Bump to 0.7

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

buildah.go

@@ -20,7 +20,7 @@ const (
 	// identify working containers.
 	Package = "buildah"
 	// Version for the Package
-	Version = "0.6"
+	Version = "0.7"
 	// The value we use to identify what type of information, currently a
 	// serialized Builder structure, we are using as per-container state.
 	// This should only be changed when we make incompatible changes to

cmd/buildah/bud.go

@@ -13,6 +13,10 @@ import (
 
 var (
 	budFlags = []cli.Flag{
+		cli.StringFlag{
+			Name:  "authfile",
+			Usage: "path of the authentication file. Default is ${XDG_RUNTIME_DIR}/containers/auth.json",
+		},
 		cli.StringSliceFlag{
 			Name:  "build-arg",
 			Usage: "`argument=value` to supply to the builder",
@@ -56,7 +60,7 @@ var (
 		},
 		cli.BoolTFlag{
 			Name:  "tls-verify",
-			Usage: "Require HTTPS and verify certificates when accessing the registry",
+			Usage: "require HTTPS and verify certificates when accessing the registry",
 		},
 	}
 
@@ -190,6 +194,7 @@ func budCmd(c *cli.Context) error {
 		Runtime:             c.String("runtime"),
 		RuntimeArgs:         c.StringSlice("runtime-flag"),
 		OutputFormat:        format,
+		AuthFilePath:        c.String("authfile"),
 	}
 	if !c.Bool("quiet") {
 		options.ReportWriter = os.Stderr

cmd/buildah/common.go

@@ -133,6 +133,9 @@ func systemContextFromOptions(c *cli.Context) (*types.SystemContext, error) {
 	if c.IsSet("signature-policy") {
 		ctx.SignaturePolicyPath = c.String("signature-policy")
 	}
+	if c.IsSet("authfile") {
+		ctx.AuthFilePath = c.String("authfile")
+	}
 	return ctx, nil
 }
 

cmd/buildah/from.go

@@ -11,6 +11,10 @@ import (
 
 var (
 	fromFlags = []cli.Flag{
+		cli.StringFlag{
+			Name:  "authfile",
+			Usage: "path of the authentication file. Default is ${XDG_RUNTIME_DIR}/containers/auth.json",
+		},
 		cli.StringFlag{
 			Name:  "cert-dir",
 			Value: "",
@@ -43,7 +47,7 @@ var (
 		},
 		cli.BoolTFlag{
 			Name:  "tls-verify",
-			Usage: "Require HTTPS and verify certificates when accessing the registry",
+			Usage: "require HTTPS and verify certificates when accessing the registry",
 		},
 	}
 	fromDescription = "Creates a new working container, either from scratch or using a specified\n   image as a starting point"

cmd/buildah/push.go

@@ -17,6 +17,10 @@ import (
 
 var (
 	pushFlags = []cli.Flag{
+		cli.StringFlag{
+			Name:  "authfile",
+			Usage: "path of the authentication file. Default is ${XDG_RUNTIME_DIR}/containers/auth.json",
+		},
 		cli.StringFlag{
 			Name:  "cert-dir",
 			Value: "",
@@ -45,7 +49,7 @@ var (
 		},
 		cli.BoolTFlag{
 			Name:  "tls-verify",
-			Usage: "Require HTTPS and verify certificates when accessing the registry",
+			Usage: "require HTTPS and verify certificates when accessing the registry",
 		},
 	}
 	pushDescription = fmt.Sprintf(`

contrib/completions/bash/buildah

@@ -345,6 +345,7 @@ return 1
   "
 
      local options_with_args="
+     --authfile
      --signature-policy
      --runtime
      --runtime-flag
@@ -481,6 +482,7 @@ return 1
   "
 
      local options_with_args="
+          --authfile
           --cert-dir
           --creds
           --format
@@ -629,6 +631,7 @@ return 1
   "
 
      local options_with_args="
+     --authfile
      --cert-dir
      --creds
      --name

contrib/rpm/buildah.spec

@@ -25,7 +25,7 @@
 %global shortcommit    %(c=%{commit}; echo ${c:0:7})
 
