dockerclient Vendor in containers/(common, storage, image) imagebuildah, executor: process arg variables while populating baseMap buildkit: add support for custom build output with --output Cirrus: Update CI VMs to F36 fix staticcheck linter warning for deprecated function Fix docs build on FreeBSD build(deps): bump github.com/containernetworking/cni from 1.0.1 to 1.1.0 copier.unwrapError(): update for Go 1.16 copier.PutOptions: add StripSetuidBit/StripSetgidBit/StripStickyBit copier.Put(): write to read-only directories build(deps): bump github.com/cpuguy83/go-md2man/v2 in /tests/tools Rename $TESTSDIR (the plural one), step 4 of 3 Rename $TESTSDIR (the plural one), step 3 of 3 Rename $TESTSDIR (the plural one), step 2 of 3 Rename $TESTSDIR (the plural one), step 1 of 3 build(deps): bump github.com/containerd/containerd from 1.6.2 to 1.6.3 Ed's periodic test cleanup using consistent lowercase 'invalid' word in returned err msg Update vendor of containers/(common,storage,image) use etchosts package from c/common run: set actual hostname in /etc/hostname to match docker parity update c/common to latest main Update vendor of containers/(common,storage,image) Stop littering manifest-create: allow creating manifest list from local image Update vendor of storage,common,image Bump golang.org/x/crypto to 7b82a4e Initialize network backend before first pull oci spec: change special mount points for namespaces tests/helpers.bash: assert handle corner cases correctly buildah: actually use containers.conf settings integration tests: learn to start a dummy registry Fix error check to work on Podman buildah build should accept at most one arg tests: reduce concurrency for flaky bud-multiple-platform-no-run vendor in latest containers/common,image,storage manifest-add: allow override arch,variant while adding image Remove a stray `\` from .containerenv Vendor in latest opencontainers/selinux v1.10.1 build, commit: allow removing default identity labels Create shorter names for containers based on image IDs test: skip rootless on cgroupv2 in root env fix hang when oci runtime fails Set permissions for GitHub actions copier test: use correct UID/GID in test archives run: set parent-death signals and forward SIGHUP/SIGINT/SIGTERM Bump back to v1.26.0-dev build(deps): bump github.com/opencontainers/runc from 1.1.0 to 1.1.1 Included the URL to check the SHA ## v1.25.1 (2022-03-30) buildah: create WORKDIR with USER permissions vendor: update github.com/openshift/imagebuilder copier: attempt to open the dir before adding it Updated dependabot to get updates for GitHub actions. Switch most calls to filepath.Walk to filepath.WalkDir build: allow --no-cache and --layers so build cache can be overrided build(deps): bump github.com/onsi/gomega from 1.18.1 to 1.19.0 Bump to v1.26.0-dev build(deps): bump github.com/golangci/golangci-lint in /tests/tools ## v1.25.0 (2022-03-25) install: drop RHEL/CentOS 7 doc build(deps): bump github.com/containers/common from 0.47.4 to 0.47.5 Bump c/storage to v1.39.0 in main Add a test for CVE-2022-27651 build(deps): bump github.com/docker/docker Bump github.com/prometheus/client_golang to v1.11.1 [CI:DOCS] man pages: sort flags, and keep them that way build(deps): bump github.com/containerd/containerd from 1.6.1 to 1.6.2 Don't pollute network setup: increase timeout to 4 minutes do not set the inheritable capabilities build(deps): bump github.com/golangci/golangci-lint in /tests/tools build(deps): bump github.com/containers/ocicrypt from 1.1.2 to 1.1.3 parse: convert exposed GetVolumes to internal only buildkit: mount=type=cache support locking external cache store .in support: improve error message when cpp is not installed buildah image: install cpp build(deps): bump github.com/stretchr/testify from 1.7.0 to 1.7.1 build(deps): bump github.com/spf13/cobra from 1.3.0 to 1.4.0 build(deps): bump github.com/docker/docker Add --no-hosts flag to eliminate use of /etc/hosts within containers test: remove skips for rootless users test: unshare mount/umount if test is_rootless tests/copy: read correct containers.conf build(deps): bump github.com/docker/distribution cirrus: add seperate task and matrix for rootless tests: skip tests for rootless which need unshare buildah: test rootless integration vendor: bump c/storage to main/93ce26691863 build(deps): bump github.com/fsouza/go-dockerclient from 1.7.9 to 1.7.10 tests/copy: initialize the network, too [CI:DOCS] remove references to Kubic for CentOS and Ubuntu build(deps): bump github.com/containerd/containerd from 1.6.0 to 1.6.1 use c/image/pkg/blobcache vendor c/image/v5@v5.20.0 add: ensure the context directory is an absolute path executor: docker builds must inherit healthconfig from base if any docs: Remove Containerfile and containeringore build(deps): bump github.com/fsouza/go-dockerclient from 1.7.8 to 1.7.9 helpers.bash: Use correct syntax speed up combination-namespaces test build(deps): bump github.com/golangci/golangci-lint in /tests/tools Bump back to 1.25.0-dev build(deps): bump github.com/containerd/containerd from 1.5.9 to 1.6.0 ## v1.24.2 (2022-02-16) Increase subuid/subgid to 65535 history: only add proxy vars to history if specified run_linux: use --systemd-cgroup buildah: new global option --cgroup-manager Makefile: build with systemd when available build(deps): bump github.com/fsouza/go-dockerclient from 1.7.7 to 1.7.8 Bump c/common to v0.47.4 Cirrus: Use updated VM images conformance: add a few "replace-directory-with-symlink" tests Bump back to v1.25.0-dev ## v1.24.1 (2022-02-03) executor: Add support for inline --platform within Dockerfile caps: fix buildah run --cap-add=all Update vendor of openshift/imagebuilder Bump version of containers/image and containers/common Update vendor of containers/common System tests: fix accidental vandalism of source dir build(deps): bump github.com/containers/storage from 1.38.1 to 1.38.2 imagebuildah.BuildDockerfiles(): create the jobs semaphore build(deps): bump github.com/onsi/gomega from 1.18.0 to 1.18.1 overlay: always honor mountProgram overlay: move mount program invocation to separate function overlay: move mount program lookup to separate function Bump to v1.25.0-dev [NO TESTS NEEDED] ## v1.24.0 (2022-01-26) Update vendor of containers/common build(deps): bump github.com/golangci/golangci-lint in /tests/tools Github-workflow: Report both failures and errors. build(deps): bump github.com/containers/image/v5 from 5.18.0 to 5.19.0 Update docs/buildah-build.1.md [CI:DOCS] Fix typos and improve language buildah bud --network add support for custom networks Make pull commands be consistent docs/buildah-build.1.md: don't imply that -v isn't just a RUN thing build(deps): bump github.com/onsi/gomega from 1.17.0 to 1.18.0 Vendor in latest containers/image Run codespell on code .github/dependabot.yml: add tests/tools go.mod CI: rm git-validation, add GHA job to validate PRs tests/tools: bump go-md2man to v2.0.1 tests/tools/Makefile: simplify tests/tools: bump onsi/ginkgo to v1.16.5 vendor: bump c/common and others mount: add support for custom upper and workdir with overlay mounts linux: fix lookup for runtime overlay: add MountWithOptions to API which extends support for advanced overlay Allow processing of SystemContext from FlagSet .golangci.yml: enable unparam linter util/resolveName: rm bool return tests/tools: bump golangci-lint .gitignore: fixups all: fix capabilities.NewPid deprecation warnings bind/mount.go: fix linter comment all: fix gosimple warning S1039 tests/e2e/buildah_suite_test.go: fix gosimple warnings imagebuildah/executor.go: fix gosimple warning util.go: fix gosimple warning build(deps): bump github.com/opencontainers/runc from 1.0.3 to 1.1.0 Enable git-daemon tests Allow processing of id options from FlagSet Cirrus: Re-order tasks for more parallelism Cirrus: Freshen VM images Fix platform handling for empty os/arch values Allow processing of network options from FlagSet Fix permissions on secrets directory Update containers/image and containers/common bud.bats: use a local git daemon for the git protocol test Allow processing of common options from FlagSet Cirrus: Run int. tests in parallel with unit vendor c/common Fix default CNI paths build(deps): bump github.com/fsouza/go-dockerclient from 1.7.6 to 1.7.7 multi-stage: enable mounting stages across each other with selinux enabled executor: Share selinux label of first stage with other stages in a build buildkit: add from field to bind and cache mounts so images can be used as source Use config.ProxyEnv from containers/common use libnetwork from c/common for networking setup the netns in the buildah parent process build(deps): bump github.com/containerd/containerd from 1.5.8 to 1.5.9 build(deps): bump github.com/fsouza/go-dockerclient from 1.7.4 to 1.7.6 build: fix libsubid test Allow callers to replace the ContainerSuffix parse: allow parsing anomaly non-human value for memory control group .cirrus: remove static_build from ci stage_executor: re-use all possible layers from cache for squashed builds build(deps): bump github.com/spf13/cobra from 1.2.1 to 1.3.0 Allow rootless buildah to set resource limits on cgroup V2 build(deps): bump github.com/docker/docker tests: move buildkit mount tests files from TESTSDIR to TESTDIR before modification build(deps): bump github.com/opencontainers/runc from 1.0.2 to 1.0.3 Wire logger through to config copier.Put: check for is-not-a-directory using lstat, not stat Turn on rootless cgroupv2 tests Grab all of the containers.conf settings for namespaces. image: set MediaType in OCI manifests copier: RemoveAll possibly-directories Simple README fix images: accept multiple filter with logical AND build(deps): bump github.com/containernetworking/cni from 0.8.1 to 1.0.1 UPdate vendor of container/storage build(deps): bump github.com/onsi/gomega from 1.16.0 to 1.17.0 build(deps): bump github.com/containers/image/v5 from 5.16.1 to 5.17.0 Make LocalIP public function so Podman can use it Fix UnsetEnv for buildah bud Tests should rely only on static/unchanging images run: ensure that stdio pipes are labeled correctly build(deps): bump github.com/docker/docker Cirrus: Bump up to Fedora 35 & Ubuntu 21.10 chroot: don't use the generate default seccomp filter for unit tests build(deps): bump github.com/containerd/containerd from 1.5.7 to 1.5.8 ssh-agent: Increase timeout before we explicitly close connection docs/tutorials: update Clarify that manifest defaults to localhost as the registry name "config": remove a stray bit of debug output "commit": fix a flag typo Fix an error message: unlocking vs locking Expand the godoc for CommonBuildOptions.Secrets chroot: accept an "rw" option Add --unsetenv option to buildah commit and build define.TempDirForURL(): show CombinedOutput when a command fails config: support the variant field rootless: do not bind mount /sys if not needed Fix tutorial to specify command on buildah run line build: history should not contain ARG values docs: Use guaranteed path for go-md2man run: honor --network=none from builder if nothing specified networkpolicy: Should be enabled instead of default when explictly set Add support for env var secret sources build(deps): bump github.com/docker/docker fix: another non-portable shebang Rootless containers users should use additional groups Support overlayfs path contains colon Report ignorefile location when no content added Add support for host.containers.internal in the /etc/hosts build(deps): bump github.com/onsi/ginkgo from 1.16.4 to 1.16.5 imagebuildah: fix nil deref buildkit: add support for mount=type=cache Default secret mode to 400 [CI:DOCS] Include manifest example usage docs: update buildah-from, buildah-pull 'platform' option compatibility notes docs: update buildah-build 'platform' option compatibility notes De-dockerize the man page as much as possible [CI:DOCS] Touch up Containerfile man page to show ARG can be 1st docs: Fix and Update Containerfile man page with supported mount types mount: add tmpcopyup to tmpfs mount option buildkit: Add support for --mount=type=tmpfs build(deps): bump github.com/opencontainers/selinux from 1.8.5 to 1.9.1 Fix command doc links in README.md build(deps): bump github.com/containers/image/v5 from 5.16.0 to 5.16.1 build: Add support for buildkit like --mount=type=bind Bump containerd to v1.5.7 build(deps): bump github.com/docker/docker tests: stop pulling php, composer Fix .containerignore link file Cirrus: Fix defunct package metadata breaking cache build(deps): bump github.com/containers/storage from 1.36.0 to 1.37.0 buildah build: add --all-platforms Add man page for Containerfile and .containerignore Plumb the remote logger throughut Buildah Replace fmt.Sprintf("%d", x) with strconv.Itoa(x) Run: Cleanup run directory after every RUN step build(deps): bump github.com/containers/common from 0.45.0 to 0.46.0 Makefile: adjust -ldflags/-gcflags/-gccgoflags depending on the go implementation Makefile: check for `-race` using `-mod=vendor` imagebuildah: fix an attempt to write to a nil map push: support to specify the compression format conformance: allow test cases to specify dockerUseBuildKit build(deps): bump github.com/containers/common from 0.44.1 to 0.45.0 build(deps): bump github.com/containers/common from 0.44.0 to 0.44.1 unmarshalConvertedConfig(): handle