import buildah-1.15.0-1.module+el8.3.0+7084+c16098dd

This commit is contained in:
CentOS Sources 2020-07-28 06:12:22 -04:00 committed by Stepan Oksanichenko
parent 5b41428b58
commit b0d8263168
4 changed files with 41 additions and 164 deletions

View File

@ -1 +1 @@
da35ceecbee25d37313869956f602161fc282153 SOURCES/buildah-9513cb8.tar.gz 3e581c62c1ee59b9cc1c2892287c65800d25142c SOURCES/v1.15.0.tar.gz

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/buildah-9513cb8.tar.gz SOURCES/v1.15.0.tar.gz

View File

@ -1,153 +0,0 @@
From f09346578021c12069b6deb9487a1462b8d28a83 Mon Sep 17 00:00:00 2001
From: Nalin Dahyabhai <nalin@redhat.com>
Date: Thu, 21 Nov 2019 15:32:41 -0500
Subject: [PATCH 1/3] bind: don't complain about missing mountpoints
When we go to unmount a tree of mounts, if one of the directories isn't
there, instead of returning an error as before, log a debug message and
keep going.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
---
bind/mount.go | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/bind/mount.go b/bind/mount.go
index e1ae323b9..adde901fd 100644
--- a/bind/mount.go
+++ b/bind/mount.go
@@ -264,6 +264,10 @@ func UnmountMountpoints(mountpoint string, mountpointsToRemove []string) error {
mount := getMountByID(id)
// check if this mountpoint is mounted
if err := unix.Lstat(mount.Mountpoint, &st); err != nil {
+ if os.IsNotExist(err) {
+ logrus.Debugf("mountpoint %q is not present(?), skipping", mount.Mountpoint)
+ continue
+ }
return errors.Wrapf(err, "error checking if %q is mounted", mount.Mountpoint)
}
if mount.Major != int(unix.Major(st.Dev)) || mount.Minor != int(unix.Minor(st.Dev)) {
From c5fb681a6082b78c422eb3531667dc6d607a9355 Mon Sep 17 00:00:00 2001
From: Nalin Dahyabhai <nalin@redhat.com>
Date: Fri, 22 Nov 2019 14:22:26 -0500
Subject: [PATCH 2/3] chroot: Unmount with MNT_DETACH instead of
UnmountMountpoints()
Unmounting the rootfs with MNT_DETACH should unmount everything below
it, so we don't need to use the more exhaustive method that our bind
package uses for its bind mounts.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
---
chroot/run.go | 25 +++++++++++++++----------
1 file changed, 15 insertions(+), 10 deletions(-)
diff --git a/chroot/run.go b/chroot/run.go
index fbccbcdb0..76ac78d1f 100644
--- a/chroot/run.go
+++ b/chroot/run.go
@@ -15,6 +15,7 @@ import (
"strings"
"sync"
"syscall"
+ "time"
"unsafe"
"github.com/containers/buildah/bind"
@@ -1002,12 +1003,19 @@ func isDevNull(dev os.FileInfo) bool {
// callback that will clean up its work.
func setupChrootBindMounts(spec *specs.Spec, bundlePath string) (undoBinds func() error, err error) {
var fs unix.Statfs_t
- removes := []string{}
undoBinds = func() error {
- if err2 := bind.UnmountMountpoints(spec.Root.Path, removes); err2 != nil {
- logrus.Warnf("pkg/chroot: error unmounting %q: %v", spec.Root.Path, err2)
- if err == nil {
- err = err2
+ if err2 := unix.Unmount(spec.Root.Path, unix.MNT_DETACH); err2 != nil {
+ retries := 0
+ for (err2 == unix.EBUSY || err2 == unix.EAGAIN) && retries < 50 {
+ time.Sleep(50 * time.Millisecond)
+ err2 = unix.Unmount(spec.Root.Path, unix.MNT_DETACH)
+ retries++
+ }
+ if err2 != nil {
