buildah

package module
v1.35.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 29, 2024 License: Apache-2.0 Imports: 102 Imported by: 88

README

buildah logo (light) buildah logo (dark)

Buildah - a tool that facilitates building Open Container Initiative (OCI) container images

Go Report Card

The Buildah package provides a command line tool that can be used to

  • create a working container, either from scratch or using an image as a starting point
  • create an image, either from a working container or via the instructions in a Dockerfile
  • images can be built in either the OCI image format or the traditional upstream docker image format
  • mount a working container's root filesystem for manipulation
  • unmount a working container's root filesystem
  • use the updated contents of a container's root filesystem as a filesystem layer to create a new image
  • delete a working container or an image
  • rename a local container

Buildah Information for Developers

For blogs, release announcements and more, please checkout the buildah.io website!

Buildah Demos

Changelog

Contributing

Development Plan

Installation notes

Troubleshooting Guide

Tutorials

Buildah and Podman relationship

Buildah and Podman are two complementary open-source projects that are available on most Linux platforms and both projects reside at GitHub.com with Buildah here and Podman here. Both, Buildah and Podman are command line tools that work on Open Container Initiative (OCI) images and containers. The two projects differentiate in their specialization.

Buildah specializes in building OCI images. Buildah's commands replicate all of the commands that are found in a Dockerfile. This allows building images with and without Dockerfiles while not requiring any root privileges. Buildah’s ultimate goal is to provide a lower-level coreutils interface to build images. The flexibility of building images without Dockerfiles allows for the integration of other scripting languages into the build process. Buildah follows a simple fork-exec model and does not run as a daemon but it is based on a comprehensive API in golang, which can be vendored into other tools.

Podman specializes in all of the commands and functions that help you to maintain and modify OCI images, such as pulling and tagging. It also allows you to create, run, and maintain those containers created from those images. For building container images via Dockerfiles, Podman uses Buildah's golang API and can be installed independently from Buildah.

A major difference between Podman and Buildah is their concept of a container. Podman allows users to create "traditional containers" where the intent of these containers is to be long lived. While Buildah containers are really just created to allow content to be added back to the container image. An easy way to think of it is the buildah run command emulates the RUN command in a Dockerfile while the podman run command emulates the docker run command in functionality. Because of this and their underlying storage differences, you can not see Podman containers from within Buildah or vice versa.

In short, Buildah is an efficient way to create OCI images while Podman allows you to manage and maintain those images and containers in a production environment using familiar container cli commands. For more details, see the Container Tools Guide.

Example

From ./examples/lighttpd.sh:

$ cat > lighttpd.sh <<"EOF"
#!/usr/bin/env bash

set -x

ctr1=$(buildah from "${1:-fedora}")

## Get all updates and install our minimal httpd server
buildah run "$ctr1" -- dnf update -y
buildah run "$ctr1" -- dnf install -y lighttpd

## Include some buildtime annotations
buildah config --annotation "com.example.build.host=$(uname -n)" "$ctr1"

## Run our server and expose the port
buildah config --cmd "/usr/sbin/lighttpd -D -f /etc/lighttpd/lighttpd.conf" "$ctr1"
buildah config --port 80 "$ctr1"

## Commit this container to an image name
buildah commit "$ctr1" "${2:-$USER/lighttpd}"
EOF

$ chmod +x lighttpd.sh
$ ./lighttpd.sh

Commands

Command Description
buildah-add(1) Add the contents of a file, URL, or a directory to the container.
buildah-build(1) Build an image using instructions from Containerfiles or Dockerfiles.
buildah-commit(1) Create an image from a working container.
buildah-config(1) Update image configuration settings.
buildah-containers(1) List the working containers and their base images.
buildah-copy(1) Copies the contents of a file, URL, or directory into a container's working directory.
buildah-from(1) Creates a new working container, either from scratch or using a specified image as a starting point.
buildah-images(1) List images in local storage.
buildah-info(1) Display Buildah system information.
buildah-inspect(1) Inspects the configuration of a container or image.
buildah-mount(1) Mount the working container's root filesystem.
buildah-pull(1) Pull an image from the specified location.
buildah-push(1) Push an image from local storage to elsewhere.
buildah-rename(1) Rename a local container.
buildah-rm(1) Removes one or more working containers.
buildah-rmi(1) Removes one or more images.
buildah-run(1) Run a command inside of the container.
buildah-tag(1) Add an additional name to a local image.
buildah-umount(1) Unmount a working container's root file system.
buildah-unshare(1) Launch a command in a user namespace with modified ID mappings.
buildah-version(1) Display the Buildah Version Information

Future goals include:

  • more CI tests
  • additional CLI commands (?)

Documentation

Index

Constants

View Source 
const (
	// Package is the name of this package, used in help output and to
	// identify working containers.
	Package = define.Package
	// Version for the Package.
	Version = define.Version
)
View Source 
const (
	// PullIfMissing is one of the values that BuilderOptions.PullPolicy
	// can take, signalling that the source image should be pulled from a
	// registry if a local copy of it is not already present.
	PullIfMissing = define.PullIfMissing
	// PullAlways is one of the values that BuilderOptions.PullPolicy can
	// take, signalling that a fresh, possibly updated, copy of the image
	// should be pulled from a registry before the build proceeds.
	PullAlways = define.PullAlways
	// PullIfNewer is one of the values that BuilderOptions.PullPolicy
	// can take, signalling that the source image should only be pulled
	// from a registry if a local copy is not already present or if a
	// newer version the image is present on the repository.
	PullIfNewer = define.PullIfNewer
	// PullNever is one of the values that BuilderOptions.PullPolicy can
	// take, signalling that the source image should not be pulled from a
	// registry if a local copy of it is not already present.
	PullNever = define.PullNever
)
View Source 
const (
	// NetworkDefault is one of the values that BuilderOptions.ConfigureNetwork
	// can take, signalling that the default behavior should be used.
	NetworkDefault = define.NetworkDefault
	// NetworkDisabled is one of the values that BuilderOptions.ConfigureNetwork
	// can take, signalling that network interfaces should NOT be configured for
	// newly-created network namespaces.
	NetworkDisabled = define.NetworkDisabled
	// NetworkEnabled is one of the values that BuilderOptions.ConfigureNetwork
	// can take, signalling that network interfaces should be configured for
	// newly-created network namespaces.
	NetworkEnabled = define.NetworkEnabled
)
View Source 
const (
	// OCI used to define the "oci" image format
	OCI = define.OCI
	// DOCKER used to define the "docker" image format
	DOCKER = define.DOCKER
)
View Source 
const (
	// OCIv1ImageManifest is the MIME type of an OCIv1 image manifest,
	// suitable for specifying as a value of the PreferredManifestType
	// member of a CommitOptions structure.  It is also the default.
	OCIv1ImageManifest = define.OCIv1ImageManifest
	// Dockerv2ImageManifest is the MIME type of a Docker v2s2 image
	// manifest, suitable for specifying as a value of the
	// PreferredManifestType member of a CommitOptions structure.
	Dockerv2ImageManifest = define.Dockerv2ImageManifest
)
View Source 
const (
	// IsolationDefault is whatever we think will work best.
	IsolationDefault = define.IsolationDefault
	// IsolationOCI is a proper OCI runtime.
	IsolationOCI = define.IsolationOCI
	// IsolationChroot is a more chroot-like environment: less isolation,
	// but with fewer requirements.
	IsolationChroot = define.IsolationChroot
	// IsolationOCIRootless is a proper OCI runtime in rootless mode.
	IsolationOCIRootless = define.IsolationOCIRootless
)
View Source 
const (
	// BaseImageFakeName is the "name" of a source image which we interpret
	// as "no image".
	BaseImageFakeName = imagebuilder.NoBaseImageSpecifier
)
View Source 
const (
	// BuilderIdentityAnnotation is the name of the annotation key containing
	// the name and version of the producer of the image stored as an
	// annotation on commit.
	BuilderIdentityAnnotation = "io.buildah.version"
)

Variables

This section is empty.