 Name:           buildah
-Version:        0.6
+Version:        0.7
 Release:        1.git%{shortcommit}%{?dist}
 Summary:        A command line tool used to creating OCI Images
 License:        ASL 2.0
@@ -88,6 +88,10 @@ make DESTDIR=%{buildroot} PREFIX=%{_prefix} install install.completions
 %{_datadir}/bash-completion/completions/*
 
 %changelog
+* Thu Nov 16 2017 Dan Walsh <dwalsh@redhat.com> 0.7-1
+- Ignore errors when trying to read containers buildah.json for loading SELinux reservations
+-     Use credentials from kpod login for buildah
+
 * Wed Nov 15 2017 Dan Walsh <dwalsh@redhat.com> 0.6-1
 - Adds support for converting manifest types when using the dir transport
 - Rework how we do UID resolution in images

docs/buildah-bud.md

@@ -14,6 +14,11 @@ to a temporary location.
 
 ## OPTIONS
 
+**--authfile** *path*
+
+Path of the authentication file. Default is ${XDG_RUNTIME_DIR}/containers/auth.json
+which is set using `kpod login`
+
 **--build-arg** *arg=value*
 
 Specifies a build argument and its value, which will be interpolated in
@@ -93,4 +98,4 @@ buildah bud --tls-verify=true -t imageName -f Dockerfile.simple
 buildah bud --tls-verify=false -t imageName .
 
 ## SEE ALSO
-buildah(1)
+buildah(1) kpod-login(1)

docs/buildah-from.md

@@ -17,7 +17,7 @@ Multiple transports are supported:
   An existing local directory _path_ retrieving the manifest, layer tarballs and signatures as individual files. This is a non-standardized format, primarily useful for debugging or noninvasive container inspection.
 
   **docker://**_docker-reference_ (Default)
-  An image in a registry implementing the "Docker Registry HTTP API V2". By default, uses the authorization state in `$HOME/.docker/config.json`, which is set e.g. using `(docker login)`.
+  An image in a registry implementing the "Docker Registry HTTP API V2". By default, uses the authorization state in `$XDG_RUNTIME_DIR/containers/auth.json`, which is set e.g. using `(kpod login)`.
 
   **docker-archive:**_path_
   An image is retrieved as a `docker load` formatted file.
@@ -36,6 +36,11 @@ The container ID of the container that was created.  On error, -1 is returned an
 
 ## OPTIONS
 
+**--authfile** *path*
+
+Path of the authentication file. Default is ${XDG_RUNTIME_DIR}/containers/auth.json
+which is set using `kpod login`
+
 **--cert-dir** *path*
 
 Use certificates at *path* (*.crt, *.cert, *.key) to connect to the registry
@@ -86,5 +91,7 @@ buildah from myregistry/myrepository/imagename:imagetag --tls-verify=false
 
 buildah from myregistry/myrepository/imagename:imagetag --creds=myusername:mypassword --cert-dir ~/auth
 
+buildah from myregistry/myrepository/imagename:imagetag --authfile=/tmp/auths/myauths.json
+
 ## SEE ALSO
-buildah(1)
+buildah(1) kpod-login(1)

docs/buildah-push.md

@@ -24,7 +24,7 @@ Image stored in local container/storage
   An existing local directory _path_ storing the manifest, layer tarballs and signatures as individual files. This is a non-standardized format, primarily useful for debugging or noninvasive container inspection.
 
   **docker://**_docker-reference_
-  An image in a registry implementing the "Docker Registry HTTP API V2". By default, uses the authorization state in `$HOME/.docker/config.json`, which is set e.g. using `(docker login)`.
+  An image in a registry implementing the "Docker Registry HTTP API V2". By default, uses the authorization state in `$XDG_RUNTIME_DIR/containers/auth.json`, which is set e.g. using `(kpod login)`.
 
