From 967fb5ec126aada9975c31de9b601fe7fad6ed3b Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Fri, 8 Nov 2024 16:36:36 -0800 Subject: [PATCH 1/6] Makefile: rm unused var This is no longer used since commit 3a122aa3c. [NO NEW TESTS NEEDED] Signed-off-by: Kir Kolyshkin --- Makefile | 1 - 1 file changed, 1 deletion(-) diff --git a/Makefile b/Makefile index 37dbeb43e98..fb8eeb1119d 100644 --- a/Makefile +++ b/Makefile @@ -29,7 +29,6 @@ RACEFLAGS := $(shell $(GO_TEST) -race ./pkg/dummy > /dev/null 2>&1 && echo -race COMMIT_NO ?= $(shell git rev-parse HEAD 2> /dev/null || true) GIT_COMMIT ?= $(if $(shell git status --porcelain --untracked-files=no),${COMMIT_NO}-dirty,${COMMIT_NO}) SOURCE_DATE_EPOCH ?= $(if $(shell date +%s),$(shell date +%s),$(error "date failed")) -STATIC_STORAGETAGS = "containers_image_openpgp $(STORAGE_TAGS)" # we get GNU make 3.x in MacOS build envs, which wants # to be escaped in # strings, while the 4.x we have on Linux doesn't. this is the documented From 5adb14cbfeb129900cb47f2270994dccb527dae1 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Fri, 8 Nov 2024 15:50:06 -0800 Subject: [PATCH 2/6] build: rm exclude_graphdriver_devicemapper tag Since commit c7937cd1d it is no longer necessary to have it. [NO NEW TESTS NEEDED] Signed-off-by: Kir Kolyshkin --- Makefile | 2 +- nix/default-arm64.nix | 2 +- nix/default.nix | 2 +- rpm/buildah.spec | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Makefile b/Makefile index fb8eeb1119d..815ed94a119 100644 --- a/Makefile +++ b/Makefile @@ -1,7 +1,7 @@ export GOPROXY=https://proxy.golang.org APPARMORTAG := $(shell hack/apparmor_tag.sh) -STORAGETAGS := exclude_graphdriver_devicemapper $(shell ./btrfs_tag.sh) $(shell ./btrfs_installed_tag.sh) $(shell ./hack/libsubid_tag.sh) +STORAGETAGS := $(shell ./btrfs_tag.sh) $(shell ./btrfs_installed_tag.sh) $(shell ./hack/libsubid_tag.sh) SECURITYTAGS ?= seccomp $(APPARMORTAG) TAGS ?= $(SECURITYTAGS) $(STORAGETAGS) $(shell ./hack/systemd_tag.sh) ifeq ($(shell uname -s),FreeBSD) diff --git a/nix/default-arm64.nix b/nix/default-arm64.nix index 77eaa51e4b5..8fa55e481c2 100644 --- a/nix/default-arm64.nix +++ b/nix/default-arm64.nix @@ -70,7 +70,7 @@ let export CFLAGS='-static -pthread' export LDFLAGS='-s -w -static-libgcc -static' export EXTRA_LDFLAGS='-s -w -linkmode external -extldflags "-static -lm"' - export BUILDTAGS='static netgo osusergo exclude_graphdriver_btrfs exclude_graphdriver_devicemapper seccomp apparmor selinux' + export BUILDTAGS='static netgo osusergo exclude_graphdriver_btrfs seccomp apparmor selinux' export CGO_ENABLED=1 ''; buildPhase = '' diff --git a/nix/default.nix b/nix/default.nix index 9b5c39f80f3..f151884105f 100644 --- a/nix/default.nix +++ b/nix/default.nix @@ -68,7 +68,7 @@ let export CFLAGS='-static -pthread' export LDFLAGS='-s -w -static-libgcc -static' export EXTRA_LDFLAGS='-s -w -linkmode external -extldflags "-static -lm"' - export BUILDTAGS='static netgo osusergo exclude_graphdriver_btrfs exclude_graphdriver_devicemapper seccomp apparmor selinux' + export BUILDTAGS='static netgo osusergo exclude_graphdriver_btrfs seccomp apparmor selinux' export CGO_ENABLED=1 ''; buildPhase = '' diff --git a/rpm/buildah.spec b/rpm/buildah.spec index 975a61051bd..f2374a98c3e 100644 --- a/rpm/buildah.spec +++ b/rpm/buildah.spec @@ -124,7 +124,7 @@ export CGO_CFLAGS+=" -m64 -mtune=generic -fcf-protection=full" export CNI_VERSION=`grep '^# github.com/containernetworking/cni ' src/modules.txt | sed 's,.