Functions

func CWConvertImage added in v1.32.0 

func CWConvertImage(ctx context.Context, systemContext *types.SystemContext, store storage.Store, options CWConvertImageOptions) (string, reference.Canonical, digest.Digest, error)

CWConvertImage takes the rootfs and configuration from one image, generates a LUKS-encrypted disk image that more or less includes them both, and puts the result into a new container image. Returns the new image's ID and digest on success, along with a canonical reference for it if a repository name was specified.

func DefaultNamespaceOptions added in v1.7.1 

func DefaultNamespaceOptions() (define.NamespaceOptions, error)

DefaultNamespaceOptions returns the default namespace settings from the runtime-tools generator library.

func InitReexec 

func InitReexec() bool

InitReexec is a wrapper for reexec.Init(). It should be called at the start of main(), and if it returns true, main() should return immediately.

func IsContainer added in v1.16.0 

func IsContainer(id string, store storage.Store) (bool, error)

IsContainer identifies if the specified container id is a buildah container in the specified store.

func Pull added in v1.7.1 

func Pull(ctx context.Context, imageName string, options PullOptions) (imageID string, err error)

Pull copies the contents of the image from somewhere else to local storage. Returns the ID of the local image or an error.

func Push 

func Push(ctx context.Context, image string, dest types.ImageReference, options PushOptions) (reference.Canonical, digest.Digest, error)

Push copies the contents of the image to a new location.

func ReserveSELinuxLabels added in v1.7.1 

func ReserveSELinuxLabels(store storage.Store, id string) error

ReserveSELinuxLabels reads containers storage and reserves SELinux contexts which are already being used by buildah containers.

Types

type AddAndCopyOptions 

type AddAndCopyOptions struct {
	//Chmod sets the access permissions of the destination content.
	Chmod string
	// Chown is a spec for the user who should be given ownership over the
	// newly-added content, potentially overriding permissions which would
	// otherwise be set to 0:0.
	Chown string
	// Checksum is a standard container digest string (e.g. <algorithm>:<digest>)
	// and is the expected hash of the content being copied.
	Checksum string
	// PreserveOwnership, if Chown is not set, tells us to avoid setting
	// ownership of copied items to 0:0, instead using whatever ownership
	// information is already set.  Not meaningful for remote sources or
	// local archives that we extract.
	PreserveOwnership bool
	// All of the data being copied will pass through Hasher, if set.
	// If the sources are URLs or files, their contents will be passed to
	// Hasher.
	// If the sources include directory trees, Hasher will be passed
	// tar-format archives of the directory trees.
	Hasher io.Writer
	// Excludes is the contents of the .containerignore file.
	Excludes []string
	// IgnoreFile is the path to the .containerignore file.
	IgnoreFile string
	// ContextDir is the base directory for content being copied and
	// Excludes patterns.
	ContextDir string
	// ID mapping options to use when contents to be copied are part of
	// another container, and need ownerships to be mapped from the host to
	// that container's values before copying them into the container.
	IDMappingOptions *define.IDMappingOptions
	// DryRun indicates that the content should be digested, but not actually
	// copied into the container.
	DryRun bool
	// Clear the setuid bit on items being copied.  Has no effect on
	// archives being extracted, where the bit is always preserved.
	StripSetuidBit bool
	// Clear the setgid bit on items being copied.  Has no effect on
	// archives being extracted, where the bit is always preserved.
	StripSetgidBit bool
	// Clear the sticky bit on items being copied.  Has no effect on
	// archives being extracted, where the bit is always preserved.
	StripStickyBit bool
}

AddAndCopyOptions holds options for add and copy commands.

type Builder 

type Builder struct {

	// Logger is the logrus logger to write log messages with
	Logger *logrus.Logger `json:"-"`

	// Args define variables that users can pass at build-time to the builder
	Args map[string]string
	// Type is used to help identify a build container's metadata.  It
	// should not be modified.
	Type string `json:"type"`
	// FromImage is the name of the source image which was used to create
	// the container, if one was used.  It should not be modified.
	FromImage string `json:"image,omitempty"`
	// FromImageID is the ID of the source image which was used to create
	// the container, if one was used.  It should not be modified.
	FromImageID string `json:"image-id"`
	// FromImageDigest is the digest of the source image which was used to
	// create the container, if one was used.  It should not be modified.
	FromImageDigest string `json:"image-digest"`
	// Config is the source image's configuration.  It should not be
	// modified.
	Config []byte `json:"config,omitempty"`
	// Manifest is the source image's manifest.  It should not be modified.
	Manifest []byte `json:"manifest,omitempty"`

	// Container is the name of the build container.  It should not be modified.
	Container string `json:"container-name,omitempty"`
	// ContainerID is the ID of the build container.  It should not be modified.
	ContainerID string `json:"container-id,omitempty"`
	// MountPoint is the last location where the container's root
	// filesystem was mounted.  It should not be modified.
	MountPoint string `json:"mountpoint,omitempty"`
	// ProcessLabel is the SELinux process label associated with the container
	ProcessLabel string `json:"process-label,omitempty"`
	// MountLabel is the SELinux mount label associated with the container
	MountLabel string `json:"mount-label,omitempty"`

	// ImageAnnotations is a set of key-value pairs which is stored in the
	// image's manifest.
	ImageAnnotations map[string]string `json:"annotations,omitempty"`
	// ImageCreatedBy is a description of how this container was built.
	ImageCreatedBy string `json:"created-by,omitempty"`
	// ImageHistoryComment is a description of how our added layers were built.
	ImageHistoryComment string `json:"history-comment,omitempty"`

	// Image metadata and runtime settings, in multiple formats.
	OCIv1  v1.Image       `json:"ociv1,omitempty"`
	Docker docker.V2Image `json:"docker,omitempty"`
	// DefaultMountsFilePath is the file path holding the mounts to be mounted in "host-path:container-path" format.
	DefaultMountsFilePath string `json:"defaultMountsFilePath,omitempty"`

	// Isolation controls how we handle "RUN" statements and the Run() method.
	Isolation define.Isolation
	// NamespaceOptions controls how we set up the namespaces for processes that we run in the container.
	NamespaceOptions define.NamespaceOptions
	// ConfigureNetwork controls whether or not network interfaces and
	// routing are configured for a new network namespace (i.e., when not
	// joining another's namespace and not just using the host's
	// namespace), effectively deciding whether or not the process has a
	// usable network.
	ConfigureNetwork define.NetworkConfigurationPolicy
	// CNIPluginPath is the location of CNI plugin helpers, if they should be
	// run from a location other than the default location.
	CNIPluginPath string
	// CNIConfigDir is the location of CNI configuration files, if the files in
	// the default configuration directory shouldn't be used.
	CNIConfigDir string

