From a63fbba3f89857b5ddfb280c36392a4e4ca53b16 Mon Sep 17 00:00:00 2001 From: Nalin Dahyabhai Date: Wed, 26 Jun 2024 11:30:26 -0400 Subject: [PATCH 1/2] bump github.com/openshift/imagebuilder to v1.2.11 Bump github.com/openshift/imagebuilder from v1.2.10 to v1.2.11 Signed-off-by: Nalin Dahyabhai --- go.mod | 2 +- go.sum | 4 +- .../openshift/imagebuilder/builder.go | 21 +++++- .../openshift/imagebuilder/dispatchers.go | 73 ++++++++++++++++--- .../imagebuilder/dockerclient/client.go | 12 +++ .../openshift/imagebuilder/imagebuilder.spec | 2 +- vendor/modules.txt | 2 +- 7 files changed, 98 insertions(+), 18 deletions(-) diff --git a/go.mod b/go.mod index 2f6c4e62bdc..91a6818744b 100644 --- a/go.mod +++ b/go.mod @@ -41,7 +41,7 @@ require ( github.com/opencontainers/runtime-spec v1.2.0 github.com/opencontainers/runtime-tools v0.9.1-0.20230914150019-408c51e934dc github.com/opencontainers/selinux v1.11.0 - github.com/openshift/imagebuilder v1.2.10 + github.com/openshift/imagebuilder v1.2.11 github.com/seccomp/libseccomp-golang v0.10.0 github.com/sirupsen/logrus v1.9.3 github.com/spf13/cobra v1.8.1 diff --git a/go.sum b/go.sum index ed84ad9db8a..c8af96240ef 100644 --- a/go.sum +++ b/go.sum @@ -279,8 +279,8 @@ github.com/opencontainers/runtime-tools v0.9.1-0.20230914150019-408c51e934dc h1: github.com/opencontainers/runtime-tools v0.9.1-0.20230914150019-408c51e934dc/go.mod h1:8tx1helyqhUC65McMm3x7HmOex8lO2/v9zPuxmKHurs= github.com/opencontainers/selinux v1.11.0 h1:+5Zbo97w3Lbmb3PeqQtpmTkMwsW5nRI3YaLpt7tQ7oU= github.com/opencontainers/selinux v1.11.0/go.mod h1:E5dMC3VPuVvVHDYmi78qvhJp8+M586T4DlDRYpFkyec= -github.com/openshift/imagebuilder v1.2.10 h1:n0BS4R6D4jFdWWuuV1RmeqDabOAbKpq90F4ygzCo1es= -github.com/openshift/imagebuilder v1.2.10/go.mod h1:KkkXOyRjJlZEXWQtHNBNzVHqh4vf/0xX5cDIQ2gr+5I= +github.com/openshift/imagebuilder v1.2.11 h1:4EmEMyiLr7jlskS1h6V6smdcrQSGLRdcIeaXeV3F8EM= +github.com/openshift/imagebuilder v1.2.11/go.mod h1:KkkXOyRjJlZEXWQtHNBNzVHqh4vf/0xX5cDIQ2gr+5I= github.com/ostreedev/ostree-go v0.0.0-20210805093236-719684c64e4f h1:/UDgs8FGMqwnHagNDPGOlts35QkhAZ8by3DR7nMih7M= github.com/ostreedev/ostree-go v0.0.0-20210805093236-719684c64e4f/go.mod h1:J6OG6YJVEWopen4avK3VNQSnALmmjvniMmni/YFYAwc= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= diff --git a/vendor/github.com/openshift/imagebuilder/builder.go b/vendor/github.com/openshift/imagebuilder/builder.go index 5776f4812e2..51ce6d2ad14 100644 --- a/vendor/github.com/openshift/imagebuilder/builder.go +++ b/vendor/github.com/openshift/imagebuilder/builder.go @@ -30,12 +30,29 @@ type Copy struct { Download bool // If set, the owner:group for the destination. This value is passed // to the executor for handling. - Chown string - Chmod string + Chown string + Chmod string + // If set, a checksum which the source must match, or be rejected. Checksum string // Additional files which need to be created by executor for this // instruction. Files []File + // If set, when the source is a URL for a remote Git repository, + // refrain from stripping out the .git subdirectory after cloning it. + KeepGitDir bool + // If set, instead of adding these items to the rootfs and picking them + // up as part of a subsequent diff generation, build an archive of them + // and include it as an independent layer. + Link bool + // If set, preserve leading directories in the paths of items being + // copied, relative to either the top of the build context, or to the + // "pivot point", a location in the source path marked by a path + // component named "." (i.e., where "/./" occurs in the path). + Parents bool + // Exclusion patterns, a la .dockerignore, relative to either the top + // of a directory tree being copied, or the "pivot point", a location + // in the source path marked by a path component named ".". + Excludes []string } // File defines if any additional file needs to be created diff --git a/vendor/github.com/openshift/imagebuilder/dispatchers.go