   **docker-archive:**_path_[**:**_docker-reference_]
   An image is stored in the `docker save` formatted file.  _docker-reference_ is only used when creating such a file, and it must not contain a digest.
@@ -40,6 +40,11 @@ Image stored in local container/storage
 
 ## OPTIONS
 
+**--authfile** *path*
+
+Path of the authentication file. Default is ${XDG_RUNTIME_DIR}/containers/auth.json
+which is set using `kpod login`
+
 **--cert-dir** *path*
 
 Use certificates at *path* (*.crt, *.cert, *.key) to connect to the registry
@@ -84,6 +89,10 @@ This example extracts the imageID image to a container registry named registry.e
 
  `# buildah push imageID docker://registry.example.com/repository:tag`
 
+This example extracts the imageID image to a private container registry named registry.example.com with authentication from /tmp/auths/myauths.json.
+
+ `# buildah push --authfile /tmp/auths/myauths.json imageID docker://registry.example.com/repository:tag`
+
 This example extracts the imageID image and puts into the local docker container store.
 
  `# buildah push imageID docker-daemon:image:tag`
@@ -95,4 +104,4 @@ This example extracts the imageID image and puts it into the registry on the loc
  `# buildah push --cert-dir ~/auth --tls-verify=true --creds=username:password imageID docker://localhost:5000/my-imageID`
 
 ## SEE ALSO
-buildah(1)
+buildah(1) kpod-login(1)

imagebuildah/build.go

@@ -105,6 +105,7 @@ type BuildOptions struct {
 	// configuration data.
 	// Accepted values are OCIv1ImageFormat and Dockerv2ImageFormat.
 	OutputFormat string
+	AuthFilePath string
 }
 
 // Executor is a buildah-based implementation of the imagebuilder.Executor
@@ -138,11 +139,14 @@ type Executor struct {
 	reportWriter                   io.Writer
 }
 
-func makeSystemContext(signaturePolicyPath string, skipTLSVerify bool) *types.SystemContext {
+func makeSystemContext(signaturePolicyPath, authFilePath string, skipTLSVerify bool) *types.SystemContext {
 	sc := &types.SystemContext{}
 	if signaturePolicyPath != "" {
 		sc.SignaturePolicyPath = signaturePolicyPath
 	}
+	if authFilePath != "" {
+		sc.AuthFilePath = authFilePath
+	}
 	sc.DockerInsecureSkipTLSVerify = skipTLSVerify
 	return sc
 }
@@ -423,7 +427,7 @@ func NewExecutor(store storage.Store, options BuildOptions) (*Executor, error) {
 		outputFormat:        options.OutputFormat,
 		additionalTags:      options.AdditionalTags,
 		signaturePolicyPath: options.SignaturePolicyPath,
-		systemContext:       makeSystemContext(options.SignaturePolicyPath, options.SkipTLSVerify),
+		systemContext:       makeSystemContext(options.SignaturePolicyPath, options.AuthFilePath, options.SkipTLSVerify),
 		volumeCache:         make(map[string]string),
 		volumeCacheInfo:     make(map[string]os.FileInfo),
 		log:                 options.Log,

new.go

@@ -2,6 +2,7 @@ package buildah
 
 import (
 	"fmt"
+	"os"
 	"strings"
 
 	is "github.com/containers/image/storage"
@@ -40,7 +41,9 @@ func reserveSELinuxLabels(store storage.Store, id string) error {
 			} else {
 				b, err := OpenBuilder(store, c.ID)
 				if err != nil {
-					if err == storage.ErrContainerUnknown {
+					if os.IsNotExist(err) {
+						// Ignore not exist errors since containers probably created by other tool
+						// TODO, we need to read other containers json data to reserve their SELinux labels
 						continue
 					}
 					return err