	// NetworkInterface is the libnetwork network interface used to setup CNI or netavark networks.
	NetworkInterface nettypes.ContainerNetwork `json:"-"`

	// GroupAdd is a list of groups to add to the primary process within
	// the container. 'keep-groups' allows container processes to use
	// supplementary groups.
	GroupAdd []string
	// ID mapping options to use when running processes in the container with non-host user namespaces.
	IDMappingOptions define.IDMappingOptions
	// Capabilities is a list of capabilities to use when running commands in the container.
	Capabilities []string
	// PrependedEmptyLayers are history entries that we'll add to a
	// committed image, after any history items that we inherit from a base
	// image, but before the history item for the layer that we're
	// committing.
	PrependedEmptyLayers []v1.History
	// AppendedEmptyLayers are history entries that we'll add to a
	// committed image after the history item for the layer that we're
	// committing.
	AppendedEmptyLayers []v1.History
	CommonBuildOpts     *define.CommonBuildOptions
	// TopLayer is the top layer of the image
	TopLayer string
	// Format for the build Image
	Format string
	// TempVolumes are temporary mount points created during container runs
	TempVolumes map[string]bool
	// ContentDigester counts the digest of all Add()ed content
	ContentDigester CompositeDigester
	// Devices are the additional devices to add to the containers
	Devices define.ContainerDevices
	// contains filtered or unexported fields
}

Builder objects are used to represent containers which are being used to build images. They also carry potential updates which will be applied to the image's configuration when the container's contents are used to build an image.

func ImportBuilder 

func ImportBuilder(ctx context.Context, store storage.Store, options ImportOptions) (*Builder, error)

ImportBuilder creates a new build configuration using an already-present container.

func ImportBuilderFromImage 

func ImportBuilderFromImage(ctx context.Context, store storage.Store, options ImportFromImageOptions) (*Builder, error)

ImportBuilderFromImage creates a new builder configuration using an image. The returned object can be modified and examined, but it can not be saved or committed because it is not associated with a working container.

func NewBuilder 

func NewBuilder(ctx context.Context, store storage.Store, options BuilderOptions) (*Builder, error)

NewBuilder creates a new build container.

func OpenAllBuilders 

func OpenAllBuilders(store storage.Store) (builders []*Builder, err error)

OpenAllBuilders loads all containers which have a state file that we use in their data directory, typically so that they can be listed.

func OpenBuilder 

func OpenBuilder(store storage.Store, container string) (*Builder, error)

OpenBuilder loads information about a build container given its name or ID.

func OpenBuilderByPath 

func OpenBuilderByPath(store storage.Store, path string) (*Builder, error)

OpenBuilderByPath loads information about a build container given a path to the container's root filesystem

func (*Builder) Add 

func (b *Builder) Add(destination string, extract bool, options AddAndCopyOptions, sources ...string) error

Add copies the contents of the specified sources into the container's root filesystem, optionally extracting contents of local files that look like non-empty archives.

func (*Builder) AddAppendedEmptyLayer added in v1.7.1 

func (b *Builder) AddAppendedEmptyLayer(created *time.Time, createdBy, author, comment string)

AddAppendedEmptyLayer adds an item to the history that we'll create when committing the image, after the history item that we'll use to describe the new layer that we're adding.

func (*Builder) AddPrependedEmptyLayer added in v1.7.1 

func (b *Builder) AddPrependedEmptyLayer(created *time.Time, createdBy, author, comment string)

AddPrependedEmptyLayer adds an item to the history that we'll create when committing the image, after any history we inherit from the base image, but before the history item that we'll use to describe the new layer that we're adding.

func (*Builder) AddVolume 

func (b *Builder) AddVolume(v string)

AddVolume adds a location to the image's list of locations which should be mounted from outside of the container when a container based on an image built from this container is run.

func (*Builder) Annotations 

func (b *Builder) Annotations() map[string]string

Annotations returns a set of key-value pairs from the image's manifest.

func (*Builder) Architecture 

func (b *Builder) Architecture() string

Architecture returns a name of the architecture on which the container, or a container built using an image built from this container, is intended to be run.

func (*Builder) CheckVolume added in v1.10.1 

func (b *Builder) CheckVolume(v string) bool

func (*Builder) ClearAnnotations 

func (b *Builder) ClearAnnotations()

ClearAnnotations removes all keys and their values from the image's manifest.

func (*Builder) ClearAppendedEmptyLayers added in v1.7.1 

func (b *Builder) ClearAppendedEmptyLayers()

ClearAppendedEmptyLayers clears the list of history entries that we'll add to the committed image after the entry for the layer that we're adding.

func (*Builder) ClearEnv 

func (b *Builder) ClearEnv()

ClearEnv removes all values from the set of environment strings which should be set when running commands in this container, or in a container built using an image built from this container.

func (*Builder) ClearLabels 

func (b *Builder) ClearLabels()

ClearLabels removes all keys and their values from the image's runtime configuration.

func (*Builder) ClearOSFeatures added in v1.26.0 

func (b *Builder) ClearOSFeatures()

ClearOSFeatures clears the list of features of the OS which the container, or a container built using an image built from this container, depends on the OS supplying.

func (*Builder) ClearOnBuild added in v1.7.1 

func (b *Builder) ClearOnBuild()

ClearOnBuild removes all values from the OnBuild structure

func (*Builder) ClearPorts 

func (b *Builder) ClearPorts()

ClearPorts empties the set of ports which should be exposed when a container based on an image built from this container is run.

func (*Builder) ClearPrependedEmptyLayers added in v1.7.1 

func (b *Builder) ClearPrependedEmptyLayers()

ClearPrependedEmptyLayers clears the list of history entries that we'll add to the committed image before the entry for the layer that we're adding.

func (*Builder) ClearVolumes 

func (b *Builder) ClearVolumes()

ClearVolumes removes all locations from the image's list of locations which should be mounted from outside of the container when a container based on an image built from this container is run.

func (*Builder) Cmd 

func (b *Builder) Cmd() []string

Cmd returns the default command, or command parameters if an Entrypoint is set, to use when running a container built from an image built from this container.

func (*Builder) Comment added in v1.7.1 

func (b *Builder) Comment() string

Comment returns the comment which will be set in the container and in containers built using images built from the container

func (*Builder) Commit 

func (b *Builder) Commit(ctx context.Context, dest types.ImageReference, options CommitOptions) (string, reference.Canonical, digest.Digest, error)

Commit writes the contents of the container, along with its updated configuration, to a new image in the specified location, and if we know how, add any additional tags that were specified. Returns the ID of the new image if commit was successful and the image destination was local.

func (*Builder) CreatedBy 

func (b *Builder) CreatedBy() string

CreatedBy returns a description of how this image was built.

func (*Builder) Delete 

func (b *Builder) Delete() error

Delete removes the working container. The buildah.Builder object should not be used after this method is called.

func (*Builder) Domainname 

func (b *Builder) Domainname() string

Domainname returns the domainname which will be set in the container and in containers built using images built from the container.

