Bump to v0.8

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

Closes: #333
Approved by: TomSweeneyRedHat

add.go

@@ -59,7 +59,7 @@ func addURL(destination, srcurl string) error {
 // filesystem, optionally extracting contents of local files that look like
 // non-empty archives.
 func (b *Builder) Add(destination string, extract bool, source ...string) error {
-	mountPoint, err := b.Mount("")
+	mountPoint, err := b.Mount(b.MountLabel)
 	if err != nil {
 		return err
 	}

buildah.go

@@ -20,7 +20,7 @@ const (
 	// identify working containers.
 	Package = "buildah"
 	// Version for the Package
-	Version = "0.7"
+	Version = "0.8"
 	// The value we use to identify what type of information, currently a
 	// serialized Builder structure, we are using as per-container state.
 	// This should only be changed when we make incompatible changes to

cmd/buildah/mount.go

@@ -46,7 +46,7 @@ func mountCmd(c *cli.Context) error {
 		if err != nil {
 			return errors.Wrapf(err, "error reading build container %q", name)
 		}
-		mountPoint, err := builder.Mount("")
+		mountPoint, err := builder.Mount(builder.MountLabel)
 		if err != nil {
 			return errors.Wrapf(err, "error mounting %q container %q", name, builder.Container)
 		}

docs/buildah-bud.md

@@ -16,8 +16,8 @@ to a temporary location.
 
 **--authfile** *path*
 
-Path of the authentication file. Default is ${XDG_RUNTIME_DIR}/containers/auth.json
-which is set using `kpod login`
+Path of the authentication file. Default is ${XDG_RUNTIME\_DIR}/containers/auth.json, which is set using `kpod login`.
+If the authorization state is not found there, $HOME/.docker/config.json is checked, which is set using `docker login`.
 
 **--build-arg** *arg=value*
 
@@ -98,4 +98,4 @@ buildah bud --tls-verify=true -t imageName -f Dockerfile.simple
 buildah bud --tls-verify=false -t imageName .
 
 ## SEE ALSO
-buildah(1) kpod-login(1)
+buildah(1), kpod-login(1), docker-login(1)

docs/buildah-from.md

@@ -17,7 +17,7 @@ Multiple transports are supported:
   An existing local directory _path_ retrieving the manifest, layer tarballs and signatures as individual files. This is a non-standardized format, primarily useful for debugging or noninvasive container inspection.
 
   **docker://**_docker-reference_ (Default)
-  An image in a registry implementing the "Docker Registry HTTP API V2". By default, uses the authorization state in `$XDG_RUNTIME_DIR/containers/auth.json`, which is set e.g. using `(kpod login)`.
+  An image in a registry implementing the "Docker Registry HTTP API V2". By default, uses the authorization state in `$XDG_RUNTIME_DIR/containers/auth.json`, which is set using `(kpod login)`. If the authorization state is not found there, `$HOME/.docker/config.json` is checked, which is set using `(docker login)`.
 
   **docker-archive:**_path_
   An image is retrieved as a `docker load` formatted file.
@@ -38,8 +38,8 @@ The container ID of the container that was created.  On error, -1 is returned an
 
 **--authfile** *path*
 
-Path of the authentication file. Default is ${XDG_RUNTIME_DIR}/containers/auth.json
-which is set using `kpod login`
+Path of the authentication file. Default is ${XDG_RUNTIME\_DIR}/containers/auth.json, which is set using `kpod login`.
+If the authorization state is not found there, $HOME/.docker/config.json is checked, which is set using `docker login`.
 
 **--cert-dir** *path*
 
@@ -94,4 +94,4 @@ buildah from myregistry/myrepository/imagename:imagetag --creds=myusername:mypas
 buildah from myregistry/myrepository/imagename:imagetag --authfile=/tmp/auths/myauths.json
 
 ## SEE ALSO
-buildah(1) kpod-login(1)
+buildah(1), kpod-login(1), docker-login(1)

docs/buildah-push.md

@@ -24,7 +24,7 @@ Image stored in local container/storage
   An existing local directory _path_ storing the manifest, layer tarballs and signatures as individual files. This is a non-standardized format, primarily useful for debugging or noninvasive container inspection.
 