zstd compression tests/copy/copy: wire up compression options Update to github.com/vbauerster/mpb v7.1.5 Add flouthoc to OWNERS build: Add additional step nodes when labels are modified Makefile: turn on race detection whenever it's available conformance: add more tests for exclusion short-circuiting Update VM Images + Drop prior-ubuntu testing Bump to v1.24.0-dev ## v1.23.0 (2021-09-13) Vendor in containers/common v0.44.0 build(deps): bump github.com/containers/storage from 1.35.0 to 1.36.0 Update 05-openshift-rootless-build.md build(deps): bump github.com/opencontainers/selinux from 1.8.4 to 1.8.5 .cirrus.yml: run cross_build_task on Big Sur Makefile: update cross targets Add support for rootless overlay mounts Cirrus: Increase unit-test timeout Docs: Clarify rmi w/ manifest/index use build: mirror --authfile to filesystem if pointing to FD instead of file Fix build with .git url with branch manifest: rm should remove only manifests not referenced images. vendor: bump c/common to v0.43.3-0.20210902095222-a7acc160fb25 Avoid rehashing and noop compression writer corrected man page section; .conf file to mention its man page copy: add --max-parallel-downloads to tune that copy option copier.Get(): try to avoid descending into directories tag: Support tagging manifest list instead of resolving to images Install new manpages to correct sections conformance: tighten up exception specifications Add support for libsubid Add epoch time field to buildah images Fix ownership of /home/build/.local/share/containers build(deps): bump github.com/containers/image/v5 from 5.15.2 to 5.16.0 Rename bud to build, while keeping an alias for to bud. Replace golang.org/x/crypto/ssh/terminal with golang.org/x/term build(deps): bump github.com/opencontainers/runc from 1.0.1 to 1.0.2 build(deps): bump github.com/onsi/gomega from 1.15.0 to 1.16.0 build(deps): bump github.com/fsouza/go-dockerclient from 1.7.3 to 1.7.4 build(deps): bump github.com/containers/common from 0.43.1 to 0.43.2 Move DiscoverContainerfile to pkg/util directory build(deps): bump github.com/containers/image/v5 from 5.15.1 to 5.15.2 Remove some references to Docker build(deps): bump github.com/containers/image/v5 from 5.15.0 to 5.15.1 imagebuildah: handle --manifest directly build(deps): bump github.com/containers/common from 0.42.1 to 0.43.1 build(deps): bump github.com/opencontainers/selinux from 1.8.3 to 1.8.4 executor: make sure imageMap is updated with terminatedStage tests/serve/serve.go: use a kernel-assigned port Bump go for vendor-in-container from 1.13 to 1.16 imagebuildah: move multiple-platform building internal Adds GenerateStructure helper function to support rootfs-overlay. Run codespell to fix spelling Implement SSH RUN mount build(deps): bump github.com/onsi/gomega from 1.14.0 to 1.15.0 Fix resolv.conf content with run --net=private run: fix nil deref using the option's logger build(deps): bump github.com/containerd/containerd from 1.5.1 to 1.5.5 make vendor-in-container bud: teach --platform to take a list set base-image annotations build(deps): bump github.com/opencontainers/selinux from 1.8.2 to 1.8.3 [CI:DOCS] Fix CHANGELOG.md Bump to v1.23.0-dev [NO TESTS NEEDED] Accept repositories on login/logout ## v1.22.0 (2021-08-02) c/image, c/storage, c/common vendor before Podman 3.3 release WIP: tests: new assert() Proposed patch for 3399 (shadowutils) Fix handling of --restore shadow-utils build(deps): bump github.com/containers/image/v5 from 5.13.2 to 5.14.0 runtime-flag (debug) test: handle old & new runc build(deps): bump github.com/containers/storage from 1.32.6 to 1.33.0 Allow dst and destination for target in secret mounts Multi-arch: Always push updated version-tagged img Add a few tests on cgroups V2 imagebuildah.stageExecutor.prepare(): remove pseudonym check refine dangling filter Chown with environment variables not set should fail Just restore protections of shadow-utils build(deps): bump github.com/opencontainers/runc from 1.0.0 to 1.0.1 Remove specific kernel version number requirement from install.md Multi-arch image workflow: Make steps generic chroot: fix environment value leakage to intermediate processes Update nix pin with `make nixpkgs` buildah source - create and manage source images Update cirrus-cron notification GH workflow Reuse code from containers/common/pkg/parse Cirrus: Freshen VM images build(deps): bump github.com/containers/storage from 1.32.5 to 1.32.6 Fix excludes exception begining with / or ./ Fix syntax for --manifest example build(deps): bump github.com/onsi/gomega from 1.13.0 to 1.14.0 vendor containers/common@main Cirrus: Drop dependence on fedora-minimal Adjust conformance-test error-message regex Workaround appearance of differing debug messages Cirrus: Install docker from package cache build(deps): bump github.com/containers/ocicrypt from 1.1.1 to 1.1.2 Switch rusagelogfile to use options.Out build(deps): bump github.com/containers/storage from 1.32.4 to 1.32.5 Turn stdio back to blocking when command finishes Add support for default network creation Cirrus: Updates for master->main rename Change references from master to main Add `--env` and `--workingdir` flags to run command build(deps): bump github.com/opencontainers/runc [CI:DOCS] buildah bud: spelling --ignore-file requires parameter [CI:DOCS] push/pull: clarify supported transports Remove unused function arguments Create mountOptions for mount command flags Extract version command implementation to function Add --json flags to `mount` and `version` commands build(deps): bump github.com/containers/storage from 1.32.2 to 1.32.3 build(deps): bump github.com/containers/common from 0.40.0 to 0.40.1 copier.Put(): set xattrs after ownership buildah add/copy: spelling build(deps): bump github.com/containers/common from 0.39.0 to 0.40.0 buildah copy and buildah add should support .containerignore Remove unused util.StartsWithValidTransport Fix documentation of the --format option of buildah push Don't use alltransports.ParseImageName with known transports build(deps): bump github.com/containers/image/v5 from 5.13.0 to 5.13.1 man pages: clarify `rmi` removes dangling parents tests: make it easer to override the location of the copy helper build(deps): bump github.com/containers/image/v5 from 5.12.0 to 5.13.0 [CI:DOCS] Fix links to c/image master branch imagebuildah: use the specified logger for logging preprocessing warnings Fix copy into workdir for a single file Fix docs links due to branch rename Update nix pin with `make nixpkgs` build(deps): bump github.com/fsouza/go-dockerclient from 1.7.2 to 1.7.3 build(deps): bump github.com/opencontainers/selinux from 1.8.1 to 1.8.2 build(deps): bump go.etcd.io/bbolt from 1.3.5 to 1.3.6 build(deps): bump github.com/containers/storage from 1.32.1 to 1.32.2 build(deps): bump github.com/mattn/go-shellwords from 1.0.11 to 1.0.12 build(deps): bump github.com/onsi/ginkgo from 1.16.3 to 1.16.4 fix(docs): typo Move to v1.22.0-dev Fix handling of auth.json file while in a user namespace Add rusage-logfile flag to optionally send rusage to a file imagebuildah: redo step logging build(deps): bump github.com/onsi/ginkgo from 1.16.2 to 1.16.3 build(deps): bump github.com/containers/storage from 1.32.0 to 1.32.1 Add volumes to make running buildah within a container easier build(deps): bump github.com/onsi/gomega from 1.12.0 to 1.13.0 Add and use a "copy" helper instead of podman load/save Bump github.com/containers/common from 0.38.4 to 0.39.0 containerImageRef/containerImageSource: don't buffer uncompressed layers containerImageRef(): squashed images have no parent images Sync. workflow across skopeo, buildah, and podman Bump github.com/containers/storage from 1.31.1 to 1.31.2 Bump github.com/opencontainers/runc from 1.0.0-rc94 to 1.0.0-rc95 Bump to v1.21.1-dev [NO TESTS NEEDED] ## v1.21.0 (2021-05-19) Don't blow up if cpp detects errors Vendor in containers/common v0.38.4 Remove 'buildah run --security-opt' from completion update c/common Fix handling of --default-mounts-file update vendor of containers/storage v1.31.1 Bump github.com/containers/storage from 1.30.3 to 1.31.0 Send logrus messages back to caller when building github: Fix bad repo. ref in workflow config Check earlier for bad image tags name buildah bud: fix containers/podman/issues/10307 Bump github.com/containers/storage from 1.30.1 to 1.30.3 Cirrus: Support [CI:DOCS] test skipping Notification email for cirrus-cron build failures Bump github.com/opencontainers/runc from 1.0.0-rc93 to 1.0.0-rc94 Fix race condition Fix copy race while walking paths Preserve ownership of lower directory when doing an overlay mount Bump github.com/onsi/gomega from 1.11.0 to 1.12.0 Update nix pin with `make nixpkgs` codespell cleanup Multi-arch github-action workflow unification Bump github.com/containers/image/v5 from 5.11.1 to 5.12.0 Bump github.com/onsi/ginkgo from 1.16.1 to 1.16.2 imagebuildah: ignore signatures when tagging images update to latest libimage Bump github.com/containers/common from 0.37.0 to 0.37.1 Bump github.com/containers/storage from 1.30.0 to 1.30.1 Upgrade to GitHub-native Dependabot Document location of auth.json file if XDG_RUNTIME_DIR is not set run.bats: fix flake in run-user test Cirrus: Update F34beta -> F34 pr-should-include-tests: try to make work in buildah runUsingRuntime: when relaying error from the runtime, mention that Run(): avoid Mkdir() into the rootfs imagebuildah: replace archive with chrootarchive imagebuildah.StageExecutor.volumeCacheSaveVFS(): set up bind mounts conformance: use :Z with transient mounts when SELinux is enabled bud.bats: fix a bats warning imagebuildah: create volume directories when using overlays imagebuildah: drop resolveSymlink() namespaces test - refactoring and cleanup Refactor 'idmapping' system test Cirrus: Update Ubuntu images to 21.04 Tiny fixes in bud system tests Add compabitility wrappers for removed packages Fix expected message at pulling image Fix system tests of 'bud' subcommand [CI:DOCS] Update steps for CentOS runc users Add support for secret mounts Add buildah manifest rm command restore push/pull and util API [CI:DOCS] Remove older distro docs Rename rhel secrets to subscriptions vendor in openshift/imagebuilder Remove buildah bud --loglevel ... use new containers/common/libimage package Fix copier when using globs Test namespace flags of 'bud' subcommand Add system test of 'bud' subcommand Output names of multiple tags in buildah bud push to docker test: don't get fooled by podman copier: add Remove() build(deps): bump github.com/containers/image/v5 from 5.10.5 to 5.11.1 Restore log timestamps Add system test of 'buildah help' with a tiny fix tests: copy.bats: fix infinite hang Do not force hard code to crun in rootless mode build(deps): bump github.com/openshift/imagebuilder from 1.2.0 to 1.2.1 build(deps): bump github.com/containers/ocicrypt from 1.1.0 to 1.1.1 build(deps): bump github.com/containers/common from 0.35.4 to 0.36.0 Fix arg missing warning in bud Check without flag in 'from --cgroup-parent' test Minor fixes to Buildah as a library tutorial documentation Add system test of 'buildah version' for packaged buildah Add a few system tests of 'buildah from' Log the final error with %+v at logging level "trace" copier: add GetOptions.NoCrossDevice Update nix pin with `make nixpkgs` Bump to v1.20.2-dev ## v1.20.1 (2021-04-13) Run container with isolation type set at 'from' bats helpers.bash - minor refactoring Bump containers/storage vendor to v1.29.0 build(deps): bump github.com/onsi/ginkgo from 1.16.0 to 1.16.1 Cirrus: Update VMs w/ F34beta CLI add/copy: add a --from option build(deps): bump github.com/onsi/ginkgo from 1.15.2 to 1.16.0 Add authentication system tests for 'commit' and 'bud' fix local image lookup for custom platform Double-check existence of OCI runtimes Cirrus: Make use of shared get_ci_vm container Add system tests of "buildah run" Update nix pin with `make nixpkgs` Remove some stuttering on returns errors Setup alias for --tty to --terminal Add conformance tests for COPY /... Put a few more minutes on the clock for the CI conformance test Add a conformance test for COPY --from $symlink Add conformance tests for COPY "" Check for symlink in builtin volume Sort all mounts by destination directory System-test cleanup Export parse.Platform string to be used by podman-remote blobcache: fix sequencing error build(deps): bump github.com/containers/common from 0.35.3 to 0.35.4 Fix URL in demos/buildah_multi_stage.sh Add a few system tests [NO TESTS NEEDED] Use --recurse-modules when building git context Bump to v1.20.1-dev ## v1.20.0 (2021-03-25) * vendor in containers/storage v1.28.1 * build(deps): bump github.com/containers/common from 0.35.2 to 0.35.3 * tests: prefetch: use buildah, not podman, for pulls * Use faster way to check image tag existence during multi-arch build * Add information about multi-arch images to the Readme * COPY --chown: expand the conformance test * pkg/chrootuser: use a bufio.Scanner * [CI:DOCS] Fix rootful typo in docs * build(deps): bump github.com/onsi/ginkgo from 1.15.1 to 1.15.2 * Add documentation and testing for .containerignore * build(deps): bump github.com/sirupsen/logrus from 1.8.0 to 1.8.1 * build(deps): bump github.com/hashicorp/go-multierror from 1.1.0 to 1.1.1 * Lookup Containerfile