func (*Builder) EnsureContainerPathAs added in v1.25.1 

func (b *Builder) EnsureContainerPathAs(path, user string, mode *os.FileMode) error

EnsureContainerPathAs creates the specified directory owned by USER with the file mode set to MODE.

func (*Builder) Entrypoint 

func (b *Builder) Entrypoint() []string

Entrypoint returns the command to be run for containers built from images built from this container.

func (*Builder) Env 

func (b *Builder) Env() []string

Env returns a list of key-value pairs to be set when running commands in the container, or in a container built using an image built from this container.

func (*Builder) ExtractRootfs added in v1.26.0 

func (b *Builder) ExtractRootfs(options CommitOptions, opts ExtractRootfsOptions) (io.ReadCloser, chan error, error)

Extract the container's whole filesystem as if it were a single layer from current builder instance

func (*Builder) Healthcheck added in v1.7.1 

func (b *Builder) Healthcheck() *docker.HealthConfig

Healthcheck returns information that recommends how a container engine should check if a running container is "healthy".

func (*Builder) HistoryComment added in v1.7.1 

func (b *Builder) HistoryComment() string

HistoryComment returns the comment which will be used in the history item which will describe the latest layer when we commit an image.

func (*Builder) Hostname 

func (b *Builder) Hostname() string

Hostname returns the hostname which will be set in the container and in containers built using images built from the container.

func (*Builder) Labels 

func (b *Builder) Labels() map[string]string

Labels returns a set of key-value pairs from the image's runtime configuration.

func (*Builder) Maintainer 

func (b *Builder) Maintainer() string

Maintainer returns contact information for the person who built the image.

func (*Builder) Mount 

func (b *Builder) Mount(label string) (string, error)

Mount mounts a container's root filesystem in a location which can be accessed from the host, and returns the location.

func (*Builder) Mounted added in v1.17.0 

func (b *Builder) Mounted() (bool, error)

Mounted returns whether the container is mounted or not

func (*Builder) OS 

func (b *Builder) OS() string

OS returns a name of the OS on which the container, or a container built using an image built from this container, is intended to be run.

func (*Builder) OSFeatures added in v1.26.0 

func (b *Builder) OSFeatures() []string

OSFeatures returns a list of OS features which the container, or a container built using an image built from this container, depends on the OS supplying.

func (*Builder) OSVersion added in v1.26.0 

func (b *Builder) OSVersion() string

OSVersion returns a version of the OS on which the container, or a container built using an image built from this container, is intended to be run.

func (*Builder) OnBuild added in v1.7.1 

func (b *Builder) OnBuild() []string

OnBuild returns the OnBuild value from the container.

func (*Builder) Ports 

func (b *Builder) Ports() []string

Ports returns the set of ports which should be exposed when a container based on an image built from this container is run.

func (*Builder) RemoveVolume 

func (b *Builder) RemoveVolume(v string)

RemoveVolume removes a location from the list of locations which should be mounted from outside of the container when a container based on an image built from this container is run.

func (*Builder) Run 

func (b *Builder) Run(command []string, options RunOptions) error

Run runs the specified command in the container's root filesystem.

func (*Builder) Save 

func (b *Builder) Save() error

Save saves the builder's current state to the build container's metadata. This should not need to be called directly, as other methods of the Builder object take care of saving their state.

func (*Builder) SetAnnotation 

func (b *Builder) SetAnnotation(key, value string)

SetAnnotation adds or overwrites a key's value from the image's manifest. Note: this setting is not present in the Docker v2 image format, so it is discarded when writing images using Docker v2 formats.

func (*Builder) SetArchitecture 

func (b *Builder) SetArchitecture(arch string)

SetArchitecture sets the name of the architecture on which the container, or a container built using an image built from this container, is intended to be run.

func (*Builder) SetCmd 

func (b *Builder) SetCmd(cmd []string)

SetCmd sets the default command, or command parameters if an Entrypoint is set, to use when running a container built from an image built from this container.

func (*Builder) SetComment added in v1.7.1 

func (b *Builder) SetComment(comment string)

SetComment sets the comment which will be set in the container and in containers built using images built from the container. Note: this setting is not present in the OCIv1 image format, so it is discarded when writing images using OCIv1 formats.

func (*Builder) SetCreatedBy 

func (b *Builder) SetCreatedBy(how string)

SetCreatedBy sets the description of how this image was built.

func (*Builder) SetDefaultMountsFilePath 

func (b *Builder) SetDefaultMountsFilePath(path string)

SetDefaultMountsFilePath sets the mounts file path for testing purposes

func (*Builder) SetDomainname 

func (b *Builder) SetDomainname(name string)

SetDomainname sets the domainname which will be set in the container and in containers built using images built from the container. Note: this setting is not present in the OCIv1 image format, so it is discarded when writing images using OCIv1 formats.

func (*Builder) SetEntrypoint 

func (b *Builder) SetEntrypoint(ep []string)

SetEntrypoint sets the command to be run for in containers built from images built from this container.

func (*Builder) SetEnv 

func (b *Builder) SetEnv(k string, v string)

SetEnv adds or overwrites a value to the set of environment strings which should be set when running commands in the container, or in a container built using an image built from this container.

func (*Builder) SetHealthcheck added in v1.7.1 

func (b *Builder) SetHealthcheck(config *docker.HealthConfig)

SetHealthcheck sets recommended commands to run in order to verify that a running container based on this image is "healthy", along with information specifying how often that test should be run, and how many times the test should fail before the container should be considered unhealthy. Note: this setting is not present in the OCIv1 image format, so it is discarded when writing images using OCIv1 formats.

func (*Builder) SetHistoryComment added in v1.7.1 

func (b *Builder) SetHistoryComment(comment string)

SetHistoryComment sets the comment which will be used in the history item which will describe the latest layer when we commit an image.

func (*Builder) SetHostname 

func (b *Builder) SetHostname(name string)

SetHostname sets the hostname which will be set in the container and in containers built using images built from the container. Note: this setting is not present in the OCIv1 image format, so it is discarded when writing images using OCIv1 formats.

func (*Builder) SetLabel 

func (b *Builder) SetLabel(k string, v string)

SetLabel adds or overwrites a key's value from the image's runtime configuration.

func (*Builder) SetMaintainer 

func (b *Builder) SetMaintainer(who string)

SetMaintainer sets contact information for the person who built the image.

func (*Builder) SetOS 

func (b *Builder) SetOS(os string)

SetOS sets the name of the OS on which the container, or a container built using an image built from this container, is intended to be run.

func (*Builder) SetOSFeature added in v1.26.0 

func (b *Builder) SetOSFeature(feature string)

SetOSFeature adds a feature of the OS which the container, or a container built using an image built from this container, depends on the OS supplying.

func (*Builder) SetOSVersion added in v1.26.0 

func (b *Builder) SetOSVersion(version string)

SetOSVersion sets the version of the OS on which the container, or a container built using an image built from this container, is intended to be run.

func (*Builder) SetOnBuild added in v1.7.1 

func (b *Builder) SetOnBuild(onBuild string)

SetOnBuild sets a trigger instruction to be executed when the image is used as the base of another image. Note: this setting is not present in the OCIv1 image format, so it is discarded when writing images using OCIv1 formats.

func (*Builder) SetPort 

func (b *Builder) SetPort(p string)