   **docker://**_docker-reference_
-  An image in a registry implementing the "Docker Registry HTTP API V2". By default, uses the authorization state in `$XDG_RUNTIME_DIR/containers/auth.json`, which is set e.g. using `(kpod login)`.
+  An image in a registry implementing the "Docker Registry HTTP API V2". By default, uses the authorization state in `$XDG_RUNTIME_DIR/containers/auth.json`, which is set using `(kpod login)`. If the authorization state is not found there, `$HOME/.docker/config.json` is checked, which is set using `(docker login)`.
 
   **docker-archive:**_path_[**:**_docker-reference_]
   An image is stored in the `docker save` formatted file.  _docker-reference_ is only used when creating such a file, and it must not contain a digest.
@@ -42,8 +42,8 @@ Image stored in local container/storage
 
 **--authfile** *path*
 
-Path of the authentication file. Default is ${XDG_RUNTIME_DIR}/containers/auth.json
-which is set using `kpod login`
+Path of the authentication file. Default is ${XDG_RUNTIME\_DIR}/containers/auth.json, which is set using `kpod login`.
+If the authorization state is not found there, $HOME/.docker/config.json is checked, which is set using `docker login`.
 
 **--cert-dir** *path*
 
@@ -104,4 +104,4 @@ This example extracts the imageID image and puts it into the registry on the loc
  `# buildah push --cert-dir ~/auth --tls-verify=true --creds=username:password imageID docker://localhost:5000/my-imageID`
 
 ## SEE ALSO
-buildah(1) kpod-login(1)
+buildah(1), kpod-login(1), docker-login(1)

imagebuildah/build.go

@@ -521,7 +521,7 @@ func (b *Executor) Prepare(ib *imagebuilder.Builder, node *parser.Node, from str
 		}
 		return errors.Wrapf(err, "error updating build context")
 	}
-	mountPoint, err := builder.Mount("")
+	mountPoint, err := builder.Mount(builder.MountLabel)
 	if err != nil {
 		if err2 := builder.Delete(); err2 != nil {
 			logrus.Debugf("error deleting container which we failed to mount: %v", err2)

run.go

@@ -208,6 +208,28 @@ func (b *Builder) Run(command []string, options RunOptions) error {
 			logrus.Errorf("error unmounting container: %v", err2)
 		}
 	}()
+	for _, mp := range []string{
+		"/proc/kcore",
+		"/proc/latency_stats",
+		"/proc/timer_list",
+		"/proc/timer_stats",
+		"/proc/sched_debug",
+		"/proc/scsi",
+		"/sys/firmware",
+	} {
+		g.AddLinuxMaskedPaths(mp)
+	}
+
+	for _, rp := range []string{
+		"/proc/asound",
+		"/proc/bus",
+		"/proc/fs",
+		"/proc/irq",
+		"/proc/sys",
+		"/proc/sysrq-trigger",
+	} {
+		g.AddLinuxReadonlyPaths(rp)
+	}
 	g.SetRootPath(mountPoint)
 	switch options.Terminal {
 	case DefaultTerminal:

tests/test_buildah_authentication.sh

@@ -1,10 +1,18 @@
 #!/bin/bash
 # test_buildah_authentication
 # A script to be run at the command line with Buildah installed.
+# This currently needs to be run as root and Docker must be
+# installed on the system.
 # This will test the code and should be run with this command:
 #
 # /bin/bash -v test_buildah_authentication.sh
 