* ,,'` export LDFLAGS="-X main.buildInfo=`date +%s` -X main.cniVersion=${CNI_VERSION}" -export BUILDTAGS="seccomp exclude_graphdriver_devicemapper $(hack/systemd_tag.sh) $(hack/libsubid_tag.sh)" +export BUILDTAGS="seccomp $(hack/systemd_tag.sh) $(hack/libsubid_tag.sh)" %if !%{defined build_with_btrfs} export BUILDTAGS+=" btrfs_noversion exclude_graphdriver_btrfs" %endif From c07a5eb567e5f846e538a67177b4bfa50fddc834 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Fri, 8 Nov 2024 16:14:01 -0800 Subject: [PATCH 3/6] Makefile: rm targets working on .. It looks like those were added to aim in CI, and is no longer required. As it is quite unexpected to have make targets operate on directories such as ../../, let's remove those. Fix Ubuntu build instructions accordingly (runc binary package is available in those distros). [NO NEW TESTS NEEDED] Signed-off-by: Kir Kolyshkin --- Makefile | 25 ------------------------- install.md | 12 ++---------- 2 files changed, 2 insertions(+), 35 deletions(-) diff --git a/Makefile b/Makefile index 815ed94a119..509b7fd9c65 100644 --- a/Makefile +++ b/Makefile @@ -35,8 +35,6 @@ SOURCE_DATE_EPOCH ?= $(if $(shell date +%s),$(shell date +%s),$(error "date fail # workaround COMMENT := \# CNI_COMMIT := $(shell sed -n 's;^$(COMMENT) github.com/containernetworking/cni \([^ \n]*\).*$$;\1;p' vendor/modules.txt) -RUNC_COMMIT := $(shell sed -n 's;^$(COMMENT) github.com/opencontainers/runc \([^ \n]*\).*$$;\1;p' vendor/modules.txt) -LIBSECCOMP_COMMIT := release-2.3 EXTRA_LDFLAGS ?= BUILDAH_LDFLAGS := $(GO_LDFLAGS) '-X main.GitCommit=$(GIT_COMMIT) -X main.buildInfo=$(SOURCE_DATE_EPOCH) -X main.cniVersion=$(CNI_COMMIT) $(EXTRA_LDFLAGS)' @@ -141,25 +139,6 @@ validate: install.tools install.tools: $(MAKE) -C tests/tools -.PHONY: runc -runc: gopath - rm -rf ../../opencontainers/runc - git clone https://github.com/opencontainers/runc ../../opencontainers/runc - cd ../../opencontainers/runc && git checkout $(RUNC_COMMIT) && $(GO) build -tags "$(STORAGETAGS) $(SECURITYTAGS)" - ln -sf ../../opencontainers/runc/runc - -.PHONY: install.libseccomp.sudo -install.libseccomp.sudo: gopath - rm -rf ../../seccomp/libseccomp - git clone https://github.com/seccomp/libseccomp ../../seccomp/libseccomp - cd ../../seccomp/libseccomp && git checkout $(LIBSECCOMP_COMMIT) && ./autogen.sh && ./configure --prefix=/usr && make all && sudo make install - -.PHONY: install.cni.sudo -install.cni.sudo: gopath - rm -rf ../../containernetworking/plugins - git clone https://github.com/containernetworking/plugins ../../containernetworking/plugins - cd ../../containernetworking/plugins && ./build_linux.sh && sudo install -D -v -m755 -t /opt/cni/bin/ bin/* - .PHONY: install install: install -d -m 755 $(DESTDIR)/$(BINDIR) @@ -177,10 +156,6 @@ install.completions: install -m 755 -d $(DESTDIR)/$(BASHINSTALLDIR) install -m 644 contrib/completions/bash/buildah $(DESTDIR)/$(BASHINSTALLDIR)/buildah -.PHONY: install.runc -install.runc: - install -m 755 ../../opencontainers/runc/runc $(DESTDIR)/$(BINDIR)/ - .PHONY: test-conformance