SetPort adds or overwrites an exported port in the set of ports which should be exposed when a container based on an image built from this container is run.

func (*Builder) SetShell 

func (b *Builder) SetShell(shell []string)

SetShell sets the default shell for running commands in the container, or in a container built using an image built from this container. Note: this setting is not present in the OCIv1 image format, so it is discarded when writing images using OCIv1 formats.

func (*Builder) SetStopSignal added in v1.7.1 

func (b *Builder) SetStopSignal(stopSignal string)

SetStopSignal sets the signal which will be set in the container and in containers built using images built from the container.

func (*Builder) SetUser 

func (b *Builder) SetUser(spec string)

SetUser sets information about the user as whom the container, or a container built using an image built from this container, should be run. Acceptable forms are a user name or ID, optionally followed by a colon and a group name or ID.

func (*Builder) SetVariant added in v1.24.0 

func (b *Builder) SetVariant(variant string)

SetVariant sets the name of the architecture variant on which the container, or a container built using an image built from this container, is intended to be run.

func (*Builder) SetWorkDir 

func (b *Builder) SetWorkDir(there string)

SetWorkDir sets the location of the default working directory for running commands in the container, or in a container built using an image built from this container.

func (*Builder) Shell 

func (b *Builder) Shell() []string

Shell returns the default shell for running commands in the container, or in a container built using an image built from this container.

func (*Builder) StopSignal added in v1.7.1 

func (b *Builder) StopSignal() string

StopSignal returns the signal which will be set in the container and in containers built using images built from the container

func (*Builder) Unmount 

func (b *Builder) Unmount() error

Unmount unmounts a build container.

func (*Builder) UnsetAnnotation 

func (b *Builder) UnsetAnnotation(key string)

UnsetAnnotation removes a key and its value from the image's manifest, if it's present.

func (*Builder) UnsetEnv 

func (b *Builder) UnsetEnv(k string)

UnsetEnv removes a value from the set of environment strings which should be set when running commands in this container, or in a container built using an image built from this container.

func (*Builder) UnsetLabel 

func (b *Builder) UnsetLabel(k string)

UnsetLabel removes a key and its value from the image's runtime configuration, if it's present.

func (*Builder) UnsetOSFeature added in v1.26.0 

func (b *Builder) UnsetOSFeature(feature string)

UnsetOSFeature removes a feature of the OS which the container, or a container built using an image built from this container, depends on the OS supplying.

func (*Builder) UnsetPort 

func (b *Builder) UnsetPort(p string)

UnsetPort removes an exposed port from the set of ports which should be exposed when a container based on an image built from this container is run.

func (*Builder) User 

func (b *Builder) User() string

User returns information about the user as whom the container, or a container built using an image built from this container, should be run.

func (*Builder) Variant added in v1.24.0 

func (b *Builder) Variant() string

Variant returns a name of the architecture variant on which the container, or a container built using an image built from this container, is intended to be run.

func (*Builder) Volumes 

func (b *Builder) Volumes() []string

Volumes returns a list of filesystem locations which should be mounted from outside of the container when a container built from an image built from this container is run.

func (*Builder) WorkDir 

func (b *Builder) WorkDir() string

WorkDir returns the default working directory for running commands in the container, or in a container built using an image built from this container.

type BuilderInfo 

type BuilderInfo struct {
	Type                  string
	FromImage             string
	FromImageID           string
	FromImageDigest       string
	GroupAdd              []string
	Config                string
	Manifest              string
	Container             string
	ContainerID           string
	MountPoint            string
	ProcessLabel          string
	MountLabel            string
	ImageAnnotations      map[string]string
	ImageCreatedBy        string
	OCIv1                 v1.Image
	Docker                docker.V2Image
	DefaultMountsFilePath string
	Isolation             string
	NamespaceOptions      define.NamespaceOptions
	Capabilities          []string
	ConfigureNetwork      string
	CNIPluginPath         string
	CNIConfigDir          string
	IDMappingOptions      define.IDMappingOptions
	History               []v1.History
	Devices               define.ContainerDevices
}

BuilderInfo are used as objects to display container information

func GetBuildInfo 

func GetBuildInfo(b *Builder) BuilderInfo

GetBuildInfo gets a pointer to a Builder object and returns a BuilderInfo object from it. This is used in the inspect command to display Manifest and Config as string and not []byte.

type BuilderOptions 

type BuilderOptions struct {
	// Args define variables that users can pass at build-time to the builder
	Args map[string]string
	// FromImage is the name of the image which should be used as the
	// starting point for the container.  It can be set to an empty value
	// or "scratch" to indicate that the container should not be based on
	// an image.
	FromImage string
	// ContainerSuffix is the suffix to add for generated container names
	ContainerSuffix string
	// Container is a desired name for the build container.
	Container string
	// PullPolicy decides whether or not we should pull the image that
	// we're using as a base image.  It should be PullIfMissing,
	// PullAlways, or PullNever.
	PullPolicy define.PullPolicy
	// Registry is a value which is prepended to the image's name, if it
	// needs to be pulled and the image name alone can not be resolved to a
	// reference to a source image.  No separator is implicitly added.
	Registry string
	// BlobDirectory is the name of a directory in which we'll attempt
	// to store copies of layer blobs that we pull down, if any.  It should
	// already exist.
	BlobDirectory string
	GroupAdd      []string
	// Logger is the logrus logger to write log messages with
	Logger *logrus.Logger `json:"-"`
	// Mount signals to NewBuilder() that the container should be mounted
	// immediately.
	Mount bool
	// SignaturePolicyPath specifies an override location for the signature
	// policy which should be used for verifying the new image as it is
	// being written.  Except in specific circumstances, no value should be
	// specified, indicating that the shared, system-wide default policy
	// should be used.
	SignaturePolicyPath string
	// ReportWriter is an io.Writer which will be used to log the reading
	// of the source image from a registry, if we end up pulling the image.
	ReportWriter io.Writer
	// github.com/containers/image/types SystemContext to hold credentials
	// and other authentication/authorization information.
	SystemContext *types.SystemContext
	// DefaultMountsFilePath is the file path holding the mounts to be
	// mounted in "host-path:container-path" format
	DefaultMountsFilePath string
	// Isolation controls how we handle "RUN" statements and the Run()
	// method.
	Isolation define.Isolation
	// NamespaceOptions controls how we set up namespaces for processes that
	// we might need to run using the container's root filesystem.
	NamespaceOptions define.NamespaceOptions
	// ConfigureNetwork controls whether or not network interfaces and
	// routing are configured for a new network namespace (i.e., when not
	// joining another's namespace and not just using the host's
	// namespace), effectively deciding whether or not the process has a
	// usable network.
	ConfigureNetwork define.NetworkConfigurationPolicy
	// CNIPluginPath is the location of CNI plugin helpers, if they should be
	// run from a location other than the default location.
	CNIPluginPath string
	// CNIConfigDir is the location of CNI configuration files, if the files in
	// the default configuration directory shouldn't be used.
	CNIConfigDir string

	// NetworkInterface is the libnetwork network interface used to setup CNI or netavark networks.
	NetworkInterface nettypes.ContainerNetwork `json:"-"`