+ logrus.Warnf("pkg/chroot: error unmounting %q (retried %d times): %v", spec.Root.Path, retries, err2)
+ if err == nil {
+ err = err2
+ }
}
}
return err
@@ -1096,6 +1104,7 @@ func setupChrootBindMounts(spec *specs.Spec, bundlePath string) (undoBinds func(
// Add /sys/fs/selinux to the set of masked paths, to ensure that we don't have processes
// attempting to interact with labeling, when they aren't allowed to do so.
spec.Linux.MaskedPaths = append(spec.Linux.MaskedPaths, "/sys/fs/selinux")
+
// Bind mount in everything we've been asked to mount.
for _, m := range spec.Mounts {
// Skip anything that we just mounted.
@@ -1141,13 +1150,11 @@ func setupChrootBindMounts(spec *specs.Spec, bundlePath string) (undoBinds func(
if !os.IsNotExist(err) {
return undoBinds, errors.Wrapf(err, "error examining %q for mounting in mount namespace", target)
}
- // The target isn't there yet, so create it, and make a
- // note to remove it later.
+ // The target isn't there yet, so create it.
if srcinfo.IsDir() {
if err = os.MkdirAll(target, 0111); err != nil {
return undoBinds, errors.Wrapf(err, "error creating mountpoint %q in mount namespace", target)
}
- removes = append(removes, target)
} else {
if err = os.MkdirAll(filepath.Dir(target), 0111); err != nil {
return undoBinds, errors.Wrapf(err, "error ensuring parent of mountpoint %q (%q) is present in mount namespace", target, filepath.Dir(target))
@@ -1157,7 +1164,6 @@ func setupChrootBindMounts(spec *specs.Spec, bundlePath string) (undoBinds func(
return undoBinds, errors.Wrapf(err, "error creating mountpoint %q in mount namespace", target)
}
file.Close()
- removes = append(removes, target)
}
}
requestFlags := bindFlags
@@ -1266,7 +1272,6 @@ func setupChrootBindMounts(spec *specs.Spec, bundlePath string) (undoBinds func(
if err := os.Mkdir(roEmptyDir, 0700); err != nil {
return undoBinds, errors.Wrapf(err, "error creating empty directory %q", roEmptyDir)
}
- removes = append(removes, roEmptyDir)
}
// Set up any masked paths that we need to. If we're running inside of
From ec1be6a51941e10b5316c911ef97c88940f7c095 Mon Sep 17 00:00:00 2001
From: Nalin Dahyabhai <nalin@redhat.com>
Date: Fri, 22 Nov 2019 14:52:25 -0500
Subject: [PATCH 3/3] overlay.bats typo: fuse-overlays should be fuse-overlayfs
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
---
tests/overlay.bats | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/tests/overlay.bats b/tests/overlay.bats
index 04056f680..7cc2d0c62 100644
--- a/tests/overlay.bats
+++ b/tests/overlay.bats
@@ -3,14 +3,14 @@
load helpers
@test "overlay specific level" {
- if test \! -e /usr/bin/fuse-overlays -a "$BUILDAH_ISOLATION" = "rootless"; then
+ if test \! -e /usr/bin/fuse-overlayfs -a "$BUILDAH_ISOLATION" = "rootless"; then
skip "BUILDAH_ISOLATION = $BUILDAH_ISOLATION" and no /usr/bin/fuse-overlayfs present
fi
image=alpine
mkdir ${TESTDIR}/lower
touch ${TESTDIR}/lower/foo
-cid=$(buildah --log-level=error from -v ${TESTDIR}/lower:/lower:O --quiet --signature-policy ${TESTSDIR}/policy.json $image)
+ cid=$(buildah --log-level=error from -v ${TESTDIR}/lower:/lower:O --quiet --signature-policy ${TESTSDIR}/policy.json $image)
# This should succeed
run_buildah --log-level=error run $cid ls /lower/foo