if user specifies a directory * Add Tag format placeholder to docs * copier: ignore sockets * image: propagate errors from extractRootfs * Remove system test of 'buildah containers -a' * Clarify userns options are usable only as root in man pages * Fix system test of 'containers -a' * Remove duplicated code in addcopy * build(deps): bump github.com/onsi/ginkgo from 1.15.0 to 1.15.1 * build(deps): bump github.com/onsi/gomega from 1.10.5 to 1.11.0 * build(deps): bump github.com/fsouza/go-dockerclient from 1.7.1 to 1.7.2 * Update multi-arch buildah build setup with new logic * Update nix pin with `make nixpkgs` * overlay.bats: fix the "overlay source permissions" test * imagebuildah: use overlay for volumes when using overlay * Make PolicyMap and PullPolicy names align * copier: add GetOptions.IgnoreUnreadable * Check local image to match system context * fix: Containerfiles - smaller set of userns u/gids * Set upperdir permissions based on source * Shrink the vendoring size of pkc/cli * Clarify image name match failure message * ADD/COPY: create the destination directory first, chroot to it * copier.GetOptions: add NoDerefSymLinks * copier: add an Eval function * Update system test for 'from --cap-add/drop' * copier: fix a renaming bug * copier: return child process stderr if we can't JSON decode the response * Add some system tests * build(deps): bump github.com/containers/storage from 1.26.0 to 1.27.0 * complement add/copy --chmod documentation * buildah login and logout, do not need to enter user namespace * Add multi-arch image build * chmod/chown added/fixed in bash completions * OWNERS: add @lsm5 * buildah add/copy --chmod dockerfile implementation * bump github.com/openshift/imagebuilder from 1.1.8 to 1.2.0 * buildah add/copy --chmod cli implementation for files and urls * Make sure we set the buildah version label * Isolation strings, should match user input * [CI:DOCS] buildah-from.md: remove dup arch,os * build(deps): bump github.com/containers/image/v5 from 5.10.2 to 5.10.3 * Cirrus: Temp. disable prior-fedora (F32) testing * pr-should-include-tests: recognized "renamed" tests * build(deps): bump github.com/sirupsen/logrus from 1.7.0 to 1.8.0 * build(deps): bump github.com/fsouza/go-dockerclient from 1.7.0 to 1.7.1 * build(deps): bump github.com/containers/common from 0.34.2 to 0.35.0 * Fix reaping of stages with no instructions * add stale bot * Add base image name to comment * build(deps): bump github.com/spf13/cobra from 1.1.1 to 1.1.3 * Don't fail copy to emptydir * buildah: use volatile containers * vendor: update containers/storage * Eliminate the use of containers/building import in pkg subdirs * Add more support for removing config * Improve messages about --cache-from not being supported * Revert patch to allow COPY/ADD of empty dirs. * Don't fail copy to emptydir * Fix tutorial for rootless mode * Fix caching layers with build args * Vendor in containers/image v5.10.2 * build(deps): bump github.com/containers/common from 0.34.0 to 0.34.2 * build(deps): bump github.com/onsi/ginkgo from 1.14.2 to 1.15.0 * 'make validate': require PRs to include tests * build(deps): bump github.com/onsi/gomega from 1.10.4 to 1.10.5 * build(deps): bump github.com/containers/storage from 1.24.5 to 1.25.0 * Use chown function for U volume flag from containers/common repository * --iidfile: print hash prefix * bump containernetworking/cni to v0.8.1 - fix for CVE-2021-20206 * run: fix check for host pid namespace * Finish plumbing for buildah bud --manifest * buildah manifest add localimage should work * Stop testing directory permissions with latest docker * Fix build arg check * build(deps): bump github.com/containers/ocicrypt from 1.0.3 to 1.1.0 * [ci:docs] Fix man page for buildah push * Update nix pin with `make nixpkgs` * Bump to containers/image v5.10.1 * Rebuild layer if a change in ARG is detected * Bump golang.org/x/crypto to the latest * Add Ashley and Urvashi to Approvers * local image lookup by digest * Use build-arg ENV val from local environment if set * Pick default OCI Runtime from containers.conf * Added required devel packages * Cirrus: Native OSX Build * Cirrus: Two minor cleanup items * Workaround for RHEL gating test failure * build(deps): bump github.com/stretchr/testify from 1.6.1 to 1.7.0 * build(deps): bump github.com/mattn/go-shellwords from 1.0.10 to 1.0.11 * Reset upstream branch to dev version * If destination does not exists, do not throw error ## v1.19.0 (2021-01-08) Update vendor of containers/storage and containers/common Buildah inspect should be able to inspect manifests Make buildah push support pushing manifests lists and digests Fix handling of TMPDIR environment variable Add support for --manifest flags Upper directory should match mode of destination directory Only grab the OS, Arch if the user actually specified them Use --arch and --os and --variant options to select architecture and os Cirrus: Track libseccomp and golang version copier.PutOptions: add an "IgnoreDevices" flag fix: `rmi --prune` when parent image is in store. build(deps): bump github.com/containers/storage from 1.24.3 to 1.24.4 build(deps): bump github.com/containers/common from 0.31.1 to 0.31.2 Allow users to specify stdin into containers Drop log message on failure to mount on /sys file systems to info Spelling SELinux no longer requires a tag. build(deps): bump github.com/opencontainers/selinux from 1.6.0 to 1.8.0 build(deps): bump github.com/containers/common from 0.31.0 to 0.31.1 Update nix pin with `make nixpkgs` Switch references of /var/run -> /run Allow FROM to be overriden with from option copier: don't assume we can chroot() on Unixy systems copier: add PutOptions.NoOverwriteDirNonDir, Get/PutOptions.Rename copier: handle replacing directories with not-directories copier: Put: skip entries with zero-length names build(deps): bump github.com/containers/storage from 1.24.2 to 1.24.3 Add U volume flag to chown source volumes Turn off PRIOR_UBUNTU Test until vm is updated pkg, cli: rootless uses correct isolation build(deps): bump github.com/onsi/gomega from 1.10.3 to 1.10.4 update installation doc to reflect current status Move away from using docker.io enable short-name aliasing build(deps): bump github.com/containers/storage from 1.24.1 to 1.24.2 build(deps): bump github.com/containers/common from 0.30.0 to 0.31.0 Throw errors when using bogus --network flags pkg/supplemented test: replace our null blobinfocache build(deps): bump github.com/containers/common from 0.29.0 to 0.30.0 inserts forgotten quotation mark Not prefer use local image create/add manifest Add container information to .containerenv Add --ignorefile flag to use alternate .dockerignore flags Add a source debug build Fix crash on invalid filter commands build(deps): bump github.com/containers/common from 0.27.0 to 0.29.0 Switch to using containers/common pkg's fix: non-portable shebang #2812 Remove copy/paste errors that leaked `Podman` into man pages. Add suggests cpp to spec file Apply suggestions from code review update docs for debian testing and unstable imagebuildah: disable pseudo-terminals for RUN Compute diffID for mapped-layer at creating image source intermediateImageExists: ignore images whose history we can't read Bump to v1.19.0-dev build(deps): bump github.com/containers/common from 0.26.3 to 0.27.0 ## v1.18.0 (2020-11-16) Fix testing error caused by simultanious merge Vendor in containers/storage v1.24.0 short-names aliasing Add --policy flag to buildah pull Stop overwrapping and stuttering copier.Get(): ignore ENOTSUP/ENOSYS when listing xattrs Run: don't forcibly disable UTS namespaces in rootless mode test: ensure non-directory in a Dockerfile path is handled correctly Add a few tests for `pull` command Fix buildah config --cmd to handle array build(deps): bump github.com/containers/storage from 1.23.8 to 1.23.9 Fix NPE when Dockerfile path contains non-directory entries Update buildah bud man page from podman build man page Move declaration of decryption-keys to common cli Run: correctly call copier.Mkdir util: digging UID/GID out of os.FileInfo should work on Unix imagebuildah.getImageTypeAndHistoryAndDiffIDs: cache results Verify userns-uid-map and userns-gid-map input Use CPP, CC and flags in dep check scripts Avoid overriding LDFLAGS in Makefile ADD: handle --chown on URLs Update nix pin with `make nixpkgs` (*Builder).Run: MkdirAll: handle EEXIST error copier: try to force loading of nsswitch modules before chroot() fix MkdirAll usage build(deps): bump github.com/containers/common from 0.26.2 to 0.26.3 build(deps): bump github.com/containers/storage from 1.23.7 to 1.23.8 Use osusergo build tag for static build imagebuildah: cache should take image format into account Bump to v1.18.0-dev ## v1.17.0 (2020-10-29) Handle cases where other tools mount/unmount containers overlay.MountReadOnly: support RO overlay mounts overlay: use fusermount for rootless umounts overlay: fix umount Switch default log level of Buildah to Warn. Users need to see these messages Drop error messages about OCI/Docker format to Warning level build(deps): bump github.com/containers/common from 0.26.0 to 0.26.2 tests/testreport: adjust for API break in storage v1.23.6 build(deps): bump github.com/containers/storage from 1.23.5 to 1.23.7 build(deps): bump github.com/fsouza/go-dockerclient from 1.6.5 to 1.6.6 copier: put: ignore Typeflag="g" Use curl to get repo file (fix #2714) build(deps): bump github.com/containers/common from 0.25.0 to 0.26.0 build(deps): bump github.com/spf13/cobra from 1.0.0 to 1.1.1 Remove docs that refer to bors, since we're not using it Buildah bud should not use stdin by default bump containerd, docker, and golang.org/x/sys Makefile: cross: remove windows.386 target copier.copierHandlerPut: don't check length when there are errors Stop excessive wrapping CI: require that conformance tests pass bump(github.com/openshift/imagebuilder) to v1.1.8 Skip tlsVerify insecure BUILD_REGISTRY_SOURCES Fix build path wrong https://github.com/containers/podman/issues/7993 refactor pullpolicy to avoid deps build(deps): bump github.com/containers/common from 0.24.0 to 0.25.0 CI: run gating tasks with a lot more memory ADD and COPY: descend into excluded directories, sometimes copier: add more context to a couple of error messages copier: check an error earlier copier: log stderr output as debug on success Update nix pin with `make nixpkgs` Set directory ownership when copied with ID mapping build(deps): bump github.com/sirupsen/logrus from 1.6.0 to 1.7.0 build(deps): bump github.com/containers/common from 0.23.0 to 0.24.0 Cirrus: Remove bors artifacts Sort build flag definitions alphabetically ADD: only expand archives at the right time Remove configuration for bors Shell Completion for podman build flags Bump c/common to v0.24.0 New CI check: xref --help vs man pages CI: re-enable several linters Move --userns-uid-map/--userns-gid-map description into buildah man page add: preserve ownerships and permissions on ADDed archives Makefile: tweak the cross-compile target Bump containers/common to v0.23.0 chroot: create bind mount targets 0755 instead of 0700 Change call to Split() to safer SplitN() chroot: fix handling of errno seccomp rules build(deps): bump github.com/containers/image/v5 from 5.5.2 to 5.6.0 Add In Progress section to contributing integration tests: make sure tests run in ${topdir}/tests Run(): ignore containers.conf's environment configuration Warn when setting healthcheck in OCI format Cirrus: Skip git-validate on branches tools: update git-validation to the latest commit tools: update golangci-lint to v1.18.0 Add a few tests of push command Add(): fix handling of relative paths with no ContextDir build(deps): bump github.com/containers/common from 0.21.0 to 0.22.0 Lint: Use same linters as podman Validate: reference HEAD Fix buildah mount to display container names not ids Update nix pin with `make nixpkgs` Add missing --format option in buildah from man page Fix up code based on codespell build(deps): bump github.com/openshift/imagebuilder from 1.1.6 to 1.1.7 build(deps): bump github.com/containers/storage from 1.23.4 to 1.23.5 Improve buildah completions Cirrus: Fix validate commit epoch Fix bash completion of manifest flags Uniform some man pages Update Buildah Tutorial to address BZ1867426 Update bash completion of `manifest add` sub command copier.Get(): hard link targets shouldn't be relative paths build(deps): bump github.com/onsi/gomega from 1.10.1 to 1.10.2 Pass timestamp down to history lines Timestamp gets updated everytime you inspect an image bud.bats: use absolute paths in newly-added tests contrib/cirrus/lib.sh: don't use CN for the hostname tests: Add some tests Update `manifest add` man page Extend flags of `manifest add` build(deps): bump github.com/containers/storage from 1.23.3 to 1.23.4 build(deps): bump github.com/onsi/ginkgo from 1.14.0 to 1.14.1 Bump to v1.17.0-dev CI: expand cross-compile checks ## v1.16.0 (2020-09-03) fix build on 32bit arches containerImageRef.NewImageSource(): don't always force timestamps Add fuse module warning to image readme Heed our retry delay option values when retrying commit/pull/push Switch to containers/common for seccomp Use --timestamp rather then --omit-timestamp docs: remove outdated notice docs: remove