	// ID mapping options to use if we're setting up our own user namespace.
	IDMappingOptions *define.IDMappingOptions
	// Capabilities is a list of capabilities to use when
	// running commands in the container.
	Capabilities    []string
	CommonBuildOpts *define.CommonBuildOptions
	// Format for the container image
	Format string
	// Devices are the additional devices to add to the containers
	Devices define.ContainerDevices
	// DefaultEnv is deprecated and ignored.
	DefaultEnv []string
	// MaxPullRetries is the maximum number of attempts we'll make to pull
	// any one image from the external registry if the first attempt fails.
	MaxPullRetries int
	// PullRetryDelay is how long to wait before retrying a pull attempt.
	PullRetryDelay time.Duration
	// OciDecryptConfig contains the config that can be used to decrypt an image if it is
	// encrypted if non-nil. If nil, it does not attempt to decrypt an image.
	OciDecryptConfig *encconfig.DecryptConfig
	// ProcessLabel is the SELinux process label associated with the container
	ProcessLabel string
	// MountLabel is the SELinux mount label associated with the container
	MountLabel string
	// PreserveBaseImageAnns indicates that we should preserve base
	// image information (Annotations) that are present in our base image,
	// rather than overwriting them with information about the base image
	// itself. Useful as an internal implementation detail of multistage
	// builds, and does not need to be set by most callers.
	PreserveBaseImageAnns bool
}

BuilderOptions are used to initialize a new Builder.

type CWConvertImageOptions added in v1.32.0 

type CWConvertImageOptions struct {
	// Required parameters.
	InputImage string

	// If supplied, we'll tag the resulting image with the specified name.
	Tag         string
	OutputImage types.ImageReference

	// If supplied, we'll register the workload with this server.
	// Practically necessary if DiskEncryptionPassphrase is not set, in
	// which case we'll generate one and throw it away after.
	AttestationURL string

	// Used to measure the environment.  If left unset (0), defaults will be applied.
	CPUs   int
	Memory int

	// Can be manually set.  If left unset ("", false, nil), reasonable values will be used.
	TeeType                  define.TeeType
	IgnoreAttestationErrors  bool
	WorkloadID               string
	DiskEncryptionPassphrase string
	Slop                     string
	FirmwareLibrary          string
	BaseImage                string
	Logger                   *logrus.Logger
	ExtraImageContent        map[string]string

	// Passed through to BuilderOptions. Most settings won't make
	// sense to be made available here because we don't launch a process.
	ContainerSuffix     string
	PullPolicy          PullPolicy
	BlobDirectory       string
	SignaturePolicyPath string
	ReportWriter        io.Writer
	IDMappingOptions    *IDMappingOptions
	Format              string
	MaxPullRetries      int
	PullRetryDelay      time.Duration
	OciDecryptConfig    *encconfig.DecryptConfig
	MountLabel          string
}

CWConvertImageOptions provides both required and optional bits of configuration for CWConvertImage().

type CommitOptions 

type CommitOptions struct {
	// PreferredManifestType is the preferred type of image manifest.  The
	// image configuration format will be of a compatible type.
	PreferredManifestType string
	// Compression specifies the type of compression which is applied to
	// layer blobs.  The default is to not use compression, but
	// archive.Gzip is recommended.
	Compression archive.Compression
	// SignaturePolicyPath specifies an override location for the signature
	// policy which should be used for verifying the new image as it is
	// being written.  Except in specific circumstances, no value should be
	// specified, indicating that the shared, system-wide default policy
	// should be used.
	SignaturePolicyPath string
	// AdditionalTags is a list of additional names to add to the image, if
	// the transport to which we're writing the image gives us a way to add
	// them.
	AdditionalTags []string
	// ReportWriter is an io.Writer which will be used to log the writing
	// of the new image.
	ReportWriter io.Writer
	// HistoryTimestamp is the timestamp used when creating new items in the
	// image's history.  If unset, the current time will be used.
	HistoryTimestamp *time.Time
	// github.com/containers/image/types SystemContext to hold credentials
	// and other authentication/authorization information.
	SystemContext *types.SystemContext
	// IIDFile tells the builder to write the image ID to the specified file
	IIDFile string
	// Squash tells the builder to produce an image with a single layer
	// instead of with possibly more than one layer.
	Squash bool
	// OmitHistory tells the builder to ignore the history of build layers and
	// base while preparing image-spec, setting this to true will ensure no history
	// is added to the image-spec. (default false)
	OmitHistory bool
	// BlobDirectory is the name of a directory in which we'll look for
	// prebuilt copies of layer blobs that we might otherwise need to
	// regenerate from on-disk layers.  If blobs are available, the
	// manifest of the new image will reference the blobs rather than
	// on-disk layers.
	BlobDirectory string
	// EmptyLayer tells the builder to omit the diff for the working
	// container.
	EmptyLayer bool
	// OmitTimestamp forces epoch 0 as created timestamp to allow for
	// deterministic, content-addressable builds.
	// Deprecated use HistoryTimestamp instead.
	OmitTimestamp bool
	// SignBy is the fingerprint of a GPG key to use for signing the image.
	SignBy string
	// Manifest list to add the image to.
	Manifest string
	// MaxRetries is the maximum number of attempts we'll make to commit
	// the image to an external registry if the first attempt fails.
	MaxRetries int
	// RetryDelay is how long to wait before retrying a commit attempt to a
	// registry.
	RetryDelay time.Duration
	// OciEncryptConfig when non-nil indicates that an image should be encrypted.
	// The encryption options is derived from the construction of EncryptConfig object.
	OciEncryptConfig *encconfig.EncryptConfig
	// OciEncryptLayers represents the list of layers to encrypt.
	// If nil, don't encrypt any layers.
	// If non-nil and len==0, denotes encrypt all layers.
	// integers in the slice represent 0-indexed layer indices, with support for negative
	// indexing. i.e. 0 is the first layer, -1 is the last (top-most) layer.
	OciEncryptLayers *[]int
	// ConfidentialWorkloadOptions is used to force the output image's rootfs to contain a
	// LUKS-compatibly encrypted disk image (for use with krun) instead of the usual
	// contents of a rootfs.
	ConfidentialWorkloadOptions ConfidentialWorkloadOptions
	// UnsetEnvs is a list of environments to not add to final image.
	// Deprecated: use UnsetEnv() before committing instead.
	UnsetEnvs []string
	// OverrideConfig is an optional Schema2Config which can override parts
	// of the working container's configuration for the image that is being
	// committed.
	OverrideConfig *manifest.Schema2Config
	// OverrideChanges is a slice of Dockerfile-style instructions to make
	// to the configuration of the image that is being committed, after
	// OverrideConfig is applied.
	OverrideChanges []string
	// ExtraImageContent is a map which describes additional content to add
	// to the committed image.  The map's keys are filesystem paths in the
	// image and the corresponding values are the paths of files whose
	// contents will be used in their place.  The contents will be owned by
	// 0:0 and have mode 0644.  Currently only accepts regular files.
	ExtraImageContent map[string]string
	// SBOMScanOptions encapsulates options which control whether or not we
	// run scanners on the rootfs that we're about to commit, and how.
	SBOMScanOptions []SBOMScanOptions
}

CommitOptions can be used to alter how an image is committed.