View File

@ -20,18 +20,16 @@ go build -buildmode pie -compiler gc -tags="rpm_crashtraceback libtrust_openssl
# https://github.com/containers/buildah # https://github.com/containers/buildah
%global import_path %{provider}.%{provider_tld}/%{project}/%{repo} %global import_path %{provider}.%{provider_tld}/%{project}/%{repo}
%global git0 https://%{import_path} %global git0 https://%{import_path}
%global commit0 9513cb8c7bec0f7789c696aee4d252ebf85194cc
%global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
Name: %{repo} Name: %{repo}
Version: 1.11.6 Version: 1.15.0
Release: 4%{?dist} Release: 1%{?dist}
Summary: A command line tool used for creating OCI Images Summary: A command line tool used for creating OCI Images
License: ASL 2.0 License: ASL 2.0
URL: https://%{name}.io URL: https://%{name}.io
Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz # Build fails with: No matching package to install: 'golang >= 1.12.12-4' on i686
Patch0: https://patch-diff.githubusercontent.com/raw/containers/buildah/pull/1996.patch ExcludeArch: i686
Source0: %{git0}/archive/v%{version}.tar.gz
BuildRequires: golang >= 1.12.12-4 BuildRequires: golang >= 1.12.12-4
BuildRequires: git BuildRequires: git
BuildRequires: glib2-devel BuildRequires: glib2-devel
@ -45,7 +43,7 @@ BuildRequires: libassuan-devel
BuildRequires: make BuildRequires: make
Requires: runc >= 1.0.0-26 Requires: runc >= 1.0.0-26
Requires: containers-common Requires: containers-common
Requires: container-selinux Recommends: container-selinux
Requires: slirp4netns >= 0.3-0 Requires: slirp4netns >= 0.3-0
%description %description
@ -70,7 +68,7 @@ Requires: golang
This package contains system tests for %{name} This package contains system tests for %{name}
%prep %prep
%autosetup -Sgit -n %{name}-%{commit0} %autosetup -Sgit
sed -i 's/GOMD2MAN =/GOMD2MAN ?=/' docs/Makefile sed -i 's/GOMD2MAN =/GOMD2MAN ?=/' docs/Makefile
sed -i '/docs install/d' Makefile sed -i '/docs install/d' Makefile
@ -117,6 +115,38 @@ make DESTDIR=%{buildroot} PREFIX=%{_prefix} -C docs install
%{_datadir}/%{name}/test %{_datadir}/%{name}/test
%changelog %changelog
* Thu Jun 18 2020 Jindrich Novy <jnovy@redhat.com> - 1.15.0-1
- update to https://github.com/containers/buildah/releases/tag/v1.15.0
- Related: #1821193
* Wed Jun 10 2020 Jindrich Novy <jnovy@redhat.com> - 1.14.9-2
- exclude i686 arch
- Related: #1821193
* Tue May 19 2020 Jindrich Novy <jnovy@redhat.com> - 1.14.9-1
- update to https://github.com/containers/buildah/releases/tag/v1.14.9
- Related: #1821193
* Tue May 12 2020 Jindrich Novy <jnovy@redhat.com> - 1.14.8-1
- synchronize containter-tools 8.3.0 with 8.2.1
- Related: #1821193
* Wed Apr 01 2020 Jindrich Novy <jnovy@redhat.com> - 1.11.6-8
- fix "CVE-2020-10696 buildah: crafted input tar file may lead to local file overwriting during image build process"
- Resolves: #1819810
* Mon Feb 24 2020 Jindrich Novy <jnovy@redhat.com> - 1.11.6-7
- fix "COPY command takes long time with buildah"
- Resolves: #1806120
* Mon Feb 17 2020 Jindrich Novy <jnovy@redhat.com> - 1.11.6-6
- fix CVE-2020-1702
- Resolves: #1801926
* Thu Feb 13 2020 Jindrich Novy <jnovy@redhat.com> - 1.11.6-5
- adding the first phase of FIPS fix
- Related: #1784952
* Wed Dec 11 2019 Jindrich Novy <jnovy@redhat.com> - 1.11.6-4 * Wed Dec 11 2019 Jindrich Novy <jnovy@redhat.com> - 1.11.6-4
- compile in FIPS mode - compile in FIPS mode
- Related: RHELPLAN-25139 - Related: RHELPLAN-25139