Optionally add back privileged extraction which can be enabled with
LUET_PRIVILEGED_EXTRACT=true
Signed-off-by: Ettore Di Giacinto <mudler@sabayon.org>
This switches from using the containerd snapshotter to go-containerregistry
library which requires no additional privileges beyond root file system
access.
Signed-off-by: Ettore Di Giacinto <mudler@sabayon.org>
* Reduce possibility of circular dependency
Just by adding an import for bus to anything in the helper dir, we would
run into a circular dependency due to how things are structured. That
means that we cannot set any events for unpacking or docker helper
pulling an image.
This commit tries to work around this by doing several things.
- Remove full imports of the helper module by segmentating some modules
into their own submodule, like docker or match so just using a small match
function doesnt bring the whole module
- Removing a simple function to check if a dir exists from importing
the full helper module and instead write the function (5 lines)
- Using logrus in the bus module instead of logger, which avoids a
circular dependency
Signed-off-by: Itxaka <igarcia@suse.com>
* Add two new events for unpacking an image
Both pre and post unpacking an image
Signed-off-by: Itxaka <igarcia@suse.com>
Distinguish rather if we should generate artifact of the deps of a
package or not, and ensure that we just force artifact generation for
targets when computing the join image.
Fixes#217
Don't force push package metadata with docker repository.
We were pushing regardless .metadata.yaml files even if packages were
not, also when calling create-repo without --force-push.
A new keyword `join` is introduced to generate the parent image. It
takes precedence over a `requires` or a `image` already defined in a
spec.
It will generate all the artifacts from the packages listed and join
them in a single image which will be used as parent for the package
build process.
This is a change which invalidates priorly generated hashes.
Fixes#173
Implement multi-stage copy from images part of the build cache of a
package.
Note, this is not the final images where are we copying files from, but
the underlying build container.
Skipping the test on img backend because it fails when pulling external
images during multi-stage build...
Fixes#190
While uninstalling, we weren't checking if we left any empty dir behind.
Now we walk the full path to the file in the artifact, and check each
subdir if it's empty. If it is, we delete it as it is claimed by the
package
before, without --only-target-package, we were forcing to build the
images locally. Now we extend it also to that use-case.
Also revisit how we pass by the builder image hash, so it's easier to
read.
This change also re-enables tagging and bulding builder images all the
times.
Previously, we regressed into not tagging build images coming out-of-the
tree, with the unpleasant side-effect of not be able to re-build the
same artifacts for those leaf packages.
- Fixup search path on metadata spec load. Previously we were reading
the package being passed, and not the one resolved (it failed against
selectors)
- Do inherit first pushrepositories, so they take precedence over pull
- Add test cases to cover build values interpolation by remote
repositories
- Enhance test cases to check image cache repository inheritance when
--from-repositories is passed
- Fix race condition when inheriting buildspec options: Instead of consuming the compiler one, annotate the updates in the
package BuildOption spec which is passed by
- Update vendor
This was a regression in those changeset, don't replicate the info, and
at the same time, write the artifact path containing the name of the
file only (excluding the path)
- Interpolates values from the repositories compilespec if present
- Automatically merge cache images coming from specified repository when
necessary
Fixes#194
Adds a new cli flag to luet build `--pull-repository` which allows to
pass-by a list of docker image references which are used to pull the
cache from
Fixes#185Fixes#184Closes#161
Contact the notary server if ```--verify``` is specified (or `verify:
true` is enabled on the repo config) and verify if the image is signed,
use the returned value to pull the verified image.
Create a util sub cmd to add all utils that are handy for development
and already present in the luet codebase. We expose in this case `luet
util unpack` to unpack a docker image without a docker daemon running.
Also make possible to retrieve the artifact when searching for matches
between repositories list. This made possible to show the package list
when calling `luet search`.
'COPY *' has a different behavior than 'COPY .' - when regexes are
involved, COPY behave differently, by unpacking directory content to the
root.
Enhance unit test to cover the scenario as well
We used to create dockerfiles blindly assuming there is content, but
that's not the case for virtual packages.
Due to https://github.com/moby/moby/issues/38039 we are forced for a
"unpleasant" workaround, as we can't create empty FROM scratch images
and export them.
The realtime output could be configured through
LUET_GENERAL__SHOW_BUILD_OUTPUT environment
variable or related config option or through
`--live-output` option.
This commit removes the Domain Name, if any, from the cached image
reference before computing the image fingerprint. This way the same
image, if stored in some oter mirror, is still seen as the same one.
Fixes#158
CopyFile relies on copy.Copy from https://github.com/otiai10/copy which
doesn't handle named pipes copy. Handle it here until
https://github.com/otiai10/copy/issues/47 is fixed.
This causes luet to hang while copying packages that have named pipes in
it.
Also invert compression argument for gzip, it causes slowliness.
The backend will figure out if we have the image or not, otherwise will
atempt to pull if not there.
Skip retrieve integration test with img as its not supported.
This changeset also drops --keep-exported-images, which is quite unused
and can be replaced with a plugin, or either by manually exporting the
resulting images.