outdated notice build-using-dockerfile: add a hidden --log-rusage flag build(deps): bump github.com/containers/image/v5 from 5.5.1 to 5.5.2 Discard ReportWriter if user sets options.Quiet build(deps): bump github.com/containers/common from 0.19.0 to 0.20.3 Fix ownership of content copied using COPY --from newTarDigester: zero out timestamps in tar headers Update nix pin with `make nixpkgs` bud.bats: correct .dockerignore integration tests Use pipes for copying run: include stdout in error message run: use the correct error for errors.Wrapf copier: un-export internal types copier: add Mkdir() in_podman: don't get tripped up by $CIRRUS_CHANGE_TITLE docs/buildah-commit.md: tweak some wording, add a --rm example imagebuildah: don’t blank out destination names when COPYing Replace retry functions with common/pkg/retry StageExecutor.historyMatches: compare timestamps using .Equal Update vendor of containers/common Fix errors found in coverity scan Change namespace handling flags to better match podman commands conformance testing: ignore buildah.BuilderIdentityAnnotation labels Vendor in containers/storage v1.23.0 Add buildah.IsContainer interface Avoid feeding run_buildah to pipe fix(buildahimage): add xz dependency in buildah image Bump github.com/containers/common from 0.15.2 to 0.18.0 Howto for rootless image building from OpenShift Add --omit-timestamp flag to buildah bud Update nix pin with `make nixpkgs` Shutdown storage on failures Handle COPY --from when an argument is used Bump github.com/seccomp/containers-golang from 0.5.0 to 0.6.0 Cirrus: Use newly built VM images Bump github.com/opencontainers/runc from 1.0.0-rc91 to 1.0.0-rc92 Enhance the .dockerignore man pages conformance: add a test for COPY from subdirectory fix bug manifest inspct Add documentation for .dockerignore Add BuilderIdentityAnnotation to identify buildah version DOC: Add quay.io/containers/buildah image to README.md Update buildahimages readme fix spelling mistake in "info" command result display Don't bind /etc/host and /etc/resolv.conf if network is not present blobcache: avoid an unnecessary NewImage() Build static binary with `buildGoModule` copier: split StripSetidBits into StripSetuidBit/StripSetgidBit/StripStickyBit tarFilterer: handle multiple archives Fix a race we hit during conformance tests Rework conformance testing Update 02-registries-repositories.md test-unit: invoke cmd/buildah tests with --flags parse: fix a type mismatch in a test Fix compilation of tests/testreport/testreport build.sh: log the version of Go that we're using test-unit: increase the test timeout to 40/45 minutes Add the "copier" package Fix & add notes regarding problematic language in codebase Add dependency on github.com/stretchr/testify/require CompositeDigester: add the ability to filter tar streams BATS tests: make more robust vendor golang.org/x/text@v0.3.3 Switch golang 1.12 to golang 1.13 imagebuildah: wait for stages that might not have even started yet chroot, run: not fail on bind mounts from /sys chroot: do not use setgroups if it is blocked Set engine env from containers.conf imagebuildah: return the right stage's image as the "final" image Fix a help string Deduplicate environment variables switch containers/libpod to containers/podman Bump github.com/containers/ocicrypt from 1.0.2 to 1.0.3 Bump github.com/opencontainers/selinux from 1.5.2 to 1.6.0 Mask out /sys/dev to prevent information leak linux: skip errors from the runtime kill Mask over the /sys/fs/selinux in mask branch Add VFS additional image store to container tests: add auth tests Allow "readonly" as alias to "ro" in mount options Ignore OS X specific consistency mount option Bump github.com/onsi/ginkgo from 1.13.0 to 1.14.0 Bump github.com/containers/common from 0.14.0 to 0.15.2 Rootless Buildah should default to IsolationOCIRootless imagebuildah: fix inheriting multi-stage builds Make imagebuildah.BuildOptions.Architecture/OS optional Make imagebuildah.BuildOptions.Jobs optional Resolve a possible race in imagebuildah.Executor.startStage() Switch scripts to use containers.conf Bump openshift/imagebuilder to v1.1.6 Bump go.etcd.io/bbolt from 1.3.4 to 1.3.5 buildah, bud: support --jobs=N for parallel execution executor: refactor build code inside new function Add bud regression tests Cirrus: Fix missing htpasswd in registry img docs: clarify the 'triples' format CHANGELOG.md: Fix markdown formatting Add nix derivation for static builds Bump to v1.16.0-dev version centos7 for compatible ## v1.15.0 (2020-06-17) Bump github.com/containers/common from 0.12.0 to 0.13.1 Bump github.com/containers/storage from 1.20.1 to 1.20.2 Bump github.com/seccomp/containers-golang from 0.4.1 to 0.5.0 Bump github.com/stretchr/testify from 1.6.0 to 1.6.1 Bump github.com/opencontainers/runc from 1.0.0-rc9 to 1.0.0-rc90 Add CVE-2020-10696 to CHANGELOG.md and changelog.txt Bump github.com/stretchr/testify from 1.5.1 to 1.6.0 Bump github.com/onsi/ginkgo from 1.12.2 to 1.12.3 Vendor in containers/common v0.12.0 fix lighttpd example Vendor in new go.etcd.io/bbolt Bump github.com/onsi/ginkgo from 1.12.1 to 1.12.2 Bump imagebuilder for ARG fix Bump github.com/containers/common from 0.11.2 to 0.11.4 remove dependency on openshift struct Warn on unset build arguments vendor: update seccomp/containers-golang to v0.4.1 Ammended docs Updated docs clean up comments update exit code for tests Implement commit for encryption implementation of encrypt/decrypt push/pull/bud/from fix resolve docker image name as transport Bump github.com/opencontainers/go-digest from 1.0.0-rc1 to 1.0.0 Bump github.com/onsi/ginkgo from 1.12.0 to 1.12.1 Bump github.com/containers/storage from 1.19.1 to 1.19.2 Bump github.com/containers/image/v5 from 5.4.3 to 5.4.4 Add preliminary profiling support to the CLI Bump github.com/containers/common from 0.10.0 to 0.11.2 Evaluate symlinks in build context directory fix error info about get signatures for containerImageSource Add Security Policy Cirrus: Fixes from review feedback Bump github.com/containers/storage from 1.19.0 to 1.19.1 Bump github.com/sirupsen/logrus from 1.5.0 to 1.6.0 imagebuildah: stages shouldn't count as their base images Update containers/common v0.10.0 Bump github.com/fsouza/go-dockerclient from 1.6.4 to 1.6.5 Add registry to buildahimage Dockerfiles Cirrus: Use pre-installed VM packages + F32 Cirrus: Re-enable all distro versions Cirrus: Update to F31 + Use cache images golangci-lint: Disable gosimple Lower number of golangci-lint threads Fix permissions on containers.conf Don't force tests to use runc Bump github.com/containers/common from 0.9.1 to 0.9.5 Return exit code from failed containers Bump github.com/containers/storage from 1.18.2 to 1.19.0 Bump github.com/containers/common from 0.9.0 to 0.9.1 cgroup_manager should be under [engine] Use c/common/pkg/auth in login/logout Cirrus: Temporarily disable Ubuntu 19 testing Add containers.conf to stablebyhand build Update gitignore to exclude test Dockerfiles Bump github.com/fsouza/go-dockerclient from 1.6.3 to 1.6.4 Bump github.com/containers/common from 0.8.1 to 0.9.0 Bump back to v1.15.0-dev Remove warning for systemd inside of container ## v1.14.8 (2020-04-09) Run (make vendor) Run (make -C tests/tools vendor) Run (go mod tidy) before (go mod vendor) again Fix (make vendor) Bump validation Bump back to v1.15.0-dev ## v1.14.7 (2020-04-07) Bump github.com/containers/image/v5 from 5.3.1 to 5.4.3 make vendor: run `tidy` after `vendor` Do not skip the directory when the ignore pattern matches Bump github.com/containers/common from 0.7.0 to 0.8.1 Downgrade siruspen/logrus from 1.4.2 Fix errorf conventions dockerignore tests : remove symlinks, rework Bump back to v1.15.0-dev ## v1.14.6 (2020-04-02) bud.bats - cleanup, refactoring vendor in latest containers/storage 1.18.0 and containers/common v0.7.0 Bump github.com/spf13/cobra from 0.0.6 to 0.0.7 Bump github.com/containers/storage from 1.16.5 to 1.17.0 Bump github.com/containers/image/v5 from 5.2.1 to 5.3.1 Fix Amazon install step Bump back to v1.15.0-dev Fix bud-build-arg-cache test Make image history work correctly with new args handling Don't add args to the RUN environment from the Builder Update github.com/openshift/imagebuilder to v1.1.4 Add .swp files to .gitignore ## v1.14.5 (2020-03-26) revert #2246 FIPS mode change Bump back to v1.15.0-dev image with dup layers: we now have one on quay digest test : make more robust ## v1.14.4 (2020-03-25) Fix fips-mode check for RHEL8 boxes Fix potential CVE in tarfile w/ symlink (Edit 02-Jun-2020: Addresses CVE-2020-10696) Fix .dockerignore with globs and ! commands update install steps for Amazon Linux 2 Bump github.com/openshift/imagebuilder from 1.1.2 to 1.1.3 Add comment for RUN command in volume ownership test Run stat command directly for volume ownership test vendor in containers/common v0.6.1 Cleanup go.sum Bump back to v1.15.0-dev ## v1.14.3 (2020-03-17) Update containers/storage to v1.16.5 Bump github.com/containers/storage from 1.16.2 to 1.16.4 Bump github.com/openshift/imagebuilder from 1.1.1 to 1.1.2 Update github.com/openshift/imagebuilder vendoring Update unshare man page to fix script example Fix compilation errors on non linux platforms Bump containers/common and opencontainers/selinux versions Add tests for volume ownership Preserve volume uid and gid through subsequent commands Fix FORWARD_NULL errors found by Coverity Bump github.com/containers/storage from 1.16.1 to 1.16.2 Fix errors found by codespell Bump back to v1.15.0-dev Add Pull Request Template ## v1.14.2 (2020-03-03) Add Buildah pull request template Bump to containers/storage v1.16.1 run_linux: fix tight loop if file is not pollable Bump github.com/opencontainers/selinux from 1.3.2 to 1.3.3 Bump github.com/containers/common from 0.4.1 to 0.4.2 Bump back to v1.15.0-dev Add Containerfile to build a versioned stable image on quay.io ## v1.14.1 (2020-02-27) Search for local runtime per values in containers.conf Set correct ownership on working directory BATS : in teardown, umount stale mounts Bump github.com/spf13/cobra from 0.0.5 to 0.0.6 Bump github.com/fsouza/go-dockerclient from 1.6.1 to 1.6.3 Bump github.com/stretchr/testify from 1.4.0 to 1.5.1 Replace unix with syscall to allow vendoring into libpod Update to containers/common v0.4.1 Improve remote manifest retrieval Fix minor spelling errors in containertools README Clear the right variable in buildahimage Correct a couple of incorrect format specifiers Update to containers/common v0.3.0 manifest push --format: force an image type, not a list type run: adjust the order in which elements are added to $PATH getDateAndDigestAndSize(): handle creation time not being set Bump github.com/containers/common from 0.2.0 to 0.2.1 include installation steps for CentOS 8 and Stream include installation steps for CentOS7 and forks Adjust Ubuntu install info to also work on Pop!_OS Make the commit id clear like Docker Show error on copied file above context directory in build Bump github.com/containers/image/v5 from 5.2.0 to 5.2.1 pull/from/commit/push: retry on most failures Makefile: fix install.cni.sudo Repair buildah so it can use containers.conf on the server side Bump github.com/mattn/go-shellwords from 1.0.9 to 1.0.10 Bump github.com/fsouza/go-dockerclient from 1.6.0 to 1.6.1 Fixing formatting & build instructions Add Code of Conduct Bors: Fix no. req. github reviews Cirrus+Bors: Simplify temp branch skipping Bors-ng: Add documentation and status-icon Bump github.com/onsi/ginkgo from 1.11.0 to 1.12.0 fix XDG_RUNTIME_DIR for authfile Cirrus: Disable F29 testing Cirrus: Add jq package Cirrus: Fix lint + validation using wrong epoch Stop using fedorproject registry Bors: Workaround ineffective required statuses Bors: Enable app + Disable Travis Cirrus: Add standardized log-collection Cirrus: Improve automated lint + validation Allow passing options to golangci-lint Cirrus: Fixes from review feedback Cirrus: Temporarily ignore VM testing failures Cirrus: Migrate off papr + implement VM testing Cirrus: Update packages + fixes for get_ci_vm.sh Show validation command-line Skip overlay test w/ vfs driver use alpine, not centos, for various tests Flake handling: cache and prefetch images Bump to v1.15.0-dev ## v1.14.0 (2020-02-05) bump github.com/mtrmac/gpgme Update containers/common to v0.1.4 manifest push: add --format option Bump github.com/onsi/gomega from 1.8.1 to 1.9.0 vendor github.com/containers/image/v5@v5.2.0 info test: deal with random key order Bump back to v1.14.0-dev ## v1.13.2 (2020-01-29) sign.bats: set GPG_TTY=/dev/null Fix parse_unsupported.go getDateAndDigestAndSize(): use manifest.Digest Bump github.com/opencontainers/selinux from 1.3.0 to 1.3.1 Bump github.com/containers/common from 0.1.0 to 0.1.2 Touch up os/arch doc chroot: handle slightly broken seccomp defaults buildahimage: specify fuse-overlayfs mount options Bump github.com/mattn/go-shellwords from 1.0.7 to 1.0.9 copy.bats: make sure we detect failures due to missing source parse: don't complain about not being able to rename something to itself Makefile: use a $(GO_TEST) macro, fix a typo manifests: unit test fix Fix build for 32bit platforms Allow users to set OS and architecture on bud Fix COPY in containerfile with envvar Bump c/storage to v1.15.7 add --sign-by to