| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This upgrade fixes:
CVE-2024-11218
Changes in this Upgrade:
=========================
This upgrade from Buildah 1.26.8 to 1.26.9 includes important security and stability fixes:
- Fixes CVE-2024-11218
- Resolves TOCTOU error when bind and cache mounts use "src" values
- Fixes cache locks with multiple mounts
- Enhances volume handling and mount label options
For full details, refer to:
https://github.com/containers/buildah/releases/tag/v1.26.9
Signed-off-by: Praveen Kumar <praveen.kumar@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
| |
Backport patch to fix CVE-2024-9676.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* because it rdepends on podman with the same restriction
* BTW: .gitignore has:
build*/
which gets triggered for buildah as well:
meta-virtualization $ git add ./recipes-containers/buildah/buildah_git.bb
The following paths are ignored by one of your .gitignore files:
recipes-containers/buildah
I've adjusted it to /build*/ only.
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
|
buildah is a command line tool, to be installed and run on target,
that can be used to:
- create a working container, either from scratch or using an image
as a starting point
- create an image, either from a working container or via the
instructions in a Dockerfile
- images can be built in either the OCI image format or the
traditional upstream docker image format
- mount a working container's root filesystem for manipulation
- unmount a working container's root filesystem
- use the updated contents of a container's root filesystem as a
filesystem layer to create a new image
- delete a working container or an image
- rename a local container
Testing:
Setup the build directory:
$ . oe-init-build-env <build_dir>
Add to local.conf:
IMAGE_INSTALL:append = " buildah kernel-modules"
KERNEL_FEATURES += "features/overlayfs/overlayfs.cfgi \
features/netfilter/netfilter.scc \
features/lxc/lxc-enable.scc"
IMAGE_ROOTFS_EXTRA_SPACE = "5242880"
Build image:
$ bitbake core-image-minimal
Run the image:
$ runqemu nographic kvm qemuparams="-m 4096"
On target:
Pull an image:
> cnt=$(buildah from fedora)
Or build from Dockerfile
> buildah bud -t <image_name>:<tag> .
Mount the image:
> mnt=$(buildah mount ${cnt})
Install packages on the container rootfs:
> dnf install --installroot $mnt <packages_to_install> -y
Copy local files to the container:
> buildah copy $cnt <local_file> <dest_on_container>
Save the changes to an image
> buildah commit --format docker $cnt <name>:<tag>
Run the image using buildah:
> buildah run $cnt /bin/sh
Or using docker:
> docker run -it <name>:<tag>
Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