test-conformance: $(GO_TEST) -v -tags "$(STORAGETAGS) $(SECURITYTAGS)" -cover -timeout 60m ./tests/conformance diff --git a/install.md b/install.md index 87657897e37..be3356337d1 100644 --- a/install.md +++ b/install.md @@ -252,18 +252,10 @@ In Ubuntu 22.10 (Karmic) or Debian 12 (Bookworm) you can use these commands: ``` sudo apt-get -y -qq update - sudo apt-get -y install bats btrfs-progs git go-md2man golang libapparmor-dev libglib2.0-dev libgpgme11-dev libseccomp-dev libselinux1-dev make skopeo libbtrfs-dev + sudo apt-get -y install bats btrfs-progs git go-md2man golang libapparmor-dev libglib2.0-dev libgpgme11-dev libseccomp-dev libselinux1-dev make runc skopeo libbtrfs-dev ``` -Then to install Buildah follow the steps in this example: - -``` - git clone https://github.com/containers/buildah - cd buildah - make runc all SECURITYTAGS="apparmor seccomp" - sudo make install install.runc - buildah --help -``` +The build steps for Buildah on Debian or Ubuntu are the same as for Fedora, above. ## Vendoring - Dependency Management From f0361414de2aeaaa2477a79b78a79d80c8a6eee2 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Fri, 8 Nov 2024 16:33:44 -0800 Subject: [PATCH 4/6] Makefile,install.md: rm gopath stuff For quite some time (Go 1.16? To be honest, I don't remember) placing sources in a specific directory under $GOPATH is no longer required. [NO NEW TESTS NEEDED] Signed-off-by: Kir Kolyshkin --- Makefile | 6 ------ install.md | 7 ++----- 2 files changed, 2 insertions(+), 11 deletions(-) diff --git a/Makefile b/Makefile index 509b7fd9c65..18022dcbb58 100644 --- a/Makefile +++ b/Makefile @@ -119,12 +119,6 @@ clean: docs: install.tools ## build the docs on the host $(MAKE) -C docs -# For vendoring to work right, the checkout directory must be such that our top -# level is at $GOPATH/src/github.com/containers/buildah. -.PHONY: gopath -gopath: - test $(shell pwd) = $(shell cd ../../../../src/github.com/containers/buildah ; pwd) - codespell: codespell -S Makefile,buildah.spec.rpkg,AUTHORS,bin,vendor,.git,go.mod,go.sum,CHANGELOG.md,changelog.txt,seccomp.json,.cirrus.yml,"*.xz,*.gz,*.tar,*.tgz,*ico,*.png,*.1,*.5,*.orig,*.rej" -L secon,passt,bu,uint,iff,od,erro -w diff --git a/install.md b/install.md index be3356337d1..df8a82560e7 100644 --- a/install.md +++ b/install.md @@ -194,11 +194,8 @@ In Fedora, you can use this command: Then to install Buildah on Fedora follow the steps in this example: ``` - mkdir ~/buildah - cd ~/buildah - export GOPATH=`pwd` - git clone https://github.com/containers/buildah ./src/github.com/containers/buildah - cd ./src/github.com/containers/buildah + git clone https://github.com/containers/buildah + cd buildah make sudo make install buildah --help From c2b42c5e4fcfa463dc43c4677d244bfcb865ae30 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Fri, 8 Nov 2024 17:10:56 -0800 Subject: [PATCH 5/6] Fix some codespell errors [NO NEW TESTS NEEDED] Signed-off-by: Kir Kolyshkin --- copier/syscall_unix.go | 8 ++++---- docs/buildah-build.1.md | 2 +- pkg/parse/parse_test.go | 2 +- tests/source.bats | 1 - 4 files changed, 6 insertions(+), 7 deletions(-) diff --git a/copier/syscall_unix.go b/copier/syscall_unix.go index 30356caa2c4..f03503b32fa 100644 --- a/copier/syscall_unix.go +++ b/copier/syscall_unix.go @@ -77,12 +77,12 @@ func sameDevice(a, b os.FileInfo) bool { if aSys == nil || bSys == nil { return true } - au, aok := aSys.