bud/commit/push, --remove-signatures for pull/push Remove cut/paste error in CHANGELOG.md Update vendor of containers/common to v0.1.0 update install instructions for Debian, Raspbian and Ubuntu Add support for containers.conf Bump back to v1.14.0-dev ## v1.13.1 (2020-01-14) Bump github.com/containers/common from 0.0.5 to 0.0.7 Bump github.com/onsi/ginkgo from 1.10.3 to 1.11.0 Bump github.com/pkg/errors from 0.8.1 to 0.9.0 Bump github.com/onsi/gomega from 1.7.1 to 1.8.1 Add codespell support copyFileWithTar: close source files at the right time copy: don't digest files that we ignore Check for .dockerignore specifically Travis: rm go 1.12.x Don't setup excludes, if their is only one pattern to match set HOME env to /root on chroot-isolation by default docs: fix references to containers-*.5 update openshift/api fix bug Add check .dockerignore COPY file buildah bud --volume: run from tmpdir, not source dir Fix imageNamePrefix to give consistent names in buildah-from cpp: use -traditional and -undef flags Fix image reference in tutorial 4 discard outputs coming from onbuild command on buildah-from --quiet make --format columnizing consistent with buildah images Bump to v1.14.0-dev ## v1.13.0 (2019-12-27) Bump to c/storage v1.15.5 Update container/storage to v1.15.4 Fix option handling for volumes in build Rework overlay pkg for use with libpod Fix buildahimage builds for buildah Add support for FIPS-Mode backends Set the TMPDIR for pulling/pushing image to $TMPDIR WIP: safer test for pull --all-tags BATS major cleanup: blobcache.bats: refactor BATS major cleanup: part 4: manual stuff BATS major cleanup, step 3: yet more run_buildah BATS major cleanup, part 2: use more run_buildah BATS major cleanup, part 1: log-level Bump github.com/containers/image/v5 from 5.0.0 to 5.1.0 Bump github.com/containers/common from 0.0.3 to 0.0.5 Bump to v1.13.0-dev ## v1.12.0 (2019-12-13) Allow ADD to use http src Bump to c/storage v.1.15.3 install.md: update golang dependency imgtype: reset storage opts if driver overridden Start using containers/common overlay.bats typo: fuse-overlays should be fuse-overlayfs chroot: Unmount with MNT_DETACH instead of UnmountMountpoints() bind: don't complain about missing mountpoints imgtype: check earlier for expected manifest type Vendor containers/storage fix Vendor containers/storage v1.15.1 Add history names support PR takeover of #1966 Tests: Add inspect test check steps Tests: Add container name and id check in containers test steps Test: Get permission in add test Tests: Add a test for tag by id Tests: Add test cases for push test Tests: Add image digest test Tests: Add some buildah from tests Tests: Add two commit test Tests: Add buildah bud with --quiet test Tests: Add two test for buildah add Bump back to v1.12.0-dev ## v1.11.6 (2019-12-03) Handle missing equal sign in --from and --chown flags for COPY/ADD bud COPY does not download URL Bump github.com/onsi/gomega from 1.7.0 to 1.7.1 Fix .dockerignore exclude regression Ran buildah through codespell commit(docker): always set ContainerID and ContainerConfig Touch up commit man page image parameter Add builder identity annotations. info: use util.Runtime() Bump github.com/onsi/ginkgo from 1.10.2 to 1.10.3 Bump back to v1.12.0-dev ## v1.11.5 (2019-11-11) Enhance error on unsafe symbolic link targets Add OCIRuntime to info Check nonexsit authfile Only output image id if running buildah bud --quiet Fix --pull=true||false and add --pull-never to bud and from (retry) cgroups v2: tweak or skip tests Prepwork: new 'skip' helpers for tests Handle configuration blobs for manifest lists unmarshalConvertedConfig: avoid using the updated image's ref Add completions for Manifest commands Add disableFips option to secrets pkg Update bud.bats test archive test Add test for caching based on content digest Builder.untarPath(): always evaluate b.ContentDigester.Hash() Bump github.com/onsi/ginkgo from 1.10.1 to 1.10.2 Fix another broken test: copy-url-mtime yet more fixes Actual bug fix for 'add' test: fix the expected mode BATS tests - lots of mostly minor cleanup build: drop support for ostree Add support for make vendor-in-container imgtype: exit with error if storage fails remove XDG_RUNTIME_DIR from default authfile path fix troubleshooting redirect instructions Bump back to v1.12.0-dev ## v1.11.4 (2019-10-28) buildah: add a "manifest" command manifests: add the module pkg/supplemented: add a package for grouping images together pkg/manifests: add a manifest list build/manipulation API Update for ErrUnauthorizedForCredentials API change in containers/image Update for manifest-lists API changes in containers/image version: also note the version of containers/image Move to containers/image v5.0.0 Enable --device directory as src device Fix git build with branch specified Bump github.com/openshift/imagebuilder from 1.1.0 to 1.1.1 Bump github.com/fsouza/go-dockerclient from 1.4.4 to 1.5.0 Add clarification to the Tutorial for new users Silence "using cache" to ensure -q is fully quiet Add OWNERS File to Buildah Bump github.com/containers/storage from 1.13.4 to 1.13.5 Move runtime flag to bud from common Commit: check for storage.ErrImageUnknown using errors.Cause() Fix crash when invalid COPY --from flag is specified. Bump back to v1.12.0-dev ## v1.11.3 (2019-10-04) Update c/image to v4.0.1 Bump github.com/spf13/pflag from 1.0.3 to 1.0.5 Fix --build-args handling Bump github.com/spf13/cobra from 0.0.3 to 0.0.5 Bump github.com/cyphar/filepath-securejoin from 0.2.1 to 0.2.2 Bump github.com/onsi/ginkgo from 1.8.0 to 1.10.1 Bump github.com/fsouza/go-dockerclient from 1.3.0 to 1.4.4 Add support for retrieving context from stdin "-" Ensure bud remote context cleans up on error info: add cgroups2 Bump github.com/seccomp/libseccomp-golang from 0.9.0 to 0.9.1 Bump github.com/mattn/go-shellwords from 1.0.5 to 1.0.6 Bump github.com/stretchr/testify from 1.3.0 to 1.4.0 Bump github.com/opencontainers/selinux from 1.2.2 to 1.3.0 Bump github.com/etcd-io/bbolt from 1.3.2 to 1.3.3 Bump github.com/onsi/gomega from 1.5.0 to 1.7.0 update c/storage to v1.13.4 Print build 'STEP' line to stdout, not stderr Fix travis-ci on forks Vendor c/storage v1.13.3 Use Containerfile by default Added tutorial on how to include Buildah as library util/util: Fix "configuraitno" -> "configuration" log typo Bump back to v1.12.0-dev ## v1.11.2 (2019-09-13) Add some cleanup code Move devices code to unit specific directory. Bump back to v1.12.0-dev ## v1.11.1 (2019-09-11) Add --devices flag to bud and from Downgrade .papr to highest atomic verion Add support for /run/.containerenv Truncate output of too long image names Preserve file and directory mount permissions Bump fedora version from 28 to 30 makeImageRef: ignore EmptyLayer if Squash is set Set TMPDIR to /var/tmp by default replace --debug=false with --log-level=error Allow mounts.conf entries for equal source and destination paths fix label and annotation for 1-line Dockerfiles Enable interfacer linter and fix lints install.md: mention goproxy Makefile: use go proxy Bump to v1.12.0-dev ## v1.11.0 (2019-08-29) tests/bud.bats: add --signature-policy to some tests Vendor github.com/openshift/api pull/commit/push: pay attention to $BUILD_REGISTRY_SOURCES Add `--log-level` command line option and deprecate `--debug` add support for cgroupsV2 Correctly detect ExitError values from Run() Disable empty logrus timestamps to reduce logger noise Remove outdated deps Makefile target Remove gofmt.sh in favor of golangci-lint Remove govet.sh in favor of golangci-lint Allow to override build date with SOURCE_DATE_EPOCH Update shebangs to take env into consideration Fix directory pull image names Add --digestfile and Re-add push statement as debug README: mention that Podman uses Buildah's API Use content digests in ADD/COPY history entries add: add a DryRun flag to AddAndCopyOptions Fix possible runtime panic on bud Add security-related volume options to validator use correct path for ginkgo Add bud 'without arguments' integration tests Update documentation about bud add: handle hard links when copying with .dockerignore add: teach copyFileWithTar() about symlinks and directories Allow buildah bud to be called without arguments imagebuilder: fix detection of referenced stage roots Touch up go mod instructions in install run_linux: fix mounting /sys in a userns Vendor Storage v1.13.2 Cirrus: Update VM images Fix handling of /dev/null masked devices Update `bud`/`from` help to contain indicator for `--dns=none` Bump back to v1.11.0-dev ## v1.10.1 (2019-08-08) Bump containers/image to v3.0.2 to fix keyring issue Bug fix for volume minus syntax Bump container/storage v1.13.1 and containers/image v3.0.1 bump github.com/containernetworking/cni to v0.7.1 Add overlayfs to fuse-overlayfs tip Add automatic apparmor tag discovery Fix bug whereby --get-login has no effect Bump to v1.11.0-dev ## v1.10.0 (2019-08-02) vendor github.com/containers/image@v3.0.0 Remove GO111MODULE in favor of `-mod=vendor` Vendor in containers/storage v1.12.16 Add '-' minus syntax for removal of config values tests: enable overlay tests for rootless rootless, overlay: use fuse-overlayfs vendor github.com/containers/image@v2.0.1 Added '-' syntax to remove volume config option delete `successfully pushed` message Add golint linter and apply fixes vendor github.com/containers/storage@v1.12.15 Change wait to sleep in buildahimage readme Handle ReadOnly images when deleting images Add support for listing read/only images ## v1.9.2 (2019-07-19) from/import: record the base image's digest, if it has one Fix CNI version retrieval to not require network connection Add misspell linter and apply fixes Add goimports linter and apply fixes Add stylecheck linter and apply fixes Add unconvert linter and apply fixes image: make sure we don't try to use zstd compression run.bats: skip the "z" flag when testing --mount Update to runc v1.0.0-rc8 Update to match updated runtime-tools API bump github.com/opencontainers/runtime-tools to v0.9.0 Build e2e tests using the proper build tags Add unparam linter and apply fixes Run: correct a typo in the --cap-add help text unshare: add a --mount flag fix push check image name is not empty Bump to v1.9.2-dev ## v1.9.1 (2019-07-12) add: fix slow copy with no excludes Add errcheck linter and fix missing error check Improve tests/tools/Makefile parallelism and abstraction Fix response body not closed resource leak Switch to golangci-lint Add gomod instructions and mailing list links On Masked path, check if /dev/null already mounted before mounting Update to containers/storage v1.12.13 Refactor code in package imagebuildah Add rootless podman with NFS issue in documentation Add --mount for buildah run import method ValidateVolumeOpts from libpod Fix typo Makefile: set GO111MODULE=off rootless: add the built-in slirp DNS server Update docker/libnetwork to get rid of outdated sctp package Update buildah-login.md migrate to go modules install.md: mention go modules tests/tools: go module for test binaries fix --volume splits comma delimited option Add bud test for RUN with a priv'd command vendor logrus v1.4.2 pkg/cli: panic when flags can't be hidden pkg/unshare: check all errors pull: check error during report write run_linux.go: ignore unchecked errors conformance test: catch copy error chroot/run_test.go: export funcs to actually be executed tests/imgtype: ignore error when shutting down the store testreport: check json error bind/util.go: remove unused func rm chroot/util.go imagebuildah: remove unused `dedupeStringSlice` StageExecutor: EnsureContainerPath: catch error from SecureJoin() imagebuildah/build.go: return instead of branching rmi: avoid redundant branching conformance tests: nilness: allocate map imagebuildah/build.go: avoid redundant `filepath.Join()` imagebuildah/build.go: avoid redundant `os.Stat()` imagebuildah: omit comparison to bool fix "ineffectual assignment" lint errors docker: ignore "repeats json tag" lint error pkg/unshare: use `...