diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-16 17:12:05 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-16 17:12:05 +0000 |
commit | 50fd1ac6ebe12ac89624471e88db8f8977ab1e62 (patch) | |
tree | 36beefd1f3e22a8aa02607916b397a93540c804b | |
parent | Adding upstream version 1.33.5+ds1. (diff) | |
download | golang-github-containers-buildah-50fd1ac6ebe12ac89624471e88db8f8977ab1e62.tar.xz golang-github-containers-buildah-50fd1ac6ebe12ac89624471e88db8f8977ab1e62.zip |
Adding debian version 1.33.5+ds1-4.debian/1.33.5+ds1-4debian
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
-rw-r--r-- | debian/README.Debian | 34 | ||||
l--------- | debian/buildah.bash-completion | 1 | ||||
-rw-r--r-- | debian/buildah.docs | 4 | ||||
-rw-r--r-- | debian/buildah.examples | 3 | ||||
-rw-r--r-- | debian/buildah.install | 1 | ||||
-rw-r--r-- | debian/buildah.manpages | 1 | ||||
-rw-r--r-- | debian/changelog | 524 | ||||
-rw-r--r-- | debian/clean | 2 | ||||
-rw-r--r-- | debian/control | 139 | ||||
-rw-r--r-- | debian/copyright | 53 | ||||
-rw-r--r-- | debian/gbp.conf | 2 | ||||
-rw-r--r-- | debian/gitlab-ci.yml | 6 | ||||
-rw-r--r-- | debian/golang-github-containers-buildah-dev.install | 1 | ||||
-rw-r--r-- | debian/patches/avoid-buildkit-checksum.patch | 286 | ||||
-rw-r--r-- | debian/patches/avoid-buildkit-heredoc.patch | 346 | ||||
-rw-r--r-- | debian/patches/manpage-fixes.patch | 10 | ||||
-rw-r--r-- | debian/patches/root-testfail-ignore.patch | 28 | ||||
-rw-r--r-- | debian/patches/series | 4 | ||||
-rwxr-xr-x | debian/rules | 35 | ||||
-rw-r--r-- | debian/source/format | 1 | ||||
-rw-r--r-- | debian/source/lintian-overrides | 2 | ||||
-rw-r--r-- | debian/upstream/metadata | 5 | ||||
-rw-r--r-- | debian/watch | 13 |
23 files changed, 1501 insertions, 0 deletions
diff --git a/debian/README.Debian b/debian/README.Debian new file mode 100644 index 0000000..89a182d --- /dev/null +++ b/debian/README.Debian @@ -0,0 +1,34 @@ +User Namespaces +=============== + +Buildah requires a Linux Kernel with userspaces enabled. Debian +Kernels have that functionality, but the local system administrator +needs to enable it manually, with a command like this: + +sudo sysctl -w kernel.unprivileged_userns_clone=1 + + -- Reinhard Tartler <siretart@tauware.de>, Mon, 21 Oct 2019 17:57:44 -0400 + + +Troubleshooting rootless mode +============================= + +> Error processing tar file(exit status 1): there might not be enough IDs +> available in the namespace (requested 0:42 for /etc/gshadow): +> lchown/etc/gshadow: invalid argument + +This probably means that _subuid_ range is not defined in the "/etc/subuid" +file. On up-to-date system subuid/subgid ranges are automatically assigned +when a new user is added (e.g. `adduser {USER}`) but on systems upgraded +from prior Debian releases {USER} created in old environment before upgrade +may not have _subuid_ mapping. + +"usermod" command have "--add-subuids" and "--add-subgids" options but it +does not check "/etc/login.defs" for ranges. +An awkward solution may be to add a new temporary user, apply her ranges to +{USER} (in "/etc/subuid" and in "/etc/subgid") then remove a temporary user +(e.g. `deluser --remove-home {USER}`). + +The following command show the subuids and subgids of the current user: + + cat /etc/s*id|grep $USER diff --git a/debian/buildah.bash-completion b/debian/buildah.bash-completion new file mode 120000 index 0000000..4627317 --- /dev/null +++ b/debian/buildah.bash-completion @@ -0,0 +1 @@ +../contrib/completions/bash/buildah
\ No newline at end of file diff --git a/debian/buildah.docs b/debian/buildah.docs new file mode 100644 index 0000000..363d7f6 --- /dev/null +++ b/debian/buildah.docs @@ -0,0 +1,4 @@ +docs/release-announcements +docs/tutorials +docs/*.md +README* diff --git a/debian/buildah.examples b/debian/buildah.examples new file mode 100644 index 0000000..4b71142 --- /dev/null +++ b/debian/buildah.examples @@ -0,0 +1,3 @@ +docs/cni-examples +docs/samples/* +tests/policy.json diff --git a/debian/buildah.install b/debian/buildah.install new file mode 100644 index 0000000..e772481 --- /dev/null +++ b/debian/buildah.install @@ -0,0 +1 @@ +usr/bin diff --git a/debian/buildah.manpages b/debian/buildah.manpages new file mode 100644 index 0000000..7fc9e0a --- /dev/null +++ b/debian/buildah.manpages @@ -0,0 +1 @@ +docs/*.1 diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 0000000..6261715 --- /dev/null +++ b/debian/changelog @@ -0,0 +1,524 @@ +golang-github-containers-buildah (1.33.5+ds1-4) unstable; urgency=medium + + * Upload to unstable + + -- Reinhard Tartler <siretart@tauware.de> Wed, 07 Feb 2024 05:49:12 -0500 + +golang-github-containers-buildah (1.33.5+ds1-3) experimental; urgency=medium + + * New upstream release + + -- Reinhard Tartler <siretart@tauware.de> Tue, 06 Feb 2024 08:03:55 -0500 + +golang-github-containers-buildah (1.33.3+ds1-2) unstable; urgency=medium + + * Upload to unstable + + -- Reinhard Tartler <siretart@tauware.de> Thu, 25 Jan 2024 06:44:38 -0500 + +golang-github-containers-buildah (1.33.3+ds1-1) experimental; urgency=medium + + * New upstream version + + -- Reinhard Tartler <siretart@tauware.de> Tue, 23 Jan 2024 20:24:22 -0500 + +golang-github-containers-buildah (1.33.1+ds1-2) unstable; urgency=medium + + * Upload to unstable + + -- Reinhard Tartler <siretart@tauware.de> Sun, 21 Jan 2024 17:24:10 -0500 + +golang-github-containers-buildah (1.33.1+ds1-1) experimental; urgency=medium + + * New upstream release + * Revert heredoc and --checksum support in Dockerfiles to workaround ancient + docker.io package in Debian, cf #1051202 + + -- Reinhard Tartler <siretart@tauware.de> Fri, 24 Nov 2023 12:43:20 +0000 + +golang-github-containers-buildah (1.32.2+ds1-1) unstable; urgency=medium + + * New upstream version + + -- Reinhard Tartler <siretart@tauware.de> Sun, 12 Nov 2023 16:33:57 -0500 + +golang-github-containers-buildah (1.32.0+ds1-2) unstable; urgency=medium + + * Upload to unstable + + -- Reinhard Tartler <siretart@tauware.de> Fri, 27 Oct 2023 09:18:17 -0400 + +golang-github-containers-buildah (1.32.0+ds1-1) experimental; urgency=medium + + * New upstream version + * install entrypoint.gz for embedding + * tighten dependency on containers/common + * root-testfail-ignore.patch: fix FTBFS + + -- Reinhard Tartler <siretart@tauware.de> Sat, 23 Sep 2023 16:39:30 -0400 + +golang-github-containers-buildah (1.31.2+ds1-3) unstable; urgency=medium + + * Source-only reupload + + -- Reinhard Tartler <siretart@tauware.de> Wed, 20 Sep 2023 12:44:07 -0400 + +golang-github-containers-buildah (1.31.2+ds1-2) unstable; urgency=medium + + [ Sam Morris ] + * Build with libsubid (Closes: 1033673) + + [ Reinhard Tartler ] + * Upload to unstable + + -- Reinhard Tartler <siretart@tauware.de> Wed, 20 Sep 2023 12:37:22 -0400 + +golang-github-containers-buildah (1.31.2+ds1-1) experimental; urgency=medium + + * New upstream release + * debian/control: tighten dependencies on containers/{storage,image,common} + + -- Reinhard Tartler <siretart@tauware.de> Sun, 17 Sep 2023 09:55:06 -0400 + +golang-github-containers-buildah (1.30.0+ds1-3) unstable; urgency=medium + + * Upload to unstable + + -- Reinhard Tartler <siretart@tauware.de> Sat, 09 Sep 2023 18:05:45 -0400 + +golang-github-containers-buildah (1.30.0+ds1-2) experimental; urgency=medium + + * Tighten dependencies on containers/image and openshift/imagebuilder + + -- Reinhard Tartler <siretart@tauware.de> Sat, 02 Sep 2023 21:08:59 -0400 + +golang-github-containers-buildah (1.30.0+ds1-1) experimental; urgency=medium + + * New upstream release + + -- Reinhard Tartler <siretart@tauware.de> Sat, 29 Jul 2023 17:54:15 -0400 + +golang-github-containers-buildah (1.29.0+ds1-1) experimental; urgency=medium + + * New upstream release + + -- Reinhard Tartler <siretart@tauware.de> Tue, 31 Jan 2023 19:03:50 -0500 + +golang-github-containers-buildah (1.28.2+ds1-2) experimental; urgency=medium + + * Build against containers/storage >> 1.44 + + -- Reinhard Tartler <siretart@tauware.de> Sun, 15 Jan 2023 14:49:29 -0500 + +golang-github-containers-buildah (1.28.2+ds1-3) unstable; urgency=medium + + * reupload + + -- Reinhard Tartler <siretart@tauware.de> Sat, 29 Apr 2023 15:57:39 -0400 + +golang-github-containers-buildah (1.28.2+ds1-2) unstable; urgency=medium + + [ Martin Dosch ] + * d/watch: Fix watch file. + + [ Reinhard Tartler ] + * Rebuild against golang-github-containers-storage-dev 1.43.0+ds1-8 + (Closes: #1034871) + + -- Reinhard Tartler <siretart@tauware.de> Sat, 29 Apr 2023 10:32:04 -0400 + +golang-github-containers-buildah (1.28.2+ds1-1) unstable; urgency=medium + + * New upstream version + * Bug fix: "Sticky bit isn't preserved when adding tarball", thanks + to Arnaud Rebillout for reporting (Closes: #1027259). + * Bump standards version + + -- Reinhard Tartler <siretart@tauware.de> Sat, 29 Apr 2023 10:31:38 -0400 + +golang-github-containers-buildah (1.28.0+ds1-3) unstable; urgency=medium + + * exclude "buildah/chroot" test, fixes autopkgtest failure + + -- Reinhard Tartler <siretart@tauware.de> Sun, 27 Nov 2022 11:42:54 -0500 + +golang-github-containers-buildah (1.28.0+ds1-2) unstable; urgency=medium + + * upload to unstable + + -- Reinhard Tartler <siretart@tauware.de> Thu, 24 Nov 2022 15:27:47 -0500 + +golang-github-containers-buildah (1.28.0+ds1-1) experimental; urgency=medium + + * New upstream release + new upstream version fixes CVE-2022-27651, Closes: #1009882 + + -- Reinhard Tartler <siretart@tauware.de> Sat, 12 Nov 2022 11:23:23 -0500 + +golang-github-containers-buildah (1.27.0+ds1-6) experimental; urgency=medium + + * Force building with golang-go, gccgo miscompiles at least on mips + + -- Reinhard Tartler <siretart@tauware.de> Wed, 24 Aug 2022 17:30:17 +0200 + +golang-github-containers-buildah (1.27.0+ds1-5) experimental; urgency=medium + + * also exclude running "copier" test from package build, breaks/timeouts + on arm64, armel, armhf and powerpc64 + + -- Reinhard Tartler <siretart@tauware.de> Fri, 19 Aug 2022 14:03:30 +0200 + +golang-github-containers-buildah (1.27.0+ds1-4) experimental; urgency=medium + + * also exclude running pkg/cli test from package build + + -- Reinhard Tartler <siretart@tauware.de> Fri, 19 Aug 2022 09:51:04 +0200 + +golang-github-containers-buildah (1.27.0+ds1-3) experimental; urgency=medium + + * don't run test pkg/completion at package build times + + -- Reinhard Tartler <siretart@tauware.de> Fri, 19 Aug 2022 08:59:36 +0200 + +golang-github-containers-buildah (1.27.0+ds1-2) experimental; urgency=medium + + * New upstream release + * Run tests at build time + + -- Reinhard Tartler <siretart@tauware.de> Wed, 17 Aug 2022 12:03:08 +0200 + +golang-github-containers-buildah (1.26.1+ds1-1) experimental; urgency=medium + + * New upstream release + + -- Reinhard Tartler <siretart@tauware.de> Mon, 16 May 2022 06:33:01 -0400 + +golang-github-containers-buildah (1.24.1+ds1-1) experimental; urgency=medium + + * New upstream release + + -- Reinhard Tartler <siretart@tauware.de> Mon, 14 Feb 2022 18:15:39 -0500 + +golang-github-containers-buildah (1.23.1+ds1-3) unstable; urgency=medium + + * Fix FTBFS, thanks to Lucas Nussbaum for reporting (Closes: #1011869). + + -- Reinhard Tartler <siretart@tauware.de> Wed, 08 Jun 2022 18:26:11 -0400 + +golang-github-containers-buildah (1.23.1+ds1-2) unstable; urgency=medium + + * upload to unstable + + -- Reinhard Tartler <siretart@tauware.de> Tue, 26 Oct 2021 14:38:00 -0400 + +golang-github-containers-buildah (1.23.1+ds1-1) experimental; urgency=medium + + * New upstream release + * refresh/drop patches + * Fix watch file + * Bump Standards version, no changes needed + + -- Reinhard Tartler <siretart@tauware.de> Thu, 07 Oct 2021 08:30:11 -0400 + +golang-github-containers-buildah (1.22.3+ds1-2) unstable; urgency=medium + + * Drop unneeded dependency on golang-github-openshift-api-dev + + -- Reinhard Tartler <siretart@tauware.de> Sat, 04 Sep 2021 19:24:50 +0200 + +golang-github-containers-buildah (1.22.3+ds1-1) unstable; urgency=medium + + * New upstream release (Closes: #992139) + * Add patch to manpages to fix installation to correct sections + + -- Reinhard Tartler <siretart@tauware.de> Sun, 29 Aug 2021 21:19:30 +0200 + +golang-github-containers-buildah (1.21.3+ds1-1) experimental; urgency=medium + + * New upstream release + + -- Reinhard Tartler <siretart@tauware.de> Tue, 20 Jul 2021 08:14:23 -0400 + +golang-github-containers-buildah (1.21.0+ds1-2) experimental; urgency=medium + + * Burn version number for botched previous upload + + -- Reinhard Tartler <siretart@tauware.de> Mon, 07 Jun 2021 19:06:07 -0400 + +golang-github-containers-buildah (1.21.0+ds1-1) experimental; urgency=medium + + * New upstream release + + -- Reinhard Tartler <siretart@tauware.de> Mon, 07 Jun 2021 18:57:28 -0400 + +golang-github-containers-buildah (1.20.1+ds1-2) experimental; urgency=medium + + * Build-Depend on golang-github-vbauerster-mpb-dev (>= 6) + + -- Reinhard Tartler <siretart@tauware.de> Fri, 28 May 2021 16:30:43 -0400 + +golang-github-containers-buildah (1.20.1+ds1-1) experimental; urgency=medium + + * New upstream release + * Drop dependency against golang-github-seccomp-containers-golang-dev, + thanks to Laurent Bigonville (Closes: #988444). + + -- Reinhard Tartler <siretart@tauware.de> Fri, 28 May 2021 13:35:51 -0400 + +golang-github-containers-buildah (1.19.6+dfsg1-1) unstable; urgency=medium + + * New upstream version targeted at podman 3.0 + * remove 2993.patch, merged upstream + + -- Reinhard Tartler <siretart@tauware.de> Tue, 23 Feb 2021 07:10:49 -0500 + +golang-github-containers-buildah (1.19.4+dfsg1-3) unstable; urgency=medium + + * Upload to unstable to pickup fix that closes: #982467 + * Revert "Tighten dependencies on containers/{storage,image,common}" + + -- Reinhard Tartler <siretart@tauware.de> Fri, 12 Feb 2021 06:38:06 -0500 + +golang-github-containers-buildah (1.19.4+dfsg1-2) experimental; urgency=medium + + * Cherry-pick upstream patch: Fix caching layers with build args + + -- Reinhard Tartler <siretart@tauware.de> Wed, 10 Feb 2021 12:59:27 -0500 + +golang-github-containers-buildah (1.19.4+dfsg1-1) experimental; urgency=medium + + * New upstream version 1.19.4+dfsg1 + * Tighten dependencies on containers/{storage,image,common} + * drop 2967.patch, merged upstream + + -- Reinhard Tartler <siretart@tauware.de> Tue, 09 Feb 2021 22:02:12 -0500 + +golang-github-containers-buildah (1.19.3+dfsg1-2) unstable; urgency=medium + + * Unbreak image caching (Closes: #981849) + * buildah: Add critical comma in Depends + * Revert "Disabled "Testsuite: autopkgtest-pkg-go" + + -- Reinhard Tartler <siretart@tauware.de> Fri, 05 Feb 2021 13:42:07 -0500 + +golang-github-containers-buildah (1.19.3+dfsg1-1) unstable; urgency=medium + + * Upload to unstable + * New upstream version 1.19.3+dfsg1 + + -- Reinhard Tartler <siretart@tauware.de> Tue, 02 Feb 2021 10:07:24 -0500 + +golang-github-containers-buildah (1.19.2+dfsg1-2) experimental; urgency=medium + + * No longer provide policy.json, moved to containers/common + + -- Reinhard Tartler <siretart@tauware.de> Sat, 30 Jan 2021 15:44:52 -0500 + +golang-github-containers-buildah (1.19.2+dfsg1-1) experimental; urgency=medium + + * New upstream version 1.19.2+dfsg1 + + -- Reinhard Tartler <siretart@tauware.de> Sun, 24 Jan 2021 09:07:37 -0500 + +golang-github-containers-buildah (1.18.0+dfsg1-3) unstable; urgency=medium + + * No longer provide policy.json, moved to containers/common + + -- Reinhard Tartler <siretart@tauware.de> Sat, 30 Jan 2021 10:33:21 -0500 + +golang-github-containers-buildah (1.18.0+dfsg1-2) unstable; urgency=medium + + * Upload to unstable + * explicitly depend on golang-github-seccomp-libseccomp-golang-dev + + -- Reinhard Tartler <siretart@tauware.de> Sat, 23 Jan 2021 18:31:09 -0500 + +golang-github-containers-buildah (1.18.0+dfsg1-1) experimental; urgency=medium + + * debian/control: add dep on golang-github-konsorten-go-windows-terminal-sequences-dev + * no longer install sample registries.conf + * Fix manpage installation + * dropping unused patch + * Bump standards-version, no changes needed + * New upstream version 1.18.0+dfsg1 + + -- Reinhard Tartler <siretart@tauware.de> Tue, 08 Dec 2020 15:06:53 -0500 + +golang-github-containers-buildah (1.17.1+dfsg1-1) experimental; urgency=medium + + * New upstream version 1.17.1+dfsg1 + + -- Reinhard Tartler <siretart@tauware.de> Mon, 30 Nov 2020 15:54:11 -0500 + +golang-github-containers-buildah (1.16.6+dfsg1-2) unstable; urgency=medium + + * Fix manpage installation (Closes: #977515) + * no longer install sample registries.conf + * Bump standards-version, no changes needed + + -- Reinhard Tartler <siretart@tauware.de> Tue, 15 Dec 2020 22:33:30 -0500 + +golang-github-containers-buildah (1.16.6+dfsg1-1) unstable; urgency=medium + + [ Debian Janitor ] + * Set upstream metadata fields: Bug-Database, Bug-Submit, Repository, Repository-Browse. + + [ Reinhard Tartler ] + * Bump standards version, no changes needed + * debian/changelog: upate + * debian/watch: update to match containers/storage + * debian/control: tighten dependencies + * debian/copyright: update using cme update dpkg-copyright + * New upstream version 1.16.6+dfsg1 + + -- Reinhard Tartler <siretart@tauware.de> Sun, 22 Nov 2020 17:16:10 -0500 + +golang-github-containers-buildah (1.15.2-1) unstable; urgency=medium + + * New upstream version 1.15.2 + * Bump standards version, no changes needed + + -- Reinhard Tartler <siretart@tauware.de> Sat, 12 Sep 2020 15:29:43 -0400 + +golang-github-containers-buildah (1.15.0-8) unstable; urgency=medium + + * Team upload. + * Upload to unstable. + + -- Shengjing Zhu <zhsj@debian.org> Sun, 23 Aug 2020 02:33:58 +0800 + +golang-github-containers-buildah (1.15.0-7) experimental; urgency=medium + + * Team upload. + * Fix build with latest runtime spec + + -- Shengjing Zhu <zhsj@debian.org> Wed, 19 Aug 2020 02:08:37 +0800 + +golang-github-containers-buildah (1.15.0-6) unstable; urgency=medium + + * Add missing hunk to ftbfs-mips.patch + + -- Reinhard Tartler <siretart@tauware.de> Thu, 30 Jul 2020 07:18:24 -0400 + +golang-github-containers-buildah (1.15.0-5) unstable; urgency=medium + + * Add patch to unbreak build on mips + + -- Reinhard Tartler <siretart@tauware.de> Tue, 21 Jul 2020 10:11:45 -0400 + +golang-github-containers-buildah (1.15.0-4) unstable; urgency=medium + + * Upload to unstable + + -- Reinhard Tartler <siretart@tauware.de> Mon, 20 Jul 2020 10:05:11 -0400 + +golang-github-containers-buildah (1.15.0-3) experimental; urgency=medium + + * golang-github-containers-buildah-dev: Depend on containers/common + + -- Reinhard Tartler <siretart@tauware.de> Wed, 15 Jul 2020 07:12:06 -0400 + +golang-github-containers-buildah (1.15.0-2) experimental; urgency=medium + + * Build Depend against golang-github-containers-common-dev + * Install sample registries.conf (Closes: #961497) + + -- Reinhard Tartler <siretart@tauware.de> Sun, 12 Jul 2020 21:31:38 -0400 + +golang-github-containers-buildah (1.15.0-1) experimental; urgency=medium + + * New upstream version + * Add Build-Depends: + - golang-github-containers-ocicrypt-dev + - golang-github-cyphar-filepath-securejoin-dev + - golang-github-ishidawataru-sctp-dev + * Temporarily add containers/common as a local patch + + -- Reinhard Tartler <siretart@tauware.de> Fri, 10 Jul 2020 19:41:12 -0400 + +golang-github-containers-buildah (1.11.6-2) unstable; urgency=medium + + * buildah: Replace Conflicts on fuse-overlayfs with Breaks relationship + * Add upstream patch to fix file traversal flaw + Fixes: CVE-2020-10696 + + -- Reinhard Tartler <siretart@tauware.de> Wed, 15 Jul 2020 07:30:26 -0400 + +golang-github-containers-buildah (1.11.6-1) unstable; urgency=medium + + * New upstream release. + * DH to version 12. + * (Build-)Depends: + - golang-github-boltdb-bolt-dev + + golang-github-coreos-bbolt-dev (>= 1.3.3~) + - golang-github-containerd-continuity-dev + = golang-github-containers-image-dev (>= 5.0.0~) + + golang-github-openshift-api-dev + + -- Dmitry Smirnov <onlyjob@debian.org> Fri, 03 Jan 2020 07:58:54 +1100 + +golang-github-containers-buildah (1.10.1-6) unstable; urgency=medium + + * Install "policy.json" conf file and the corresponding man page. + * Install "containers/image" man pages (Closes: #947007). + * Patch registries.conf to mention its man page. + * Suggests += "containers-storage". + (provides containers-storage.conf(5) and other man pages). + * Recommends += "crun | runc". + * Tightened "fuse-overlayfs" dependency. + * README.Debian: added "Troubleshooting rootless mode" note. + + -- Dmitry Smirnov <onlyjob@debian.org> Sun, 29 Dec 2019 19:26:18 +1100 + +golang-github-containers-buildah (1.10.1-5) unstable; urgency=medium + + * Install bash completions. + * Enabled "ostree" storage. + * Build with all security features (seccomp, selinux, apparmor). + * (Build-)Depends: + + bash-completion + + golang-github-seccomp-containers-golang-dev + + libapparmor-dev + + libostree-dev + + libselinux1-dev + + -- Dmitry Smirnov <onlyjob@debian.org> Mon, 02 Dec 2019 22:00:19 +1100 + +golang-github-containers-buildah (1.10.1-4) unstable; urgency=medium + + * Recommends += "fuse-overlayfs". + * Removed "golang-github-docker-distribution-dev" from (Build-)Depends. + * Disabled "Testsuite: autopkgtest-pkg-go" which is confused by man + pages... + + -- Dmitry Smirnov <onlyjob@debian.org> Sun, 01 Dec 2019 04:41:25 +1100 + +golang-github-containers-buildah (1.10.1-3) unstable; urgency=medium + + * Install docs and examples. + * Build and install man pages (with spelling and section corrections). + * Tightened versioned dependency on Docker. + * Use non-transitional "logrus" package. + * Corrected short package description. + * Standards-Version: 4.4.1. + * Added myself to Uploaders. + + -- Dmitry Smirnov <onlyjob@debian.org> Mon, 11 Nov 2019 15:44:08 +1100 + +golang-github-containers-buildah (1.10.1-2) unstable; urgency=medium + + * Uploda to unstable + + -- Reinhard Tartler <siretart@tauware.de> Sun, 10 Nov 2019 10:41:43 -0500 + +golang-github-containers-buildah (1.10.1-1) experimental; urgency=medium + + * New upstream version + + -- Reinhard Tartler <siretart@tauware.de> Mon, 21 Oct 2019 08:17:37 -0400 + +golang-github-containers-buildah (1.7.2-1) experimental; urgency=medium + + * Initial release (Closes: #928083) + + -- Reinhard Tartler <siretart@tauware.de> Mon, 21 Oct 2019 08:17:01 -0400 diff --git a/debian/clean b/debian/clean new file mode 100644 index 0000000..9eeb604 --- /dev/null +++ b/debian/clean @@ -0,0 +1,2 @@ +docs/*.1 +docs/containers-policy.json.5* diff --git a/debian/control b/debian/control new file mode 100644 index 0000000..34f4d90 --- /dev/null +++ b/debian/control @@ -0,0 +1,139 @@ +Source: golang-github-containers-buildah +Section: devel +Priority: optional +Maintainer: Debian Go Packaging Team <team+pkg-go@tracker.debian.org> +Uploaders: Reinhard Tartler <siretart@tauware.de>, + Dmitry Smirnov <onlyjob@debian.org>, +Build-Conflicts: golang-github-dnephin-cobra-dev +Build-Depends: debhelper-compat (= 12), bash-completion, + dh-golang, + golang-go, + golang-ginkgo-dev, + golang-github-appc-cni-dev (>= 0.7.0~~), + golang-github-containers-common-dev (>= 0.57), + golang-github-containers-image-dev (>= 5.29), + golang-github-containers-luksy-dev, + golang-github-containers-ocicrypt-dev, + golang-github-containers-storage-dev (>= 1.51), + golang-github-coreos-bbolt-dev (>= 1.3.3~), + golang-github-cyphar-filepath-securejoin-dev, + golang-github-docker-docker-dev (>= 19.03.4~), +# golang-github-docker-distribution-dev, + golang-github-docker-go-units-dev, + golang-github-fsouza-go-dockerclient-dev, + golang-github-hashicorp-go-multierror-dev, + golang-github-ishidawataru-sctp-dev, + golang-github-konsorten-go-windows-terminal-sequences-dev, + golang-github-mattn-go-shellwords-dev, + golang-github-opencontainers-go-digest-dev, + golang-github-opencontainers-image-spec-dev, + golang-github-opencontainers-runc-dev (>= 1.0.0~rc92~), + golang-github-opencontainers-runtime-tools-dev, + golang-github-opencontainers-selinux-dev, + golang-github-opencontainers-specs-dev, + golang-github-openshift-imagebuilder-dev (>= 1.2.5), + golang-github-pkg-errors-dev, + golang-github-seccomp-libseccomp-golang-dev, + golang-github-sirupsen-logrus-dev, + golang-github-spf13-cobra-dev (>= 1.2.1), + golang-github-spf13-pflag-dev, + golang-github-vbauerster-mpb-dev (>= 6), + golang-gocapability-dev, + golang-golang-x-crypto-dev, + golang-golang-x-sys-dev, + golang-gomega-dev, + go-md2man, + libapparmor-dev, + libostree-dev, + libseccomp-dev, + libselinux1-dev, + libsubid-dev, +Standards-Version: 4.6.0.1 +Homepage: https://github.com/containers/buildah +Vcs-Browser: https://salsa.debian.org/go-team/packages/golang-github-containers-buildah +Vcs-Git: https://salsa.debian.org/go-team/packages/golang-github-containers-buildah.git +XS-Go-Import-Path: github.com/containers/buildah +Testsuite: autopkgtest-pkg-go + +Package: buildah +Architecture: any +Built-Using: ${misc:Built-Using} +Depends: uidmap, + golang-github-containers-common (>> 0.57), + ${misc:Depends}, + ${shlibs:Depends} +Breaks: fuse-overlayfs (<< 0.7.1) +Recommends: ${misc:Recommends}, + fuse-overlayfs (>= 0.7.1~), + crun | runc, +Suggests: containers-storage +Description: CLI tool to facilitate building OCI images + The Buildah package provides a command line tool that can be used to + - create a working container, either from scratch or using an image as a + starting point + - create an image, either from a working container or via the + instructions in a Dockerfile + - images can be built in either the OCI image format or the traditional + upstream docker image format + - mount a working container's root filesystem for manipulation + - unmount a working container's root filesystem + - use the updated contents of a container's root filesystem as a + filesystem layer to create a new image + - delete a working container or an image + - rename a local container + . + This package contains the buildah command-line utility and provides an + interface similar to the 'docker' command. + +Package: golang-github-containers-buildah-dev +Architecture: all +Depends: ${misc:Depends}, + golang-ginkgo-dev, + golang-github-appc-cni-dev (>= 0.7.0~~), + golang-github-containers-common-dev (>> 0.56), + golang-github-containers-image-dev (>= 5.29), + golang-github-containers-luksy-dev, + golang-github-containers-ocicrypt-dev, + golang-github-containers-storage-dev (>= 1.51), + golang-github-coreos-bbolt-dev (>= 1.3.3~), + golang-github-cyphar-filepath-securejoin-dev, + golang-github-docker-docker-dev (>= 19.03.4~), +# golang-github-docker-distribution-dev, + golang-github-docker-go-units-dev, + golang-github-fsouza-go-dockerclient-dev, + golang-github-hashicorp-go-multierror-dev, + golang-github-ishidawataru-sctp-dev, + golang-github-mattn-go-shellwords-dev, + golang-github-opencontainers-go-digest-dev, + golang-github-opencontainers-image-spec-dev, + golang-github-opencontainers-runc-dev (>= 1.0.0~rc92~), + golang-github-opencontainers-runtime-tools-dev, + golang-github-opencontainers-selinux-dev, + golang-github-opencontainers-specs-dev, + golang-github-openshift-imagebuilder-dev (>= 1.2.5), + golang-github-pkg-errors-dev, + golang-github-seccomp-libseccomp-golang-dev, + golang-github-sirupsen-logrus-dev, + golang-github-spf13-cobra-dev, + golang-github-spf13-pflag-dev, + golang-gocapability-dev, + golang-golang-x-crypto-dev, + golang-golang-x-sys-dev, + golang-gomega-dev, +Description: tool to facilitate building OCI images + The Buildah package provides a command line tool that can be used to + - create a working container, either from scratch or using an image as a + starting point + - create an image, either from a working container or via the + instructions in a Dockerfile + - images can be built in either the OCI image format or the traditional + upstream docker image format + - mount a working container's root filesystem for manipulation + - unmount a working container's root filesystem + - use the updated contents of a container's root filesystem as a + filesystem layer to create a new image + - delete a working container or an image + - rename a local container + . + This package contains golang sources that other package may require for + building. diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 0000000..44b747c --- /dev/null +++ b/debian/copyright @@ -0,0 +1,53 @@ +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: buildah +Source: https://github.com/containers/buildah +Files-Excluded: + vendor + tests/tools/vendor + +Files: * +Copyright: 2017, Containers +License: Apache-2.0 + +Files: CONTRIBUTING.md +Copyright: 2004, 2006, The Linux Foundation and its contributors. +License: Apache-2.0 + +Files: contrib/buildahimage/* +Copyright: fedorainfracloud.org/coprs/rhcontainerbot/podman-next/). +License: Apache-2.0 + +Files: contrib/buildahimage/stable/* +Copyright: 2017, Containers +License: Apache-2.0 + +Files: contrib/buildahimage/testing/* +Copyright: 2017, Containers +License: Apache-2.0 + +Files: contrib/buildahimage/upstream/* +Copyright: fedorainfracloud.org/coprs/rhcontainerbot/podman-next +License: Apache-2.0 + +Files: debian/* +Copyright: + 2019 Reinhard Tartler <siretart@tauware.de> + 2019 Dmitry Smirnov <onlyjob@debian.org> +License: Apache-2.0 +Comment: Debian packaging is licensed under the same terms as upstream + +License: Apache-2.0 + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + . + http://www.apache.org/licenses/LICENSE-2.0 + . + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + . + On Debian systems, the complete text of the Apache version 2.0 license + can be found in "/usr/share/common-licenses/Apache-2.0". diff --git a/debian/gbp.conf b/debian/gbp.conf new file mode 100644 index 0000000..aceefe1 --- /dev/null +++ b/debian/gbp.conf @@ -0,0 +1,2 @@ +[DEFAULT] +debian-branch = debian/experimental diff --git a/debian/gitlab-ci.yml b/debian/gitlab-ci.yml new file mode 100644 index 0000000..594e14e --- /dev/null +++ b/debian/gitlab-ci.yml @@ -0,0 +1,6 @@ +# auto-generated, DO NOT MODIFY. +# The authoritative copy of this file lives at: +# https://salsa.debian.org/go-team/infra/pkg-go-tools/blob/master/config/gitlabciyml.go +--- +include: + - https://salsa.debian.org/go-team/infra/pkg-go-tools/-/raw/master/pipeline/test-archive.yml diff --git a/debian/golang-github-containers-buildah-dev.install b/debian/golang-github-containers-buildah-dev.install new file mode 100644 index 0000000..055832d --- /dev/null +++ b/debian/golang-github-containers-buildah-dev.install @@ -0,0 +1 @@ +usr/share/gocode/src/github.com/containers/buildah diff --git a/debian/patches/avoid-buildkit-checksum.patch b/debian/patches/avoid-buildkit-checksum.patch new file mode 100644 index 0000000..9c6d85e --- /dev/null +++ b/debian/patches/avoid-buildkit-checksum.patch @@ -0,0 +1,286 @@ +Author: Reinhard Tartler <siretart@tauware.de> +Date: Fri Nov 24 12:32:09 2023 +0000 +Description: Revert "Implement ADD checksum flag #5135" + +This is to avoid a dependency on buildkit, can probably be dropped after #1051202 + + +diff --git a/add.go b/add.go +index c61de5a49..534ef83f2 100644 +--- a/add.go ++++ b/add.go +@@ -22,7 +22,6 @@ import ( + "github.com/containers/storage/pkg/fileutils" + "github.com/containers/storage/pkg/idtools" + "github.com/hashicorp/go-multierror" +- digest "github.com/opencontainers/go-digest" + "github.com/opencontainers/runc/libcontainer/userns" + "github.com/opencontainers/runtime-spec/specs-go" + "github.com/sirupsen/logrus" +@@ -36,9 +35,6 @@ type AddAndCopyOptions struct { + // newly-added content, potentially overriding permissions which would + // otherwise be set to 0:0. + Chown string +- // Checksum is a standard container digest string (e.g. <algorithm>:<digest>) +- // and is the expected hash of the content being copied. +- Checksum string + // PreserveOwnership, if Chown is not set, tells us to avoid setting + // ownership of copied items to 0:0, instead using whatever ownership + // information is already set. Not meaningful for remote sources or +@@ -81,7 +77,7 @@ func sourceIsRemote(source string) bool { + } + + // getURL writes a tar archive containing the named content +-func getURL(src string, chown *idtools.IDPair, mountpoint, renameTarget string, writer io.Writer, chmod *os.FileMode, srcDigest digest.Digest) error { ++func getURL(src string, chown *idtools.IDPair, mountpoint, renameTarget string, writer io.Writer, chmod *os.FileMode) error { + url, err := url.Parse(src) + if err != nil { + return err +@@ -114,7 +110,7 @@ func getURL(src string, chown *idtools.IDPair, mountpoint, renameTarget string, + } + // Figure out the size of the content. + size := response.ContentLength +- var responseBody io.Reader = response.Body ++ responseBody := response.Body + if size < 0 { + // Create a temporary file and copy the content to it, so that + // we can figure out how much content there is. +@@ -134,11 +130,6 @@ func getURL(src string, chown *idtools.IDPair, mountpoint, renameTarget string, + } + responseBody = f + } +- var digester digest.Digester +- if srcDigest != "" { +- digester = srcDigest.Algorithm().Digester() +- responseBody = io.TeeReader(responseBody, digester.Hash()) +- } + // Write the output archive. Set permissions for compatibility. + tw := tar.NewWriter(writer) + defer tw.Close() +@@ -170,12 +161,6 @@ func getURL(src string, chown *idtools.IDPair, mountpoint, renameTarget string, + return fmt.Errorf("writing content from %q to tar stream: %w", src, err) + } + +- if digester != nil { +- if responseDigest := digester.Digest(); responseDigest != srcDigest { +- return fmt.Errorf("unexpected response digest for %q: %s, want %s", src, responseDigest, srcDigest) +- } +- } +- + return nil + } + +@@ -407,16 +392,9 @@ func (b *Builder) Add(destination string, extract bool, options AddAndCopyOption + var wg sync.WaitGroup + if sourceIsRemote(src) { + pipeReader, pipeWriter := io.Pipe() +- var srcDigest digest.Digest +- if options.Checksum != "" { +- srcDigest, err = digest.Parse(options.Checksum) +- if err != nil { +- return fmt.Errorf("invalid checksum flag: %w", err) +- } +- } + wg.Add(1) + go func() { +- getErr = getURL(src, chownFiles, mountPoint, renameTarget, pipeWriter, chmodDirsFiles, srcDigest) ++ getErr = getURL(src, chownFiles, mountPoint, renameTarget, pipeWriter, chmodDirsFiles) + pipeWriter.Close() + wg.Done() + }() +@@ -463,10 +441,6 @@ func (b *Builder) Add(destination string, extract bool, options AddAndCopyOption + continue + } + +- if options.Checksum != "" { +- return fmt.Errorf("checksum flag is not supported for local sources") +- } +- + // Dig out the result of running glob+stat on this source spec. + var localSourceStat *copier.StatsForGlob + for _, st := range localSourceStats { +diff --git a/cmd/buildah/addcopy.go b/cmd/buildah/addcopy.go +index cf6e23887..0573a4ff8 100644 +--- a/cmd/buildah/addcopy.go ++++ b/cmd/buildah/addcopy.go +@@ -22,7 +22,6 @@ type addCopyResults struct { + addHistory bool + chmod string + chown string +- checksum string + quiet bool + ignoreFile string + contextdir string +@@ -68,7 +67,6 @@ func applyFlagVars(flags *pflag.FlagSet, opts *addCopyResults) { + if err := flags.MarkHidden("cert-dir"); err != nil { + panic(fmt.Sprintf("error marking cert-dir as hidden: %v", err)) + } +- flags.StringVar(&opts.checksum, "checksum", "", "checksum the HTTP source content") + flags.StringVar(&opts.chown, "chown", "", "set the user and group ownership of the destination content") + flags.StringVar(&opts.chmod, "chmod", "", "set the access permissions of the destination content") + flags.StringVar(&opts.creds, "creds", "", "use `[username[:password]]` for accessing registries when pulling images") +@@ -237,7 +235,6 @@ func addAndCopyCmd(c *cobra.Command, args []string, verb string, iopts addCopyRe + options := buildah.AddAndCopyOptions{ + Chmod: iopts.chmod, + Chown: iopts.chown, +- Checksum: iopts.checksum, + ContextDir: contextdir, + IDMappingOptions: idMappingOptions, + } +diff --git a/docs/buildah-add.1.md b/docs/buildah-add.1.md +index 11f950533..d6771a241 100644 +--- a/docs/buildah-add.1.md ++++ b/docs/buildah-add.1.md +@@ -23,11 +23,6 @@ Defaults to false. + Note: You can also override the default value of --add-history by setting the + BUILDAH\_HISTORY environment variable. `export BUILDAH_HISTORY=true` + +-**--checksum** *checksum* +- +-Checksum the source content. The value of *checksum* must be a standard +-container digest string. Only supported for HTTP sources. +- + **--chmod** *permissions* + + Sets the access permissions of the destination content. Accepts the numerical format. +diff --git a/docs/buildah-copy.1.md b/docs/buildah-copy.1.md +index 0981416a3..a054999b3 100644 +--- a/docs/buildah-copy.1.md ++++ b/docs/buildah-copy.1.md +@@ -21,11 +21,6 @@ Defaults to false. + Note: You can also override the default value of --add-history by setting the + BUILDAH\_HISTORY environment variable. `export BUILDAH_HISTORY=true` + +-**--checksum** *checksum* +- +-Checksum the source content. The value of *checksum* must be a standard +-container digest string. Only supported for HTTP sources. +- + **--chmod** *permissions* + + Sets the access permissions of the destination content. Accepts the numerical format. +diff --git a/imagebuildah/stage_executor.go b/imagebuildah/stage_executor.go +index 9398dcef8..00ce32b3a 100644 +--- a/imagebuildah/stage_executor.go ++++ b/imagebuildah/stage_executor.go +@@ -534,7 +534,6 @@ func (s *StageExecutor) performCopy(excludes []string, copies ...imagebuilder.Co + options := buildah.AddAndCopyOptions{ + Chmod: copy.Chmod, + Chown: copy.Chown, +- Checksum: copy.Checksum, + PreserveOwnership: preserveOwnership, + ContextDir: contextDir, + Excludes: copyExcludes, +@@ -1215,8 +1214,8 @@ func (s *StageExecutor) Execute(ctx context.Context, base string) (imgID string, + if command == "COPY" && (flag == "--chmod" || flag == "--chown" || flag == "--from") { + return "", nil, false, fmt.Errorf("COPY only supports the --chmod=<permissions> --chown=<uid:gid> and the --from=<image|stage> flags") + } +- if command == "ADD" && (flag == "--chmod" || flag == "--chown" || flag == "--checksum") { +- return "", nil, false, fmt.Errorf("ADD only supports the --chmod=<permissions>, --chown=<uid:gid>, and --checksum=<checksum> flags") ++ if command == "ADD" && (flag == "--chmod" || flag == "--chown") { ++ return "", nil, false, fmt.Errorf("ADD only supports the --chmod=<permissions> and the --chown=<uid:gid> flags") + } + if strings.Contains(flag, "--from") && command == "COPY" { + arr := strings.Split(flag, "=") +diff --git a/tests/add.bats b/tests/add.bats +index