+########
+# System setup - dir for creds and start docker
+########
+mkdir -p /root/auth
+systemctl restart docker
+
 ########
 # Create creds and store in /root/auth/htpasswd
 ########

tests/test_buildah_baseline.sh

@@ -0,0 +1,193 @@
+#!/bin/bash
+# test_buildah_baseline.sh 
+# A script to be run at the command line with Buildah installed.
+# This should be run against a new kit to provide base level testing
+# on a freshly installed machine with no images or containers in 
+# play.  This currently needs to be run as root.
+#
+# Commands based on the tutorial provided by William Henry.
+#
+# To run this command:
+#
+# /bin/bash -v test_buildah_baseline.sh 
+
+########
+# Next two commands should return blanks 
+########
+buildah images
+buildah containers
+
+########
+# Create Fedora based container
+########
+container=$(buildah from fedora)
+echo $container
+
+########
+# Run container and display contents in /etc 
+########
+buildah run $container -- ls -alF /etc
+
+########
+# Run Java in the container - should FAIL
+########
+buildah run $container java
+
+########
+# Install java onto the container
+########
+buildah run $container -- dnf -y install java
+
+########
+# Run Java in the container - should show java usage
+########
+buildah run $container java
+
+########
+# Create a scratch container 
+########
+newcontainer=$(buildah from scratch)
+
+########
+# Check and find two containers
+########
+buildah containers
+
+########
+# Check images, no "scratch" image
+########
+buildah images
+
+########
+# Run the container - should FAIL
+########
+buildah run $newcontainer bash
+
+########
+# Mount the container's root file system
+########
+scratchmnt=$(buildah mount $newcontainer)
+
+########
+# Show the location, should be /var/lib/containers/storage/overlay/{id}/dif
+########
+echo $scratchmnt
+
+########
+# Install Fedora 26 bash and coreutils
+########
+dnf install --installroot $scratchmnt --release 26 bash coreutils --setopt install_weak_deps=false -y
+
+########
+# Check /usr/bin on the new container
+########
+buildah run $newcontainer -- ls -alF /usr/bin
+
+########
+# Create shell script to test on
+########
+FILE=./runecho.sh
+/bin/cat <<EOM >$FILE
+#!/bin/bash
+for i in {1..9};
+do
+    echo "This is a new container from ipbabble [" $i "]"
+done
+EOM
+chmod +x $FILE
+
+########
+# Copy and run file on scratch container 
+########
+buildah copy $newcontainer $FILE /usr/bin
+buildah config --cmd /usr/bin/runecho.sh $newcontainer
+buildah run $newcontainer
+
+########
+# Add configuration information
+########
+buildah config --created-by "ipbabble"  $newcontainer
+buildah config --author "wgh at redhat.com @ipbabble" --label name=fedora26-bashecho $newcontainer
+
+########
+# Inspect the container, verifying above was put into it
+########
+buildah inspect $newcontainer
+
+########
+# Unmount the container
+########
+buildah unmount $newcontainer
+
+########
+# Commit the image
+########
+buildah commit $newcontainer fedora-bashecho
+
+########
+# Check the images there should be a fedora-basecho:latest image
+########
+buildah images
+
+########
+# Inspect the fedora-baseecho image
+########
+buildah inspect --type=image fedora-bashecho
+
+########
+# Remove the container
+########
+buildah rm $newcontainer
+
+########
+# Install Docker, but not for long!
+########
+dnf -y install docker
+systemctl start docker
+
+########
+# Push fedora-basecho to the Docker daemon 
+########
+buildah push fedora-bashecho docker-daemon:fedora-bashecho:latest
+
+########
+# Run fedora-bashecho from Docker
+########
+docker run fedoara-baseecho
+
+########
+# Time to remove Docker
+########
+dnf -y remove docker
+
+########
+# Build Dockerfile
+########
+FILE=./Dockerfile
+/bin/cat <<EOM >$FILE
+FROM docker/whalesay:latest
+RUN apt-get -y update && apt-get install -y fortunes
+CMD /usr/games/fortune -a | cowsay
+EOM
+chmod +x $FILE
+
+########
+# Build with the Dockerfile
+########
+buildah bud -f Dockerfile -t whale-says 
+
+########
+# Create a whalesays container 
+########
+whalesays=$(buildah from whale-says)
+
+########
+# Run the container to see what the whale says
+########
+buildah run $whalesays
+
+########
+# Clean up Buildah
+########
+buildah rm $(buildah containers -q)
+buildah rmi -f $(buildah --debug=false images -q)