` instead of iterating a slice conformance: bud test: use raw strings for regexes conformance suite: remove unused func/var buildah test suite: remove unused vars/funcs testreport: fix golangci-lint errors util: remove redundant `return` statement chroot: only log clean-up errors images_test: ignore golangci-lint error blobcache: log error when draining the pipe imagebuildah: check errors in deferred calls chroot: fix error handling in deferred funcs cmd: check all errors chroot/run_test.go: check errors chroot/run.go: check errors in deferred calls imagebuildah.Executor: remove unused onbuild field docker/types.go: remove unused struct fields util: use strings.ContainsRune instead of index check Cirrus: Initial implementation Bump to v1.9.1-dev ## v1.9.0 (2019-06-15) buildah-run: fix-out-of-range panic (2) Bump back to v1.9.0-dev ## v1.8.4 (2019-06-13) Update containers/image to v2.0.0 run: fix hang with run and --isolation=chroot run: fix hang when using run chroot: drop unused function call remove --> before imgageID on build Always close stdin pipe Write deny to setgroups when doing single user mapping Avoid including linux/memfd.h Add a test for the symlink pointing to a directory Add missing continue Fix the handling of symlinks to absolute paths Only set default network sysctls if not rootless Support --dns=none like podman fix bug --cpu-shares parsing typo Fix validate complaint Update vendor on containers/storage to v1.12.10 Create directory paths for COPY thereby ensuring correct perms imagebuildah: use a stable sort for comparing build args imagebuildah: tighten up cache checking bud.bats: add a test verying the order of --build-args add -t to podman run imagebuildah: simplify screening by top layers imagebuildah: handle ID mappings for COPY --from imagebuildah: apply additionalTags ourselves bud.bats: test additional tags with cached images bud.bats: add a test for WORKDIR and COPY with absolute destinations Cleanup Overlay Mounts content ## v1.8.3 (2019-06-04) Add support for file secret mounts Add ability to skip secrets in mounts file allow 32bit builds fix tutorial instructions imagebuilder: pass the right contextDir to Add() add: use fileutils.PatternMatcher for .dockerignore bud.bats: add another .dockerignore test unshare: fallback to single usermapping addHelperSymlink: clear the destination on os.IsExist errors bud.bats: test replacing symbolic links imagebuildah: fix handling of destinations that end with '/' bud.bats: test COPY with a final "/" in the destination linux: add check for sysctl before using it unshare: set _CONTAINERS_ROOTLESS_GID Rework buildahimamges build context: support https git repos Add a test for ENV special chars behaviour Check in new Dockerfiles Apply custom SHELL during build time config: expand variables only at the command line SetEnv: we only need to expand v once Add default /root if empty on chroot iso Add support for Overlay volumes into the container. Export buildah validate volume functions so it can share code with libpod Bump baseline test to F30 Fix rootless handling of /dev/shm size Avoid fmt.Printf() in the library imagebuildah: tighten cache checking back up Handle WORKDIR with dangling target Default Authfile to proper path Make buildah run --isolation follow BUILDAH_ISOLATION environment Vendor in latest containers/storage and containers/image getParent/getChildren: handle layerless images imagebuildah: recognize cache images for layerless images bud.bats: test scratch images with --layers caching Get CHANGELOG.md updates Add some symlinks to test our .dockerignore logic imagebuildah: addHelper: handle symbolic links commit/push: use an everything-allowed policy Correct manpage formatting in files section Remove must be root statement from buildah doc Change image names to stable, testing and upstream Bump back to v1.9.0-dev ## v1.8.2 (2019-05-02) Vendor Storage 1.12.6 Create scratch file in TESTDIR Test bud-copy-dot with --layers picks up changed file Bump back to 1.9.0-dev ## v1.8.1 (2019-05-01) Don't create directory on container Replace kubernetes/pause in tests with k8s.gcr.io/pause imagebuildah: don't remove intermediate images if we need them Rework buildahimagegit to buildahimageupstream Fix Transient Mounts Handle WORKDIRs that are symlinks allow podman to build a client for windows Touch up 1.9-dev to 1.9.0-dev Bump to 1.9-dev ## v1.8.0 (2019-04-26) Resolve symlink when checking container path commit: commit on every instruction, but not always with layers CommitOptions: drop the unused OnBuild field makeImageRef: pass in the whole CommitOptions structure cmd: API cleanup: stores before images run: check if SELinux is enabled Fix buildahimages Dockerfiles to include support for additionalimages mounted from host. Detect changes in rootdir Fix typo in buildah-pull(1) Vendor in latest containers/storage Keep track of any build-args used during buildah bud --layers commit: always set a parent ID imagebuildah: rework unused-argument detection fix bug dest path when COPY .dockerignore Move Host IDMAppings code from util to unshare Add BUILDAH_ISOLATION rootless back Travis CI: fail fast, upon error in any step imagebuildah: only commit images for intermediate stages if we have to Use errors.Cause() when checking for IsNotExist errors auto pass http_proxy to container Bump back to 1.8-dev ## v1.7.3 (2019-04-16) imagebuildah: don't leak image structs Add Dockerfiles for buildahimages Bump to Replace golang 1.10 with 1.12 add --dns* flags to buildah bud Add hack/build_speed.sh test speeds on building container images Create buildahimage Dockerfile for Quay rename 'is' to 'expect_output' squash.bats: test squashing in multi-layered builds bud.bats: test COPY --from in a Dockerfile while using the cache commit: make target image names optional Fix bud-args to allow comma separation oops, missed some tests in commit.bats new helper: expect_line_count New tests for #1467 (string slices in cmdline opts) Workarounds for dealing with travis; review feedback BATS tests - extensive but minor cleanup imagebuildah: defer pulling images for COPY --from imagebuildah: centralize COMMIT and image ID output Travis: do not use traviswait imagebuildah: only initialize imagebuilder configuration once per stage Make cleaner error on Dockerfile build errors unshare: move to pkg/ unshare: move some code from cmd/buildah/unshare Fix handling of Slices versus Arrays imagebuildah: reorganize stage and per-stage logic imagebuildah: add empty layers for instructions Add missing step in installing into Ubuntu fix bug in .dockerignore support imagebuildah: deduplicate prepended "FROM" instructions Touch up intro commit: set created-by to the shell if it isn't set commit: check that we always set a "created-by" docs/buildah.md: add "containers-" prefixes under "SEE ALSO" Bump back to 1.8-dev ## v1.7.2 (2019-03-28) mount: do not create automatically a namespace buildah: correctly create the userns if euid!=0 imagebuildah.Build: consolidate cleanup logic CommitOptions: drop the redundant Store field Move pkg/chrootuser from libpod to buildah. imagebuildah: record image IDs and references more often vendor imagebuilder v1.1.0 imagebuildah: fix requiresStart/noRunsRemaining confusion imagebuildah: check for unused args across stages bump github.com/containernetworking/cni to v0.7.0-rc2 imagebuildah: use "useCache" instead of "noCache" imagebuildah.resolveNameToImageRef(): take name as a parameter Export fields of the DokcerIgnore struct imagebuildah: drop the duplicate containerIDs list rootless: by default use the host network namespace imagebuildah: split Executor and per-stage execution imagebuildah: move some fields around golint: make golint happy docs: 01-intro.md: add missing . in Dockerfile examples fix bug using .dockerignore Do not create empty mounts.conf file images: suppress a spurious blank line with no images from: distinguish between ADD and COPY fix bug to not separate each --label value with comma buildah-bud.md: correct a typo, note a default Remove mistaken code that got merged in other PR add sample registries.conf to docs escape shell variables in README example slirp4netns: set mtu to 65520 images: imageReposToMap() already adds : imagebuildah.ReposToMap: move to cmd Build: resolve copyFrom references earlier Allow rootless users to use the cache directory in homedir bud.bats: use the per-test temp directory bud.bats: log output before counting length Simplify checks for leftover args Print commitID with --layers fix bug images use the template to print results rootless: honor --net host onsi/gomeage add missing files vendor latest openshift/imagebuilder Remove noop from squash help Prepend a comment to files setup in container imagebuildah resolveSymlink: fix handling of relative links Errors should be printed to stderr Add recommends for slirp4netns and fuse-overlay Update pull and pull-always flags Hide from users command options that we don't want them to use. Update secrets fipsmode patch to work on rootless containers fix unshare option handling and documentation Vendor in latest containers/storage Hard-code docker.Transport use in pull --all-tags Use a types.ImageReference instead of (transport, name) strings in pullImage etc. Move the computation of srcRef before first pullAndFindImage Don't throw away user-specified tag for pull --all-tags CHANGES BEHAVIOR: Remove the string format input to localImageNameForReference Don't try to parse imageName as transport:image in pullImage Use reference.WithTag instead of manual string manipulation in Pull Don't pass image = transport:repo:tag, transport=transport to pullImage Fix confusing variable naming in Pull Don't try to parse image name as a transport:image Fix error reporting when parsing trans+image Remove 'transport == ""' handling from the pull path Clean up "pulls" of local image IDs / ID prefixes Simplify ExpandNames Document the semantics of transport+name returned by ResolveName UPdate gitvalidation epoch Bump back to 1.8-dev ## v1.7.1 (2019-02-26) vendor containers/image v1.5 Move secrets code from libpod into buildah Update CHANGELOG.md with the past changes README.md: fix typo Fix a few issues found by tests/validate/gometalinter.sh Neutralize buildah/unshare on non-Linux platforms Explicitly specify a directory to find(1) README.md: rephrase Buildah description Stop printing default twice in cli --help install.md: add section about vendoring Bump to 1.8-dev ## v1.7 (2019-02-21) vendor containers/image v1.4 Make "images --all" faster Remove a misleading comment Remove quiet option from pull options Make sure buildah pull --all-tags only works with docker transport Support oci layout format Fix pulling of images within buildah Fix tls-verify polarity Travis: execute make vendor and hack/tree_status.sh vendor.conf: remove unused dependencies add missing vendor/github.com/containers/libpod/vendor.conf vendor.conf: remove github.com/inconshreveable/mousetrap make vendor: always fetch the latest vndr add hack/tree_status.sh script Bump c/Storage to 1.10 Add --all-tags test to pull mount: make error clearer Remove global flags from cli help Set --disable-compression to true as documented Help document using buildah mount in rootless mode healthcheck start-period: update documentation Vendor in latest c/storage and c/image dumpbolt: handle nested buckets Fix buildah commit compress by default Test on xenial, not trusty unshare: reexec using a memfd copy instead of the binary Add --target to bud command Fix example for setting multiple environment variables main: fix rootless mode buildah: force umask 022 pull.bats: specify registry config when using registries pull.bats: use the temporary directory, not /tmp unshare: do not set rootless mode if euid=0 Touch up cli help examples and a few nits Add an undocumented dumpbolt command Move tar commands into containers/storage Fix bud issue with 2 line Dockerfile Add package install descriptions Note configuration file requirements Replace urfave/cli with cobra cleanup vendor.conf Vendor in latest containers/storage Add Quiet to PullOptions and PushOptions cmd/commit: add flag omit-timestamp to allow for deterministic builds Add options for empty-layer history entries Make CLI help descriptions and usage a bit more consistent vndr opencontainers/selinux Bump baseline test Fedora to 29 Bump to v1.7-dev-1 Bump to v1.6-1 Add support for ADD --chown imagebuildah: make EnsureContainerPath() check/create the right one Bump 1.7-dev Fix contrib/rpm/bulidah.spec changelog date ## v1.6-1 (2019-01-18) Add support for ADD --chown imagebuildah: make EnsureContainerPath() check/create the right one Fix contrib/rpm/bulidah.spec changelog date Vendor in latest containers/storage Revendor everything Revendor in latest code by release unshare: do not set USER=root run: ignore EIO when flushing at the end, avoid double log build-using-dockerfile,commit: disable compression by default Update some comments Make rootless work under no_pivot_root Add CreatedAtRaw date field for use with Format Properly format images JSON output pull: add all-tags option Fix support for multiple Short options pkg/blobcache: add synchronization Skip empty files in file check of conformance test Use NoPivot also for RUN, not only for run Remove no longer used isReferenceInsecure / isRegistryInsecure Do not set OCIInsecureSkipTLSVerify based on registries.conf Remove duplicate entries from images JSON output vendor parallel-copy from containers/image blobcache.bats: adjust explicit push tests Handle one line Dockerfile with layers We should only warn if user actually requests Hostname be set in image Fix compiler Warning about comparing different size types imagebuildah: don't walk if rootdir and path are equal Add aliases for buildah containers, so buildah list, ls and ps work vendor: use faster version instead compress/gzip vendor: update libpod Properly handle Hostname inside of RUN command docs: mention how to mount in rootless mode tests: use fully qualified name for centos image travis.yml: use the fully qualified name for alpine mount: allow mount only when using vfs Add some tests for buildah pull Touch up images -q processing Refactor: Use library shared idtools.ParseIDMap() instead of bundling it bump GITVALIDATE_EPOCH cli.BudFlags: add `--platform` nop Makefile: allow packagers to more easily add tags Makefile: soften the requirement on git tests: add containers json test Inline blobCache.putBlob into blobCacheDestination.PutBlob Move saveStream and putBlob near blobCacheDestination.PutBlob Remove BlobCache.PutBlob Update