ac4841bcd..100051ee1 100644 +--- a/tests/add.bats ++++ b/tests/add.bats +@@ -281,28 +281,3 @@ stuff/mystuff" + cmp $ubuntu/etc/passwd ${croot}/tmp/passwd + cmp $ubuntu/etc/passwd ${croot}/tmp/passwd2 + } +- +-@test "add url with checksum flag" { +- _prefetch busybox +- run_buildah from --quiet $WITH_POLICY_JSON busybox +- cid=$output +- run_buildah add --checksum=sha256:4fd3aed66b5488b45fe83dd11842c2324fadcc38e1217bb45fbd28d660afdd39 $cid https://raw.githubusercontent.com/containers/buildah/bf3b55ba74102cc2503eccbaeffe011728d46b20/README.md / +- run_buildah run $cid ls /README.md +-} +- +-@test "add url with bad checksum" { +- _prefetch busybox +- run_buildah from --quiet $WITH_POLICY_JSON busybox +- cid=$output +- run_buildah 125 add --checksum=sha256:0000000000000000000000000000000000000000000000000000000000000000 $cid https://raw.githubusercontent.com/containers/buildah/bf3b55ba74102cc2503eccbaeffe011728d46b20/README.md / +- expect_output --substring "unexpected response digest for \"https://raw.githubusercontent.com/containers/buildah/bf3b55ba74102cc2503eccbaeffe011728d46b20/README.md\": sha256:4fd3aed66b5488b45fe83dd11842c2324fadcc38e1217bb45fbd28d660afdd39, want sha256:0000000000000000000000000000000000000000000000000000000000000000" +-} +- +-@test "add path with checksum flag" { +- _prefetch busybox +- createrandom ${TEST_SCRATCH_DIR}/randomfile +- run_buildah from --quiet $WITH_POLICY_JSON busybox +- cid=$output +- run_buildah 125 add --checksum=sha256:0000000000000000000000000000000000000000000000000000000000000000 $cid ${TEST_SCRATCH_DIR}/randomfile / +- expect_output --substring "checksum flag is not supported for local sources" +-} +diff --git a/tests/bud.bats b/tests/bud.bats +index 878a1597a..f4b4ef019 100644 +--- a/tests/bud.bats ++++ b/tests/bud.bats +@@ -3131,7 +3131,7 @@ _EOF + imgName=alpine-image + ctrName=alpine-chown + run_buildah 125 build $WITH_POLICY_JSON --layers -t ${imgName} -f $BUDFILES/add-chown/Dockerfile.bad $BUDFILES/add-chown +- expect_output --substring "ADD only supports the --chmod=<permissions>, --chown=<uid:gid>, and --checksum=<checksum> flags" ++ expect_output --substring "ADD only supports the --chmod=<permissions> and the --chown=<uid:gid> flags" + } + + @test "bud with chmod add with bad chmod flag in Dockerfile with --layers" { +@@ -3139,30 +3139,7 @@ _EOF + imgName=alpine-image + ctrName=alpine-chmod + run_buildah 125 build $WITH_POLICY_JSON --layers -t ${imgName} -f $BUDFILES/add-chmod/Dockerfile.bad $BUDFILES/add-chmod +- expect_output --substring "ADD only supports the --chmod=<permissions>, --chown=<uid:gid>, and --checksum=<checksum> flags" +-} +- +-@test "bud with ADD with checksum flag" { +- _prefetch alpine +- target=alpine-image +- run_buildah build $WITH_POLICY_JSON -t alpine-image -f $BUDFILES/add-checksum/Containerfile $BUDFILES/add-checksum +- run_buildah from --quiet $WITH_POLICY_JSON --name alpine-ctr alpine-image +- run_buildah run alpine-ctr -- ls -l /README.md +- expect_output --substring "README.md" +-} +- +-@test "bud with ADD with bad checksum" { +- _prefetch alpine +- target=alpine-image +- run_buildah 125 build $WITH_POLICY_JSON -t ${target} -f $BUDFILES/add-checksum/Containerfile.bad-checksum $BUDFILES/add-checksum +- expect_output --substring "unexpected response digest for \"https://raw.githubusercontent.com/containers/buildah/bf3b55ba74102cc2503eccbaeffe011728d46b20/README.md\": sha256:4fd3aed66b5488b45fe83dd11842c2324fadcc38e1217bb45fbd28d660afdd39, want sha256:0000000000000000000000000000000000000000000000000000000000000000" +-} +- +-@test "bud with ADD with bad checksum flag" { +- _prefetch alpine +- target=alpine-image +- run_buildah 125 build $WITH_POLICY_JSON -t ${target} -f $BUDFILES/add-checksum/Containerfile.bad $BUDFILES/add-checksum +- expect_output --substring "ADD only supports the --chmod=<permissions>, --chown=<uid:gid>, and --checksum=<checksum> flags" ++ expect_output --substring "ADD only supports the --chmod=<permissions> and the --chown=<uid:gid> flags" + } + + @test "bud with ADD file construct" { +diff --git a/tests/bud/add-checksum/Containerfile b/tests/bud/add-checksum/Containerfile +deleted file mode 100644 +index 55de0de77..000000000 +--- a/tests/bud/add-checksum/Containerfile ++++ /dev/null +@@ -1,2 +0,0 @@ +-FROM alpine +-ADD --checksum=sha256:4fd3aed66b5488b45fe83dd11842c2324fadcc38e1217bb45fbd28d660afdd39 https://raw.githubusercontent.com/containers/buildah/bf3b55ba74102cc2503eccbaeffe011728d46b20/README.md / +diff --git a/tests/bud/add-checksum/Containerfile.bad b/tests/bud/add-checksum/Containerfile.bad +deleted file mode 100644 +index 2c8681362..000000000 +--- a/tests/bud/add-checksum/Containerfile.bad ++++ /dev/null +@@ -1,2 +0,0 @@ +-FROM alpine +-ADD --checksum https://raw.githubusercontent.com/containers/buildah/bf3b55ba74102cc2503eccbaeffe011728d46b20/README.md / +diff --git a/tests/bud/add-checksum/Containerfile.bad-checksum b/tests/bud/add-checksum/Containerfile.bad-checksum +deleted file mode 100644 +index 7c043d244..000000000 +--- a/tests/bud/add-checksum/Containerfile.bad-checksum ++++ /dev/null +@@ -1,2 +0,0 @@ +-FROM alpine +-ADD --checksum=sha256:0000000000000000000000000000000000000000000000000000000000000000 https://raw.githubusercontent.com/containers/buildah/bf3b55ba74102cc2503eccbaeffe011728d46b20/README.md / diff --git a/debian/patches/avoid-buildkit-heredoc.patch b/debian/patches/avoid-buildkit-heredoc.patch new file mode 100644 index 0000000..0ad8115 --- /dev/null +++ b/debian/patches/avoid-buildkit-heredoc.patch @@ -0,0 +1,346 @@ +Author: Reinhard Tartler <siretart@tauware.de> +Date: Fri Nov 24 12:32:48 2023 +0000 +Description Revert "buildah: add heredoc support for RUN, COPY and ADD" + +This is to avoid a dependency on buildkit, can probably be dropped after #1051202 + + +diff --git a/imagebuildah/stage_executor.go b/imagebuildah/stage_executor.go +index 00ce32b3a..ea1587a1f 100644 +--- a/imagebuildah/stage_executor.go ++++ b/imagebuildah/stage_executor.go +@@ -7,7 +7,6 @@ import ( + "fmt" + "io" + "os" +- "path" + "path/filepath" + "sort" + "strconv" +@@ -36,7 +35,6 @@ import ( + "github.com/containers/storage/pkg/chrootarchive" + "github.com/containers/storage/pkg/unshare" + docker "github.com/fsouza/go-dockerclient" +- buildkitparser "github.com/moby/buildkit/frontend/dockerfile/parser" + digest "github.com/opencontainers/go-digest" + v1 "github.com/opencontainers/image-spec/specs-go/v1" + "github.com/opencontainers/runtime-spec/specs-go" +@@ -350,11 +348,6 @@ func (s *StageExecutor) volumeCacheRestore() error { + // imagebuilder tells us the instruction was "ADD" and not "COPY". + func (s *StageExecutor) Copy(excludes []string, copies ...imagebuilder.Copy) error { + s.builder.ContentDigester.Restart() +- return s.performCopy(excludes, copies...) +-} +- +-func (s *StageExecutor) performCopy(excludes []string, copies ...imagebuilder.Copy) error { +- copiesExtend := []imagebuilder.Copy{} + for _, copy := range copies { + if err := s.volumeCacheInvalidate(copy.Dest); err != nil { + return err +@@ -369,61 +362,7 @@ func (s *StageExecutor) performCopy(excludes []string, copies ...imagebuilder.Co + stripSetgid := false + preserveOwnership := false + contextDir := s.executor.contextDir +- // If we are copying files via heredoc syntax, then +- // its time to create these temporary files on host +- // and copy these to container +- if len(copy.Files) > 0 { +- // If we are copying files from heredoc syntax, there +- // maybe regular files from context as well so split and +- // process them differently +- if len(copy.Src) > len(copy.Files) { +- regularSources := []string{} +- for _, src := range copy.Src { +- // If this source is not a heredoc, then it is a regular file from +- // build