type CommonBuildOptions 

type CommonBuildOptions = define.CommonBuildOptions

CommonBuildOptions are resources that can be defined by flags for both buildah from and build

type CompositeDigester added in v1.11.0 

type CompositeDigester struct {
	// contains filtered or unexported fields
}

CompositeDigester can compute a digest over multiple items.

func (*CompositeDigester) Digest added in v1.11.0 

func (c *CompositeDigester) Digest() (string, digest.Digest)

Digest returns the content type and a composite digest over everything that's been digested.

func (*CompositeDigester) Hash added in v1.11.0 

func (c *CompositeDigester) Hash() io.WriteCloser

Hash returns the hasher for the current item.

func (*CompositeDigester) Restart added in v1.11.0 

func (c *CompositeDigester) Restart()

Restart clears all state, so that the composite digester can start over.

func (*CompositeDigester) Start added in v1.11.0 

func (c *CompositeDigester) Start(contentType string)

Start starts recording the digest for a new item ("", "file", or "dir"). The caller should call Hash() immediately after to retrieve the new io.WriteCloser.

type ConfidentialWorkloadOptions added in v1.32.0 

type ConfidentialWorkloadOptions = define.ConfidentialWorkloadOptions

ConfidentialWorkloadOptions encapsulates options which control whether or not we output an image whose rootfs contains a LUKS-compatibly-encrypted disk image instead of the usual rootfs contents.

type ContainerDevices added in v1.17.0 

type ContainerDevices define.ContainerDevices

ContainerDevices is an alias for a slice of github.com/opencontainers/runc/libcontainer/configs.Device structures.

type ExtractRootfsOptions added in v1.26.0 

type ExtractRootfsOptions struct {
	StripSetuidBit bool // strip the setuid bit off of items being extracted.
	StripSetgidBit bool // strip the setgid bit off of items being extracted.
	StripXattrs    bool // don't record extended attributes of items being extracted.
}

ExtractRootfsOptions is consumed by ExtractRootfs() which allows users to control whether various information like the like setuid and setgid bits and xattrs are preserved when extracting file system objects.

type IDMappingOptions added in v1.7.1 

type IDMappingOptions = define.IDMappingOptions

IDMappingOptions controls how we set up UID/GID mapping when we set up a user namespace.

type IDMaps added in v1.27.0 

type IDMaps struct {
	// contains filtered or unexported fields
}

IDMaps are the UIDs, GID, and maps for the run

type ImportFromImageOptions 

type ImportFromImageOptions struct {
	// Image is the name or ID of the image we'd like to examine.
	Image string
	// SignaturePolicyPath specifies an override location for the signature
	// policy which should be used for verifying the new image as it is
	// being written.  Except in specific circumstances, no value should be
	// specified, indicating that the shared, system-wide default policy
	// should be used.
	SignaturePolicyPath string
	// github.com/containers/image/types SystemContext to hold information
	// about which registries we should check for completing image names
	// that don't include a domain portion.
	SystemContext *types.SystemContext
}

ImportFromImageOptions are used to initialize a Builder from an image.

type ImportOptions 

type ImportOptions struct {
	// Container is the name of the build container.
	Container string
	// SignaturePolicyPath specifies an override location for the signature
	// policy which should be used for verifying the new image as it is
	// being written.  Except in specific circumstances, no value should be
	// specified, indicating that the shared, system-wide default policy
	// should be used.
	SignaturePolicyPath string
}

ImportOptions are used to initialize a Builder from an existing container which was created elsewhere.

type InfoData added in v1.7.1 

type InfoData struct {
	Type string
	Data map[string]interface{}
}

InfoData holds the info type, i.e store, host etc and the data for each type

func Info added in v1.7.1 

func Info(store storage.Store) ([]InfoData, error)

Info returns the store and host information

type Isolation added in v1.7.1 

type Isolation = define.Isolation

Isolation provides a way to specify whether we're supposed to use a proper OCI runtime, or some other method for running commands.

type NamespaceOption added in v1.7.1 

type NamespaceOption = define.NamespaceOption

NamespaceOption controls how we set up a namespace when launching processes.

type NamespaceOptions added in v1.7.1 

type NamespaceOptions = define.NamespaceOptions

NamespaceOptions provides some helper methods for a slice of NamespaceOption structs.

type NetworkConfigurationPolicy added in v1.7.1 

type NetworkConfigurationPolicy = define.NetworkConfigurationPolicy

NetworkConfigurationPolicy takes the value NetworkDefault, NetworkDisabled, or NetworkEnabled.

type PullOptions added in v1.7.1 

type PullOptions struct {
	// SignaturePolicyPath specifies an override location for the signature
	// policy which should be used for verifying the new image as it is
	// being written.  Except in specific circumstances, no value should be
	// specified, indicating that the shared, system-wide default policy
	// should be used.
	SignaturePolicyPath string
	// ReportWriter is an io.Writer which will be used to log the writing
	// of the new image.
	ReportWriter io.Writer
	// Store is the local storage store which holds the source image.
	Store storage.Store
	// github.com/containers/image/types SystemContext to hold credentials
	// and other authentication/authorization information.
	SystemContext *types.SystemContext
	// BlobDirectory is the name of a directory in which we'll attempt to
	// store copies of layer blobs that we pull down, if any.  It should
	// already exist.
	BlobDirectory string
	// AllTags is a boolean value that determines if all tagged images
	// will be downloaded from the repository. The default is false.
	AllTags bool
	// RemoveSignatures causes any existing signatures for the image to be
	// discarded when pulling it.
	RemoveSignatures bool
	// MaxRetries is the maximum number of attempts we'll make to pull any
	// one image from the external registry if the first attempt fails.
	MaxRetries int
	// RetryDelay is how long to wait before retrying a pull attempt.
	RetryDelay time.Duration
	// OciDecryptConfig contains the config that can be used to decrypt an image if it is
	// encrypted if non-nil. If nil, it does not attempt to decrypt an image.
	OciDecryptConfig *encconfig.DecryptConfig
	// PullPolicy takes the value PullIfMissing, PullAlways, PullIfNewer, or PullNever.
	PullPolicy define.PullPolicy
}

PullOptions can be used to alter how an image is copied in from somewhere.

type PullPolicy added in v1.7.1 

type PullPolicy = define.PullPolicy

PullPolicy takes the value PullIfMissing, PullAlways, PullIfNewer, or PullNever.