b/vendor/github.com/openshift/imagebuilder/dispatchers.go index 3cfdf3549fd..ec929283437 100644 --- a/vendor/github.com/openshift/imagebuilder/dispatchers.go +++ b/vendor/github.com/openshift/imagebuilder/dispatchers.go @@ -168,6 +168,9 @@ func add(b *Builder, args []string, attributes map[string]bool, flagArgs []strin var chown string var chmod string var checksum string + var keepGitDir bool + var link bool + var excludes []string last := len(args) - 1 dest := makeAbsolute(args[last], b.RunConfig.WorkingDir) filteredUserArgs := make(map[string]string) @@ -199,8 +202,22 @@ func add(b *Builder, args []string, attributes map[string]bool, flagArgs []strin if checksum == "" { return fmt.Errorf("no value specified for --checksum=") } + case arg == "--link", arg == "--link=true": + link = true + case arg == "--link=false": + link = false + case arg == "--keep-git-dir", arg == "--keep-git-dir=true": + keepGitDir = true + case arg == "--keep-git-dir=false": + keepGitDir = false + case strings.HasPrefix(arg, "--exclude="): + exclude := strings.TrimPrefix(arg, "--exclude=") + if exclude == "" { + return fmt.Errorf("no value specified for --exclude=") + } + excludes = append(excludes, exclude) default: - return fmt.Errorf("ADD only supports the --chmod=, --chown=, and --checksum= flags") + return fmt.Errorf("ADD only supports the --chmod=, --chown=, --checksum=, --link, --keep-git-dir, and --exclude= flags") } } files, err := processHereDocs(buildkitcommand.Add, original, heredocs, userArgs) @@ -208,13 +225,17 @@ func add(b *Builder, args []string, attributes map[string]bool, flagArgs []strin return err } b.PendingCopies = append(b.PendingCopies, Copy{ - Src: args[0:last], - Dest: dest, - Download: true, - Chown: chown, - Chmod: chmod, - Checksum: checksum, - Files: files}) + Src: args[0:last], + Dest: dest, + Download: true, + Chown: chown, + Chmod: chmod, + Checksum: checksum, + Files: files, + KeepGitDir: keepGitDir, + Link: link, + Excludes: excludes, + }) return nil } @@ -230,6 +251,9 @@ func dispatchCopy(b *Builder, args []string, attributes map[string]bool, flagArg var chown string var chmod string var from string + var link bool + var parents bool + var excludes []string userArgs := mergeEnv(envMapAsSlice(b.Args), b.Env) for _, a := range flagArgs { arg, err := ProcessWord(a, userArgs) @@ -253,15 +277,40 @@ func dispatchCopy(b *Builder, args []string, attributes map[string]bool, flagArg if from == "" { return fmt.Errorf("no value specified for --from=") } + case arg == "--link", arg == "--link=true": + link = true + case arg == "--link=false": + link = false + case arg == "--parents", arg == "--parents=true": + parents = true + case arg == "--parents=false": + parents = false + case strings.HasPrefix(arg, "--exclude="): + exclude := strings.TrimPrefix(arg, "--exclude=") + if exclude == "" { + return fmt.Errorf("no value specified for --exclude=") + } + excludes = append(excludes, exclude) default: - return fmt.Errorf("COPY only supports the --chmod= --chown= and the --from= flags") + return fmt.Errorf("COPY only supports the --chmod=, --chown=, --from=, --link, --parents, and --exclude= flags") } } files, err := processHereDocs(buildkitcommand.Copy, original, heredocs, userArgs) if err != nil { return err } - b.PendingCopies = append(b.PendingCopies, Copy{From: from, Src: args[0:last], Dest: dest, Download: false, Chown: chown, Chmod: chmod, Files: files}) + b.PendingCopies = append(b.PendingCopies, Copy{ + From: from, + Src: args[0:last], + Dest: dest, + Download: false, + Chown: chown, + Chmod: chmod, + Files: files, + Link: link, + Parents: parents, + Excludes: excludes, + }) return nil } @@ -308,7 +357,7 @@ func from(b *Builder, args []string, attributes map[string]bool, flagArgs []stri } } for _, a := range flagArgs { - arg, err := ProcessWord(a, userArgs) + arg, err := ProcessWord(a, nameArgs) if err != nil { return err } @@ -768,6 +817,8 @@ func shell(b *Builder, args []string, attributes map[string]bool, flagArgs []str return nil } +// checkChmodConversion makes sure that the argument to a --chmod= flag for +// COPY or ADD is an octal number func checkChmodConversion(chmod string) error { _, err := strconv.ParseUint(chmod, 8, 32) if err != nil { diff --git a/vendor/github.com/openshift/imagebuilder/dockerclient/client.go b/vendor/github.com/openshift/imagebuilder/dockerclient/client.go index 7e9f35681a4..058dedd7215 100644 --- a/vendor/github.com/openshift/imagebuilder/dockerclient/client.go +++ b/vendor/github.com/openshift/imagebuilder/dockerclient/client.go @@ -882,6 +882,18 @@ func (e *ClientExecutor) Copy(excludes []string, copies ...imagebuilder.Copy) er if copy.Checksum != "" { return fmt.Errorf("ADD --checksum not supported") } + if copy.Link { + return fmt.Errorf("ADD or COPY --link not supported") + } + if copy.Parents { + return fmt.Errorf("COPY --parents not supported") + } + if copy.KeepGitDir { + return fmt.Errorf("ADD --keep-git-dir not supported") + } + if len(copy.Excludes) > 0 { + return fmt.Errorf("ADD or COPY --exclude not supported") + } if len(copy.Files) > 0 { return fmt.Errorf("Heredoc syntax is not supported") } diff --git a/vendor/github.com/openshift/imagebuilder/imagebuilder.spec b/vendor/github.com/openshift/imagebuilder/imagebuilder.spec index 21b1014b493..4e0c3f9b57a 100644 --- a/vendor/github.com/openshift/imagebuilder/imagebuilder.spec +++ b/vendor/github.com/openshift/imagebuilder/imagebuilder.spec @@ -12,7 +12,7 @@ # %global golang_version 1.19 -%{!?version: %global version 1.2.10} +%{!?version: %global version 1.2.11} %{!?release: %global release 1} %global package_name imagebuilder %global product_name Container Image Builder diff --git a/vendor/modules.txt b/vendor/modules.txt index 2c1bbac4318..d36a18e2477 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -641,7 +641,7 @@ github.com/opencontainers/selinux/go-selinux github.com/opencontainers/selinux/go-selinux/label github.com/opencontainers/selinux/pkg/pwalk github.com/opencontainers/selinux/pkg/pwalkdir -# github.com/openshift/imagebuilder v1.2.10 +# github.com/openshift/imagebuilder v1.2.11 ## explicit; go 1.19 github.com/openshift/imagebuilder github.com/openshift/imagebuilder/dockerclient From d6771f81afd74e4f1a4a7ad5434f63d72c253de2 Mon Sep 17 00:00:00 2001 From: Nalin Dahyabhai Date: Tue, 25 Jun 2024 11:36:14 -0400 Subject: [PATCH 2/2] imagebuildah.StageExecutor.Copy(): reject new flags for now Reject the new ADD --keep-git-dir, COPY --parents, and ADD/COPY --link and ADD/COPY --exclude flags. The behavior they ask for isn't implemented (yet), and rejecting the flags outright is far preferable to quietly ignoring them. Signed-off-by: Nalin Dahyabhai --- imagebuildah/stage_executor.go | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/imagebuildah/stage_executor.go b/imagebuildah/stage_executor.go index 1723c8aab96..4f89a0eb860 100644 --- a/imagebuildah/stage_executor.go +++ b/imagebuildah/stage_executor.go @@ -349,6 +349,26 @@ func (s *StageExecutor) volumeCacheRestore() error { // Copy copies data into the working tree. The "Download" field is how // imagebuilder tells us the instruction was "ADD" and not "COPY". func (s *StageExecutor) Copy(excludes []string, copies ...imagebuilder.Copy) error { + for _, cp := range copies { + if cp.KeepGitDir { + if cp.Download { + return errors.New("ADD --keep-git-dir is not supported") + } + return errors.New("COPY --keep-git-dir is not supported") + } + if cp.Link { + return errors.New("COPY --link is not supported") + } + if cp.Parents { + return errors.New("COPY --parents is not supported") + } + if len(cp.Excludes) > 0 { + if cp.Download { + return errors.New("ADD --excludes is not supported") + } + return errors.New("COPY --excludes is not supported") + } + } s.builder.ContentDigester.Restart() return s.performCopy(excludes, copies...) }