context or from another stage (`--from=`) so treat this differently. +- if !strings.HasPrefix(src, "<<") { +- regularSources = append(regularSources, src) +- } +- } +- copyEntry := copy +- // Remove heredoc if any, since we are already processing them +- // so create new entry with sources containing regular files +- // only, since regular files can have different context then +- // heredoc files. +- copyEntry.Files = nil +- copyEntry.Src = regularSources +- copiesExtend = append(copiesExtend, copyEntry) +- } +- copySources := []string{} +- for _, file := range copy.Files { +- data := file.Data +- // remove first break line added while parsing heredoc +- data = strings.TrimPrefix(data, "\n") +- // add breakline when heredoc ends for docker compat +- data = data + "\n" +- tmpFile, err := os.Create(filepath.Join(parse.GetTempDir(), path.Base(filepath.ToSlash(file.Name)))) +- if err != nil { +- return fmt.Errorf("unable to create tmp file for COPY instruction at %q: %w", parse.GetTempDir(), err) +- } +- err = tmpFile.Chmod(0644) // 644 is consistent with buildkit +- if err != nil { +- tmpFile.Close() +- return fmt.Errorf("unable to chmod tmp file created for COPY instruction at %q: %w", tmpFile.Name(), err) +- } +- defer os.Remove(tmpFile.Name()) +- _, err = tmpFile.WriteString(data) +- if err != nil { +- tmpFile.Close() +- return fmt.Errorf("unable to write contents of heredoc file at %q: %w", tmpFile.Name(), err) +- } +- copySources = append(copySources, filepath.Base(tmpFile.Name())) +- tmpFile.Close() +- } +- contextDir = parse.GetTempDir() +- copy.Src = copySources +- } +- +- if len(copy.From) > 0 && len(copy.Files) == 0 { ++ if len(copy.From) > 0 { + // If from has an argument within it, resolve it to its + // value. Otherwise just return the value found. + from, fromErr := imagebuilder.ProcessWord(copy.From, s.stage.Builder.Arguments()) +@@ -546,13 +485,6 @@ func (s *StageExecutor) performCopy(excludes []string, copies ...imagebuilder.Co + return err + } + } +- if len(copiesExtend) > 0 { +- // If we found heredocs and regularfiles together +- // in same statement then we produced new copies to +- // process regular files separately since they need +- // different context. +- return s.performCopy(excludes, copiesExtend...) +- } + return nil + } + +@@ -658,59 +590,10 @@ func (s *StageExecutor) runStageMountPoints(mountList []string) (map[string]inte + return stageMountPoints, nil + } + +-func (s *StageExecutor) createNeededHeredocMountsForRun(files []imagebuilder.File) ([]Mount, error) { +- mountResult := []Mount{} +- for _, file := range files { +- f, err := os.CreateTemp(parse.GetTempDir(), "buildahheredoc") +- if err != nil { +- return nil, err +- } +- if _, err := f.WriteString(file.Data); err != nil { +- f.Close() +- return nil, err +- } +- err = f.Chmod(0755) +- if err != nil { +- f.Close() +- return nil, err +- } +- // dest path is same as buildkit for compat +- dest := filepath.Join("/dev/pipes/", filepath.Base(f.Name())) +- mount := Mount{Destination: dest, Type: define.TypeBind, Source: f.Name(), Options: append(define.BindOptions, "rprivate", "z", "Z")} +- mountResult = append(mountResult, mount) +- f.Close() +- } +- return mountResult, nil +-} +- + // Run executes a RUN instruction using the stage's current working container + // as a root directory. + func (s *StageExecutor) Run(run imagebuilder.Run, config docker.Config) error { + logrus.Debugf("RUN %#v, %#v", run, config) +- args := run.Args +- heredocMounts := []Mount{} +- if len(run.Files) > 0 { +- if heredoc := buildkitparser.MustParseHeredoc(args[0]); heredoc != nil { +- if strings.HasPrefix(run.Files[0].Data, "#!") || strings.HasPrefix(run.Files[0].Data, "\n#!") { +- // This is a single heredoc with a shebang, so create a file +- // and run it. +- heredocMount, err := s.createNeededHeredocMountsForRun(run.Files) +- if err != nil { +- return err +- } +- args = []string{heredocMount[0].Destination} +- heredocMounts = append(heredocMounts, heredocMount...) +- } else { +- args = []string{run.Files[0].Data} +- } +- } else { +- full := args[0] +- for _, file := range run.Files { +- full += file.Data + "\n" + file.Name +- } +- args = []string{full} +- } +- } + stageMountPoints, err := s.runStageMountPoints(run.Mounts) + if err != nil { + return err +@@ -774,6 +657,7 @@ func (s *StageExecutor) Run(run imagebuilder.Run, config docker.Config) error { + options.ConfigureNetwork = buildah.NetworkDisabled + } + ++ args := run.Args + if run.Shell { + if len(config.Shell) > 0 && s.builder.Format == define.Dockerv2ImageManifest { + args = append(config.Shell, args...) +@@ -786,9 +670,6 @@ func (s *StageExecutor) Run(run imagebuilder.Run, config docker.Config) error { + return err + } + options.Mounts = append(options.Mounts, mounts...) +- if len(heredocMounts) > 0 { +- options.Mounts = append(options.Mounts, heredocMounts...) +- } + err = s.builder.Run(args, options) + if err2 := s.volumeCacheRestore(); err2 != nil { + if err == nil { +diff --git a/tests/bud.bats b/tests/bud.bats +index f4b4ef019..aca7cbaf1 100644 +--- a/tests/bud.bats ++++ b/tests/bud.bats +@@ -267,41 +267,6 @@ _EOF + run_buildah 1 run myctr ls -l subdir/ + } + +-@test "bud build with heredoc content" { +- run_buildah build -t heredoc $WITH_POLICY_JSON -f $BUDFILES/heredoc/Containerfile . +- expect_output --substring "print first line from heredoc" +- expect_output --substring "print second line from heredoc" +- expect_output --substring "Heredoc writing first file" +- expect_output --substring "some text of first file" +- expect_output --substring "file2 from python" +- expect_output --substring "(your index page goes here)" +- expect_output --substring "(robots content)" +- expect_output --substring "(humans content)" +- expect_output --substring "this is the output of test6 part1" +- expect_output --substring "this is the output of test6 part2" +- expect_output --substring "this is the output of test7 part1" +- expect_output --substring "this is the output of test7 part2" +- expect_output --substring "this is the output of test7 part3" +- expect_output --substring "this is the output of test8 part1" +- expect_output --substring "this is the output of test8 part2" +-} +- +-@test "bud build with heredoc content which is a bash file" { +- skip_if_in_container +- _prefetch busybox +- run_buildah build -t heredoc $WITH_POLICY_JSON -f $BUDFILES/heredoc/Containerfile.bash_file . +- expect_output --substring "this is the output of test9" +- expect_output --substring "this is the output of test10" +-} +- +-@test "bud build with heredoc verify mount leak" { +- skip_if_in_container +- _prefetch alpine +- run_buildah 1 build -t heredoc $WITH_POLICY_JSON -f $BUDFILES/heredoc/Containerfile.verify_mount_leak . +- expect_output --substring "this is the output of test" +- expect_output --substring "ls: /dev/pipes: No such file or directory" +-} +- + @test "bud with .containerignore" { + _prefetch alpine busybox + run_buildah 125 build -t testbud $WITH_POLICY_JSON -f $BUDFILES/containerignore/Dockerfile $BUDFILES/containerignore +diff --git a/tests/bud/heredoc/Containerfile.bash_file b/tests/bud/heredoc/Containerfile.bash_file +deleted file mode 100644 +index 89032a111..000000000 +--- a/tests/bud/heredoc/Containerfile.bash_file ++++ /dev/null +@@ -1,15 +0,0 @@ +-FROM busybox +-RUN <<EOF +-#!/bin/sh +-echo " +- this is the output of test9" > test9.txt +-EOF +- +-RUN <<-EOF +-#!/bin/sh +-echo " +- this is the output of test10" > test10.txt +-EOF +- +-RUN cat test9.txt +-RUN cat test10.txt +diff --git a/tests/bud/heredoc/Containerfile.verify_mount_leak b/tests/bud/heredoc/Containerfile.verify_mount_leak +deleted file mode 100644 +index 753fd892b..000000000 +--- a/tests/bud/heredoc/Containerfile.verify_mount_leak ++++ /dev/null +@@ -1,17 +0,0 @@ +-FROM alpine +- +-RUN <<EOF +-#!