for API changes Vendor c/image after merging c/image#536 Handle 'COPY --from' in Dockerfile Vendor in latest content from github.com/containers/storage Clarify docker.io default in push with docker-daemon Test blob caching Wire in a hidden --blob-cache option Use a blob cache when we're asked to use one Add --disable-compression to 'build-using-dockerfile' Add a blob cache implementation vendor: update containers/storage Update for sysregistriesv2 API changes Update containers/image to 63a1cbdc5e6537056695cf0d627c0a33b334df53 clean up makefile variables Fix file permission Complete the instructions for the command Show warning when a build arg not used Assume user 0 group 0, if /etc/passwd file in container. Add buildah info command Enable -q when --filter is used for images command Add v1.5 Release Announcement Fix dangling filter for images command Fix completions to print Names as well as IDs tests: Fix file permissions Bump 1.6-dev ## v1.5-1 (2018-11-21) Bump min go to 1.10 in install.md vendor: update ostree-go Update docker build command line in conformance test Print command in SystemExec as debug information Add some skip word for inspect check in conformance test Update regex for multi stage base test Sort CLI flags vendor: update containers/storage Add note to install about non-root on RHEL/CentOS Update imagebuild depdency to support heading ARGs in Dockerfile rootless: do not specify --rootless to the OCI runtime Export resolvesymlink function Exclude --force-rm from common bud cli flags run: bind mount /etc/hosts and /etc/resolv.conf if not in a volume rootless: use slirp4netns to setup the network namespace Instructions for completing the pull command Fix travis to not run environment variable patch rootless: only discard network configuration names run: only set up /etc/hosts or /etc/resolv.conf with network common: getFormat: match entire string not only the prefix vendor: update libpod Change validation EPOCH Fixing broken link for container-registries.conf Restore rootless isolation test for from volume ro test ostree: fix tag for build constraint Handle directories better in bud -f vndr in latest containers/storage Fix unshare gofmt issue runSetupBuiltinVolumes(): break up volume setup common: support a per-user registries conf file unshare: do not override the configuration common: honor the rootless configuration file unshare: create a new mount namespace unshare: support libpod rootless pkg Use libpod GetDefaultStorage to report proper storage config Allow container storage to manage the SELinux labels Resolve image names with default transport in from command run: When the value of isolation is set, use the set value instead of the default value. Vendor in latest containers/storage and opencontainers/selinux Remove no longer valid todo Check for empty buildTime in version Change gofmt so it runs on all but 1.10 Run gofmt only on Go 1.11 Walk symlinks when checking cached images for copied/added files ReserveSELinuxLabels(): handle wrapped errors from OpenBuilder Set WorkingDir to empty, not / for conformance Update calls in e2e to addres 1101 imagebuilder.BuildDockerfiles: return the image ID Update for changes in the containers/image API bump(github.com/containers/image) Allow setting --no-pivot default with an env var Add man page and bash completion, for --no-pivot Add the --no-pivot flag to the run command Improve reporting about individual pull failures Move the "short name but no search registries" error handling to resolveImage Return a "search registries were needed but empty" indication in util.ResolveName Simplify handling of the "tried to pull an image but found nothing" case in newBuilder Don't even invoke the pull loop if options.FromImage == "" Eliminate the long-running ref and img variables in resolveImage In resolveImage, return immediately on success Fix From As in Dockerfile Vendor latest containers/image Vendor in latest libpod Sort CLI flags of buildah bud Change from testing with golang 1.9 to 1.11. unshare: detect when unprivileged userns are disabled Optimize redundant code fix missing format param chroot: fix the args check imagebuildah: make ResolveSymLink public Update copy chown test buildah: use the same logic for XDG_RUNTIME_DIR as podman V1.4 Release Announcement Podman --privileged selinux is broken papr: mount source at gopath parse: Modify the return value parse: modify the verification of the isolation value Make sure we log or return every error pullImage(): when completing an image name, try docker:// Fix up Tutorial 3 to account for format Vendor in latest containers/storage and containers/image docs/tutorials/01-intro.md: enhanced installation instructions Enforce "blocked" for registries for the "docker" transport Correctly set DockerInsecureSkipTLSVerify when pulling images chroot: set up seccomp and capabilities after supplemental groups chroot: fix capabilities list setup and application .papr.yml: log the podman version namespaces.bats: fix handling of uidmap/gidmap options in pairs chroot: only create user namespaces when we know we need them Check /proc/sys/user/max_user_namespaces on unshare(NEWUSERNS) bash/buildah: add isolation option to the from command ## v1.4 (2018-10-02) from: fix isolation option Touchup pull manpage Export buildah ReserveSELinuxLables so podman can use it Add buildah.io to README.md and doc fixes Update rmi man for prune changes Ignore file not found removal error in bud bump(github.com/containers/{storage,image}) NewImageSource(): only create one Diff() at a time Copy ExposedPorts from base image into the config tests: run conformance test suite in Travis Change rmi --prune to not accept an imageID Clear intermediate container IDs after each stage Request podman version for build issues unshare: keep the additional groups of the user Builtin volumes should be owned by the UID/GID of the container Get rid of dangling whitespace in markdown files Move buildah from projecatatomic/buildah to containers/buildah nitpick: parse.validateFlags loop in bud cli bash: Completion options Add signature policy to push tests vendor in latest containers/image Fix grammar in Container Tools Guide Don't build btrfs if it is not installed new: Return image-pulling errors from resolveImage pull: Return image-pulling errors from pullImage Add more volume mount tests chroot: create missing parent directories for volume mounts Push: Allow an empty destination Add Podman relationship to readme, create container tools guide Fix arg usage in buildah-tag Add flags/arguments order verification to other commands Handle ErrDuplicateName errors from store.CreateContainer() Evaluate symbolic links on Add/Copy Commands Vendor in latest containers/image and containers/storage Retain bounding set when running containers as non root run container-diff tests in Travis buildah-images.md: Fix option contents push: show image digest after push succeed Vendor in latest containers/storage,image,libpod and runc Change references to cri-o to point at new repository Exclude --layers from the common bug cli flags demos: Increase the executable permissions run: clear default seccomp filter if not enabled Bump maximum cyclomatic complexity to 45 stdin: on HUP, read everything nitpick: use tabs in tests/helpers.bash Add flags/arguments order verification to one arg commands nitpick: decrease cognitive complexity in buildah-bud rename: Avoid renaming the same name as other containers chroot isolation: chroot() before setting up seccomp Small nitpick at the "if" condition in tag.go cmd/images: Modify json option cmd/images: Disallow the input of image when using the -a option Fix examples to include context directory Update containers/image to fix commit layer issue cmd/containers: End loop early when using the json option Make buildah-from error message clear when flags are after arg Touch up README.md for conformance tests Update container/storage for lock fix cmd/rm: restore the correct containerID display Remove debug lines Remove docker build image after each test Add README for conformance test Update the MakeOptions to accept all command options for buildah Update regrex to fit the docker output in test "run with JSON" cmd/buildah: Remove redundant variable declarations Warn about using Commands in Dockerfile that are not supported by OCI. Add buildah bud conformance test Fix rename to also change container name in builder Makefile: use $(GO) env-var everywhere Cleanup code to more closely match Docker Build images Document BUILDAH_* environment variables in buildah bud --help output Return error immediately if error occurs in Prepare step Fix --layers ADD from url issue Add "Sign your PRs" TOC item to contributing.md. Display the correct ID after deleting image rmi: Modify the handling of errors Let util.ResolveName() return parsing errors Explain Open Container Initiative (OCI) acronym, add link Update vendor for urfave/cli back to master Handle COPY --chown in Dockerfile Switch to Recommends container-selinux Update vendor for containernetworking, imagebuildah and podman Document STORAGE_DRIVER and STORAGE_OPTS environment variable Change references to projectatomic/libpod to containers/libpod Add container PATH retrieval example Expand variables names for --env imagebuildah: provide a way to provide stdin for RUN Remove an unused srcRef.NewImageSource in pullImage chroot: correct a comment chroot: bind mount an empty directory for masking Don't bother with --no-pivot for rootless isolation CentOS need EPEL repo Export a Pull() function Remove stream options, since docker build does not have it release v1.3: mention openSUSE Add Release Announcements directory Bump to v1.4-dev ## 1.3 (2018-08-4) Revert pull error handling from 881 bud should not search context directory for Dockerfile Set BUILDAH_ISOLATION=rootless when running unprivileged .papr.sh: Also test with BUILDAH_ISOLATION=rootless Skip certain tests when we're using "rootless" isolation .travis.yml: run integration tests with BUILDAH_ISOLATION=chroot Add and implement IsolationOCIRootless Add a value for IsolationOCIRootless Fix rmi to remove intermediate images associated with an image Return policy error on pull Update containers/image to 216acb1bcd2c1abef736ee322e17147ee2b7d76c Switch to github.com/containers/image/pkg/sysregistriesv2 unshare: make adjusting the OOM score optional Add flags validation chroot: handle raising process limits chroot: make the resource limits name map module-global Remove rpm.bats, we need to run this manually Set the default ulimits to match Docker buildah: no args is out of bounds unshare: error message missed the pid preprocess ".in" suffixed Dockerfiles Fix the the in buildah-config man page Only test rpmbuild on latest fedora Add support for multiple Short options Update to latest urvave/cli Add additional SELinux tests Vendor in latest github.com/containers/{image;storage} Stop testing with golang 1.8 Fix volume cache issue with buildah bud --layers Create buildah pull command Increase the deadline for gometalinter during 'make validate' .papr.sh: Also test with BUILDAH_ISOLATION=chroot .travis.yml: run integration tests with BUILDAH_ISOLATION=chroot Add a Dockerfile Set BUILDAH_ISOLATION=chroot when running unprivileged Add and implement IsolationChroot Update github.com/opencontainers/runc maybeReexecUsingUserNamespace: add a default for root Allow ping command without NET_RAW Capabilities rmi.storageImageID: fix Wrapf format warning Allow Dockerfile content to come from stdin Vendor latest container/storage to fix overlay mountopt userns: assign additional IDs sequentially Remove default dev/pts Add OnBuild test to baseline test tests/run.bats(volumes): use :z when SELinux is enabled Avoid a stall in runCollectOutput() Use manifest from container/image Vendor in latest containers/image and containers/storage add rename command Completion command Update CHANGELOG.md Update vendor for runc to fix 32 bit builds bash completion: remove shebang Update vendor for runc to fix 32 bit builds ## 1.2 (2018-07-14) Vendor in lates containers/image build-using-dockerfile: let -t include transports again Block use of /proc/acpi and /proc/keys from inside containers Fix handling of --registries-conf Fix becoming a maintainer link add optional CI test fo darwin Don't pass a nil error to errors.Wrapf() image filter test: use kubernetes/pause as a "since" Add --cidfile option to from vendor: update containers/storage Contributors need to find the CONTRIBUTOR.md file easier Add a --loglevel option to build-with-dockerfile Create Development plan cmd: Code improvement allow buildah cross compile for a darwin target Add unused function param lint check docs: Follow man-pages(7) suggestions for SYNOPSIS Start using github.com/seccomp/containers-golang umount: add all option to umount all mounted containers runConfigureNetwork(): remove an unused parameter Update github.com/opencontainers/selinux Fix buildah bud --layers Force ownership of /etc/hosts and /etc/resolv.conf to 0:0 main: if unprivileged, reexec in a user namespace Vendor in latest imagebuilder Reduce the complexity of the buildah.Run function mount: output it before replacing lastError Vendor in latest selinux-go code Implement basic recognition of the "--isolation" option