type PushOptions 

type PushOptions struct {
	// Compression specifies the type of compression which is applied to
	// layer blobs.  The default is to not use compression, but
	// archive.Gzip is recommended.
	// OBSOLETE: Use CompressionFormat instead.
	Compression archive.Compression
	// SignaturePolicyPath specifies an override location for the signature
	// policy which should be used for verifying the new image as it is
	// being written.  Except in specific circumstances, no value should be
	// specified, indicating that the shared, system-wide default policy
	// should be used.
	SignaturePolicyPath string
	// ReportWriter is an io.Writer which will be used to log the writing
	// of the new image.
	ReportWriter io.Writer
	// Store is the local storage store which holds the source image.
	Store storage.Store
	// github.com/containers/image/types SystemContext to hold credentials
	// and other authentication/authorization information.
	SystemContext *types.SystemContext
	// ManifestType is the format to use
	// possible options are oci, v2s1, and v2s2
	ManifestType string
	// BlobDirectory is the name of a directory in which we'll look for
	// prebuilt copies of layer blobs that we might otherwise need to
	// regenerate from on-disk layers, substituting them in the list of
	// blobs to copy whenever possible.
	BlobDirectory string
	// Quiet is a boolean value that determines if minimal output to
	// the user will be displayed, this is best used for logging.
	// The default is false.
	Quiet bool
	// SignBy is the fingerprint of a GPG key to use for signing the image.
	SignBy string
	// RemoveSignatures causes any existing signatures for the image to be
	// discarded for the pushed copy.
	RemoveSignatures bool
	// MaxRetries is the maximum number of attempts we'll make to push any
	// one image to the external registry if the first attempt fails.
	MaxRetries int
	// RetryDelay is how long to wait before retrying a push attempt.
	RetryDelay time.Duration
	// OciEncryptConfig when non-nil indicates that an image should be encrypted.
	// The encryption options is derived from the construction of EncryptConfig object.
	OciEncryptConfig *encconfig.EncryptConfig
	// OciEncryptLayers represents the list of layers to encrypt.
	// If nil, don't encrypt any layers.
	// If non-nil and len==0, denotes encrypt all layers.
	// integers in the slice represent 0-indexed layer indices, with support for negative
	// indexing. i.e. 0 is the first layer, -1 is the last (top-most) layer.
	OciEncryptLayers *[]int

	// CompressionFormat is the format to use for the compression of the blobs
	CompressionFormat *compression.Algorithm
	// CompressionLevel specifies what compression level is used
	CompressionLevel *int
	// ForceCompressionFormat ensures that the compression algorithm set in
	// CompressionFormat is used exclusively, and blobs of other compression
	// algorithms are not reused.
	ForceCompressionFormat bool
}

PushOptions can be used to alter how an image is copied somewhere.

type RunOptions 

type RunOptions struct {
	// Logger is the logrus logger to write log messages with
	Logger *logrus.Logger `json:"-"`
	// Hostname is the hostname we set for the running container.
	Hostname string
	// Isolation is either IsolationDefault, IsolationOCI, IsolationChroot, or IsolationOCIRootless.
	Isolation define.Isolation
	// Runtime is the name of the runtime to run.  It should accept the
	// same arguments that runc does, and produce similar output.
	Runtime string
	// Args adds global arguments for the runtime.
	Args []string
	// NoHostname won't create new /etc/hostname file
	NoHostname bool
	// NoHosts won't create new /etc/hosts file
	NoHosts bool
	// NoPivot adds the --no-pivot runtime flag.
	NoPivot bool
	// Mounts are additional mount points which we want to provide.
	Mounts []specs.Mount
	// Env is additional environment variables to set.
	Env []string
	// User is the user as whom to run the command.
	User string
	// WorkingDir is an override for the working directory.
	WorkingDir string
	// ContextDir is used as the root directory for the source location for mounts that are of type "bind".
	ContextDir string
	// Shell is default shell to run in a container.
	Shell string
	// Cmd is an override for the configured default command.
	Cmd []string
	// Entrypoint is an override for the configured entry point.
	Entrypoint []string
	// NamespaceOptions controls how we set up the namespaces for the process.
	NamespaceOptions define.NamespaceOptions
	// ConfigureNetwork controls whether or not network interfaces and
	// routing are configured for a new network namespace (i.e., when not
	// joining another's namespace and not just using the host's
	// namespace), effectively deciding whether or not the process has a
	// usable network.
	ConfigureNetwork define.NetworkConfigurationPolicy
	// CNIPluginPath is the location of CNI plugin helpers, if they should be
	// run from a location other than the default location.
	CNIPluginPath string
	// CNIConfigDir is the location of CNI configuration files, if the files in
	// the default configuration directory shouldn't be used.
	CNIConfigDir string
	// Terminal provides a way to specify whether or not the command should
	// be run with a pseudoterminal.  By default (DefaultTerminal), a
	// terminal is used if os.Stdout is connected to a terminal, but that
	// decision can be overridden by specifying either WithTerminal or
	// WithoutTerminal.
	Terminal TerminalPolicy
	// TerminalSize provides a way to set the number of rows and columns in
	// a pseudo-terminal, if we create one, and Stdin/Stdout/Stderr aren't
	// connected to a terminal.
	TerminalSize *specs.Box
	// The stdin/stdout/stderr descriptors to use.  If set to nil, the
	// corresponding files in the "os" package are used as defaults.
	Stdin  io.Reader `json:"-"`
	Stdout io.Writer `json:"-"`
	Stderr io.Writer `json:"-"`
	// Quiet tells the run to turn off output to stdout.
	Quiet bool
	// AddCapabilities is a list of capabilities to add to the default set.
	AddCapabilities []string
	// DropCapabilities is a list of capabilities to remove from the default set,
	// after processing the AddCapabilities set.  If a capability appears in both
	// lists, it will be dropped.
	DropCapabilities []string
	// Devices are the additional devices to add to the containers
	Devices define.ContainerDevices
	// Secrets are the available secrets to use in a RUN
	Secrets map[string]define.Secret
	// SSHSources is the available ssh agents to use in a RUN
	SSHSources map[string]*sshagent.Source `json:"-"`
	// RunMounts are mounts for this run. RunMounts for this run
	// will not show up in subsequent runs.
	RunMounts []string
	// Map of stages and container mountpoint if any from stage executor
	StageMountPoints map[string]internal.StageMountDetails
	// External Image mounts to be cleaned up.
	// Buildah run --mount could mount image before RUN calls, RUN could cleanup
	// them up as well
	ExternalImageMounts []string
	// System context of current build
	SystemContext *types.SystemContext
	// CgroupManager to use for running OCI containers
	CgroupManager string
}

RunOptions can be used to alter how a command is run in the container.

type SBOMScanOptions added in v1.35.0 

type SBOMScanOptions = define.SBOMScanOptions

SBOMScanOptions encapsulates options which control whether or not we run a scanner on the rootfs that we're about to commit, and how.

type TerminalPolicy added in v1.7.1 

type TerminalPolicy int

TerminalPolicy takes the value DefaultTerminal, WithoutTerminal, or WithTerminal. 

const (
	// DefaultTerminal indicates that this Run invocation should be
	// connected to a pseudoterminal if we're connected to a terminal.
	DefaultTerminal TerminalPolicy = iota
	// WithoutTerminal indicates that this Run invocation should NOT be
	// connected to a pseudoterminal.
	WithoutTerminal
	// WithTerminal indicates that this Run invocation should be connected
	// to a pseudoterminal.
	WithTerminal
)

func (TerminalPolicy) String added in v1.7.1 

func (t TerminalPolicy) String() string

String converts a TerminalPolicy into a string.

Source Files

View all Source files

Directories

Path Synopsis
cmd
buildah
config
mkcw
mkcw/types
parse
sbom
source
tmpdir
util
volumes
This package is deprecated.
 This package is deprecated.
pkg
blobcache
chrootuser
cli
completion
formats
manifests
This package is deprecated.
 This package is deprecated.
overlay
parse
rusage
sshagent
supplemented
This package is deprecated.
 This package is deprecated.
umask
util
volumes
tests
conformance
copy
imgtype
serve
testreport
testreport/types
tutorial

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.