/bin/sh +-echo " +- this is the output of test" > test.txt +-# Mount of this file must exists till this run step +-# so this `ls` command should not fail +-ls -a /dev/pipes/ +-EOF +- +-RUN cat test.txt +- +-# This ls command must fail, since mount is removed in this step +-RUN ls -a /dev/pipes +- +- +diff --git a/tests/conformance/conformance_test.go b/tests/conformance/conformance_test.go +index 62d701c21..68f8a63e5 100644 +--- a/tests/conformance/conformance_test.go ++++ b/tests/conformance/conformance_test.go +@@ -3023,21 +3023,6 @@ var internalTestCases = []testCase{ + dockerUseBuildKit: true, + }, + +- { +- name: "heredoc-copy", +- dockerfile: "Dockerfile.heredoc_copy", +- dockerUseBuildKit: true, +- contextDir: "heredoc", +- fsSkip: []string{"(dir):test:mtime", +- "(dir):test2:mtime", +- "(dir):test:(dir):humans.txt:mtime", +- "(dir):test:(dir):robots.txt:mtime", +- "(dir):test2:(dir):humans.txt:mtime", +- "(dir):test2:(dir):robots.txt:mtime", +- "(dir):test2:(dir):image_file:mtime", +- "(dir):etc:(dir):hostname" /* buildkit does not contains /etc/hostname like buildah */}, +- }, +- + { + name: "replace-symlink-with-directory", + contextDir: "replace/symlink-with-directory", +diff --git a/tests/conformance/testdata/heredoc/Dockerfile.heredoc_copy b/tests/conformance/testdata/heredoc/Dockerfile.heredoc_copy +deleted file mode 100644 +index 227f71b5e..000000000 +--- a/tests/conformance/testdata/heredoc/Dockerfile.heredoc_copy ++++ /dev/null +@@ -1,23 +0,0 @@ +-# syntax=docker/dockerfile:1.3-labs +-FROM busybox as one +-RUN echo helloworld > image_file +-FROM busybox +-RUN echo hello +-# copy two heredoc and one from context +-COPY <<robots.txt <<humans.txt file /test/ +-(robots content) +-Long file with random text +-Random line +-HelloWorld +-robots.txt +-(humans content) +-humans.txt +-# copy two heredoc and one from another stage +-COPY --from=one image_file <<robots.txt <<humans.txt /test2/ +-(robots content) +-Long file with random text +-Random line +-HelloWorld +-robots.txt +-(humans content) +-humans.txt +diff --git a/tests/conformance/testdata/heredoc/file b/tests/conformance/testdata/heredoc/file +deleted file mode 100644 +index ebf038b91..000000000 +--- a/tests/conformance/testdata/heredoc/file ++++ /dev/null +@@ -1 +0,0 @@ +-somefile diff --git a/debian/patches/manpage-fixes.patch b/debian/patches/manpage-fixes.patch new file mode 100644 index 0000000..4f7fddd --- /dev/null +++ b/debian/patches/manpage-fixes.patch @@ -0,0 +1,10 @@ +Index: golang-github-containers-buildah/docs/buildah-manifest-create.1.md +=================================================================== +--- golang-github-containers-buildah.orig/docs/buildah-manifest-create.1.md ++++ golang-github-containers-buildah/docs/buildah-manifest-create.1.md +@@ -1,4 +1,4 @@ +-# buildah-manifest-create "16" "August 2022" "buildah" ++# buildah-manifest-create "1" "August 2022" "buildah" + + ## NAME + diff --git a/debian/patches/root-testfail-ignore.patch b/debian/patches/root-testfail-ignore.patch new file mode 100644 index 0000000..2a8d5aa --- /dev/null +++ b/debian/patches/root-testfail-ignore.patch @@ -0,0 +1,28 @@ +Index: golang-github-containers-buildah/buildah_test.go +=================================================================== +--- golang-github-containers-buildah.orig/buildah_test.go ++++ golang-github-containers-buildah/buildah_test.go +@@ -40,6 +40,9 @@ func TestOpenBuilderCommonBuildOpts(t *t + GraphRoot: t.TempDir(), + GraphDriverName: "vfs", + }) ++ if err != nil { ++ t.Skipf("Not enough permissions to execute test: %s", err) ++ } + require.NoError(t, err) + t.Cleanup(func() { _, err := store.Shutdown(true); assert.NoError(t, err) }) + b, err := NewBuilder(ctx, store, BuilderOptions{}) +Index: golang-github-containers-buildah/convertcw_test.go +=================================================================== +--- golang-github-containers-buildah.orig/convertcw_test.go ++++ golang-github-containers-buildah/convertcw_test.go +@@ -80,6 +80,9 @@ func TestCWConvertImage(t *testing.T) { + GraphDriverName: "vfs", + } + store, err := storage.GetStore(storeOptions) ++ if err != nil { ++ t.Skipf("Not enough permissions to run test: %s") ++ } + require.NoError(t, err) + t.Cleanup(func() { + if _, err := store.Shutdown(true); err != nil { diff --git a/debian/patches/series b/debian/patches/series new file mode 100644 index 0000000..1c8d991 --- /dev/null +++ b/debian/patches/series @@ -0,0 +1,4 @@ +manpage-fixes.patch +root-testfail-ignore.patch +avoid-buildkit-checksum.patch +avoid-buildkit-heredoc.patch diff --git a/debian/rules b/debian/rules new file mode 100755 index 0000000..b4b60c8 --- /dev/null +++ b/debian/rules @@ -0,0 +1,35 @@ +#!/usr/bin/make -f + +# We want to ship only the library packages themselves in the go source, not +# the accompanying test scripts +export DH_GOLANG_EXCLUDES := tests/ +export DH_GOLANG_EXCLUDES_ALL := 1 +export DH_GOLANG_INSTALL_EXTRA := internal/mkcw/embed/entrypoint.gz + +# remove this non-sense after ubuntu's docker.io ships the vendored +# libraries in the correct folders. This is to allow auto-syncing to ubuntu +ifeq ($(shell dpkg-vendor --derives-from Ubuntu && echo yes),yes) +override_dh_auto_configure: + # force debhelper to symlink subdirs in docker, enables workarounds below + mkdir -p _build/src/github.com/docker _build/src/github.com/seccomp + dh_auto_configure + # workaround some vendoring issues - in ubuntu all docker vendored libraries + # are installed in the "vendor/" subdirectory + test -d _build/src/github.com/docker/libnetwork || \ + ln -s docker/vendor/github.com/docker/libnetwork \ + _build/src/github.com/docker + test -d _build/src/github.com/seccomp/libseccomp-golang || \ + ln -s ../docker/docker/vendor/github.com/seccomp/libseccomp-golang \ + _build/src/github.com/seccomp +endif + +override_dh_auto_build: $(MANPAGES) $(MANPAGES5) + dh_auto_build -- -tags "seccomp selinux apparmor libsubid" + make -C docs docs GOMD2MAN=go-md2man + make -C docs install PREFIX=/usr DESTDIR=$(CURDIR)/debian/tmp + +override_dh_auto_test: + DH_GOLANG_EXCLUDES="chroot cmd/buildah pkg/cli pkg/completion copier util conformance e2e" dh_auto_test + +%: + dh $@ --buildsystem=golang --with=golang,bash-completion --builddirectory=_build diff --git a/debian/source/format b/debian/source/format new file mode 100644 index 0000000..163aaf8 --- /dev/null +++ b/debian/source/format @@ -0,0 +1 @@ +3.0 (quilt) diff --git a/debian/source/lintian-overrides b/debian/source/lintian-overrides new file mode 100644 index 0000000..b1c867f --- /dev/null +++ b/debian/source/lintian-overrides @@ -0,0 +1,2 @@ +# there are some performance test files that produce warnings +golang-github-containers-buildah source: unpack-message-for-orig
\ No newline at end of file diff --git a/debian/upstream/metadata b/debian/upstream/metadata new file mode 100644 index 0000000..7a23fe7 --- /dev/null +++ b/debian/upstream/metadata @@ -0,0 +1,5 @@ +--- +Bug-Database: https://github.com/containers/buildah/issues +Bug-Submit: https://github.com/containers/buildah/issues/new +Repository: https://github.com/containers/buildah.git +Repository-Browse: https://github.com/containers/buildah diff --git a/debian/watch b/debian/watch new file mode 100644 index 0000000..23963ef --- /dev/null +++ b/debian/watch @@ -0,0 +1,13 @@ +# https://salsa.debian.org/snippets/95 +# uscan(1) configuration file. +version=4 + +opts="\ +pgpmode=none,\ +repacksuffix=+ds1,\ +repack,compression=xz,\ +dirversionmangle=s/-rc/~rc/,\ +uversionmangle=s/-rc/~rc/,\ +dversionmangle=s{[+~]ds\d*}{},\ +" https://github.com/containers/buildah/tags \ + .*/v?@ANY_VERSION@@ARCHIVE_EXT@ |