(*syscall.Stat_t) - bu, bok := bSys.(*syscall.Stat_t) - if !aok || !bok { + uA, okA := aSys.(*syscall.Stat_t) + uB, okB := bSys.(*syscall.Stat_t) + if !okA || !okB { return true } - return au.Dev == bu.Dev + return uA.Dev == uB.Dev } const ( diff --git a/docs/buildah-build.1.md b/docs/buildah-build.1.md index 15b89b439e8..6fe68e7ed40 100644 --- a/docs/buildah-build.1.md +++ b/docs/buildah-build.1.md @@ -909,7 +909,7 @@ Pass secret information to be used in the Containerfile for building images in a safe way that will not end up stored in the final image, or be seen in other stages. The value of the secret will be read from an environment variable or file named by the "id" option, or named by the "src" option if it is specified, or from an -environment variable specifed by the "env" option. +environment variable specified by the "env" option. The secret will be mounted in the container at `/run/secrets/*id*` by default. To later use the secret, use the --mount flag in a `RUN` instruction within a `Containerfile`: diff --git a/pkg/parse/parse_test.go b/pkg/parse/parse_test.go index 6cbb3afba2c..aeb842f7b2c 100644 --- a/pkg/parse/parse_test.go +++ b/pkg/parse/parse_test.go @@ -205,7 +205,7 @@ func TestParsePullPolicy(t *testing.T) { "newer": true, "false": true, "never": true, - "trye": false, + "try": false, "truth": false, } for value, result := range testCases { diff --git a/tests/source.bats b/tests/source.bats index 20c669b7565..6d120578387 100644 --- a/tests/source.bats +++ b/tests/source.bats @@ -39,7 +39,6 @@ load helpers # Inspect the config run jq -r .created $srcdir/blobs/sha256/$configDigest assert "$status" -eq 0 "status of jq .created on configDigest" - creatd=$output run date --date="$output" assert "$status" -eq 0 "status of date (this should never ever fail)" run jq -r .author $srcdir/blobs/sha256/$configDigest From 135431f8d529f2cbb57282ed0ecca9616380c410 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Fri, 8 Nov 2024 17:02:20 -0800 Subject: [PATCH 6/6] Makefile: mv codespell config to .codespellrc It is cleaner that way. While at it, let's try to minimize it. [NO NEW TESTS NEEDED] Signed-off-by: Kir Kolyshkin --- .codespellrc | 3 +++ Makefile | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) create mode 100644 .codespellrc diff --git a/.codespellrc b/.codespellrc new file mode 100644 index 00000000000..64a29fe6026 --- /dev/null +++ b/.codespellrc @@ -0,0 +1,3 @@ +[codespell] +skip = ./vendor,./.git,./go.sum,./docs/*.1,./docker/AUTHORS,./CHANGELOG.md,./changelog.txt,./tests/tools/vendor,./tests/tools/go.mod,./tests/tools/go.sum +ignore-words-list = fo,passt,secon,erro diff --git a/Makefile b/Makefile index 18022dcbb58..24ae0ca4ff0 100644 --- a/Makefile +++ b/Makefile @@ -120,7 +120,7 @@ docs: install.tools ## build the docs on the host $(MAKE) -C docs codespell: - codespell -S Makefile,buildah.spec.rpkg,AUTHORS,bin,vendor,.git,go.mod,go.sum,CHANGELOG.md,changelog.txt,seccomp.json,.cirrus.yml,"*.xz,*.gz,*.tar,*.tgz,*ico,*.png,*.1,*.5,*.orig,*.rej" -L secon,passt,bu,uint,iff,od,erro -w + codespell -w .PHONY: validate validate: install.tools