Run(): try to resolve non-absolute paths using $PATH Run(): don't include any default environment variables build without seccomp vendor in latest runtime-tools bind/mount_unsupported.go: remove import errors Update github.com/opencontainers/runc Add Capabilities lists to BuilderInfo Tweaks for commit tests commit: recognize committing to second storage locations Fix ARGS parsing for run commands Add info on registries.conf to from manpage Switch from using docker to podman for testing in .papr buildah: set the HTTP User-Agent ONBUILD tutorial Add information about the configuration files to the install docs Makefile: add uninstall Add tilde info for push to troubleshooting mount: support multiple inputs Use the right formatting when adding entries to /etc/hosts Vendor in latest go-selinux bindings Allow --userns-uid-map/--userns-gid-map to be global options bind: factor out UnmountMountpoints Run(): simplify runCopyStdio() Run(): handle POLLNVAL results Run(): tweak terminal mode handling Run(): rename 'copyStdio' to 'copyPipes' Run(): don't set a Pdeathsig for the runtime Run(): add options for adding and removing capabilities Run(): don't use a callback when a slice will do setupSeccomp(): refactor Change RunOptions.Stdin/Stdout/Stderr to just be Reader/Writers Escape use of '_' in .md docs Break out getProcIDMappings() Break out SetupIntermediateMountNamespace() Add Multi From Demo Use the c/image conversion code instead of converting configs manually Don't throw away the manifest MIME type and guess again Consolidate loading manifest and config in initConfig Pass a types.Image to Builder.initConfig Require an image ID in importBuilderDataFromImage Use c/image/manifest.GuessMIMEType instead of a custom heuristic Do not ignore any parsing errors in initConfig Explicitly handle "from scratch" images in Builder.initConfig Fix parsing of OCI images Simplify dead but dangerous-looking error handling Don't ignore v2s1 history if docker_version is not set Add --rm and --force-rm to buildah bud Add --all,-a flag to buildah images Separate stdio buffering from writing Remove tty check from images --format Add environment variable BUILDAH_RUNTIME Add --layers and --no-cache to buildah bud Touch up images man version.md: fix DESCRIPTION tests: add containers test tests: add images test images: fix usage fix make clean error Change 'registries' to 'container registries' in man add commit test Add(): learn to record hashes of what we add Minor update to buildah config documentation for entrypoint Bump to v1.2-dev Add registries.conf link to a few man pages ## 1.1 (2018-06-08) Drop capabilities if running container processes as non root Print Warning message if cmd will not be used based on entrypoint Update 01-intro.md Shouldn't add insecure registries to list of search registries Report errors on bad transports specification when pushing images Move parsing code out of common for namespaces and into pkg/parse.go Add disable-content-trust noop flag to bud Change freenode chan to buildah runCopyStdio(): don't close stdin unless we saw POLLHUP Add registry errors for pull runCollectOutput(): just read until the pipes are closed on us Run(): provide redirection for stdio rmi, rm: add test add mount test Add parameter judgment for commands that do not require parameters Add context dir to bud command in baseline test run.bats: check that we can run with symlinks in the bundle path Give better messages to users when image can not be found use absolute path for bundlePath Add environment variable to buildah --format rm: add validation to args and all option Accept json array input for config entrypoint Run(): process RunOptions.Mounts, and its flags Run(): only collect error output from stdio pipes if we created some Add OnBuild support for Dockerfiles Quick fix on demo readme run: fix validate flags buildah bud should require a context directory or URL Touchup tutorial for run changes Validate common bud and from flags images: Error if the specified imagename does not exist inspect: Increase err judgments to avoid panic add test to inspect buildah bud picks up ENV from base image Extend the amount of time travis_wait should wait Add a make target for Installing CNI plugins Add tests for namespace control flags copy.bats: check ownerships in the container Fix SELinux test errors when SELinux is enabled Add example CNI configurations Run: set supplemental group IDs Run: use a temporary mount namespace Use CNI to configure container networks add/secrets/commit: Use mappings when setting permissions on added content Add CLI options for specifying namespace and cgroup setup Always set mappings when using user namespaces Run(): break out creation of stdio pipe descriptors Read UID/GID mapping information from containers and images Additional bud CI tests Run integration tests under travis_wait in Travis build-using-dockerfile: add --annotation Implement --squash for build-using-dockerfile and commit Vendor in latest container/storage for devicemapper support add test to inspect Vendor github.com/onsi/ginkgo and github.com/onsi/gomega Test with Go 1.10, too Add console syntax highlighting to troubleshooting page bud.bats: print "$output" before checking its contents Manage "Run" containers more closely Break Builder.Run()'s "run runc" bits out util.ResolveName(): handle completion for tagged/digested image names Handle /etc/hosts and /etc/resolv.conf properly in container Documentation fixes Make it easier to parse our temporary directory as an image name Makefile: list new pkg/ subdirectoris as dependencies for buildah containerImageSource: return more-correct errors API cleanup: PullPolicy and TerminalPolicy should be types Make "run --terminal" and "run -t" aliases for "run --tty" Vendor github.com/containernetworking/cni v0.6.0 Update github.com/containers/storage Update github.com/containers/libpod Add support for buildah bud --label buildah push/from can push and pull images with no reference Vendor in latest containers/image Update gometalinter to fix install.tools error Update troubleshooting with new run workaround Added a bud demo and tidied up Attempt to download file from url, if fails assume Dockerfile Add buildah bud CI tests for ENV variables Re-enable rpm .spec version check and new commit test Update buildah scratch demo to support el7 Added Docker compatibility demo Update to F28 and new run format in baseline test Touchup man page short options across man pages Added demo dir and a demo. chged distrorlease builder-inspect: fix format option Add cpu-shares short flag (-c) and cpu-shares CI tests Minor fixes to formatting in rpm spec changelog Fix rpm .spec changelog formatting CI tests and minor fix for cache related noop flags buildah-from: add effective value to mount propagation ## 1.0 (2018-05-06) Declare Buildah 1.0 Add cache-from and no-cache noops, and fix doco Update option and documentation for --force-rm Adding noop for --force-rm to match --rm Add buildah bud ENTRYPOINT,CMD,RUN tests Adding buildah bud RUN test scenarios Extend tests for empty buildah run command Fix formatting error in run.go Update buildah run to make command required Expanding buildah run cmd/entrypoint tests Update test cases for buildah run behaviour Remove buildah run cmd and entrypoint execution Add Files section with registries.conf to pertinent man pages tests/config: perfect test tests/from: add name test Do not print directly to stdout in Commit() Touch up auth test commands Force "localhost" as a default registry Drop util.GetLocalTime() Vendor in latest containers/image Validate host and container paths passed to --volume test/from: add add-host test Add --compress, --rm, --squash flags as a noop for bud Add FIPS mode secret to buildah run and bud Add config --comment/--domainname/--history-comment/--hostname 'buildah config': stop replacing Created-By whenever it's not specified Modify man pages so they compile correctly in mandb Add description on how to do --isolation to buildah-bud man page Add support for --iidfile to bud and commit Refactor buildah bud for vendoring Fail if date or git not installed Revert update of entrypoint behaviour to match docker Vendor in latest imagebuilder code to fix multiple stage builds Add /bin/sh -c to entrypoint in config image_test: Improve the test Fix README example of buildah config buildah-image: add validation to 'format' Simple changes to allow buildah to pass make validate Clarify the use of buildah config options containers_test: Perfect testing buildah images and podman images are listing different sizes buildah-containers: add tests and example to the man page buildah-containers: add validation to 'format' Clarify the use of buildah config options Minor fix for lighttpd example in README Add tls-verification to troubleshooting Modify buildah rmi to account for changes in containers/storage Vendor in latest containers/image and containers/storage addcopy: add src validation Remove tarball as an option from buildah push --help Fix secrets patch Update entrypoint behaviour to match docker Display imageId after commit config: add support for StopSignal Fix docker login issue in travis.yml Allow referencing stages as index and names Add multi-stage builds tests Add multi-stage builds support Add accessor functions for comment and stop signal Vendor in latest imagebuilder, to get mixed case AS support Allow umount to have multi-containers Update buildah push doc buildah bud walks symlinks Imagename is required for commit atm, update manpage ## 0.16.0 (2018-04-08) Bump to v0.16.0 Remove requires for ostree-lib in rpm spec file Add support for shell buildah.spec should require ostree-libs Vendor in latest containers/image bash: prefer options Change image time to locale, add troubleshooting.md, add logo to other mds buildah-run.md: fix error SYNOPSIS docs: fix error example Allow --cmd parameter to have commands as values Touchup README to re-enable logo Clean up README.md Make default-mounts-file a hidden option Document the mounts.conf file Fix man pages to format correctly Add various transport support to buildah from Add unit tests to run.go If the user overrides the storage driver, the options should be dropped Show Config/Manifest as JSON string in inspect when format is not set Switch which for that in README.md Remove COPR Fix wrong order of parameters Vendor in latest containers/image Remove shallowCopy(), which shouldn't be saving us time any more shallowCopy: avoid a second read of the container's layer ## 0.5 - 2017-11-07 Add secrets patch to buildah Add proper SELinux labeling to buildah run Add tls-verify to bud command Make filtering by date use the image's date images: don't list unnamed images twice Fix timeout issue Add further tty verbiage to buildah run Make inspect try an image on failure if type not specified Add support for `buildah run --hostname` Tons of bug fixes and code cleanup ## 0.4 - 2017-09-22 ### Added Update buildah spec file to match new version Bump to version 0.4 Add default transport to push if not provided Add authentication to commit and push Remove --transport flag Run: don't complain about missing volume locations Add credentials to buildah from Remove export command Bump containers/storage and containers/image ## 0.3 - 2017-07-20 ## 0.2 - 2017-07-18 ### Added Vendor in latest containers/image and containers/storage Update image-spec and runtime-spec to v1.0.0 Add support for -- ending options parsing to buildah run Add/Copy need to support glob syntax Add flag to remove containers on commit Add buildah export support update 'buildah images' and 'buildah rmi' commands buildah containers/image: Add JSON output option Add 'buildah version' command Handle "run" without an explicit command correctly Ensure volume points get created, and with perms Add a -a/--all option to "buildah containers" ## 0.1 - 2017-06-14 ### Added Vendor in latest container/storage container/image Add a "push" command Add an option to specify a Create date for images Allow building a source image from another image Improve buildah commit performance Add a --volume flag to "buildah run" Fix inspect/tag-by-truncated-image-ID Include image-spec and runtime-spec versions buildah mount command should list mounts when no arguments are given. Make the output image format selectable commit images in multiple formats Also import configurations from V2S1 images Add a "tag" command Add an "inspect" command Update reference comments for docker types origins Improve configuration preservation in imagebuildah Report pull/commit progress by default Contribute buildah.spec Remove --mount from buildah-from Add a build-using-dockerfile command (alias: bud) Create manpages for the buildah project Add installation for buildah and bash completions Rename "list"/"delete" to "containers"/"rm" Switch `buildah list quiet` option to only list container id's buildah delete should be able to delete multiple containers Correctly set tags on the names of pulled images Don't mix "config" in with "run" and "commit" Add a "list" command, for listing active builders Add "add" and "copy" commands Add a "run" command, using runc Massive refactoring Make a note to distinguish compression of layers ## 0.0 - 2017-01-26 ### Added Initial version, needs work