Stop vendoring libpod into buildah

add.go

@@ -11,8 +11,8 @@ import (
 	"syscall"
 	"time"
 
+	"github.com/containers/buildah/pkg/chrootuser"
 	"github.com/containers/buildah/util"
-	"github.com/containers/libpod/pkg/chrootuser"
 	"github.com/containers/storage/pkg/archive"
 	"github.com/containers/storage/pkg/idtools"
 	"github.com/opencontainers/runtime-spec/specs-go"

cmd/buildah/common.go

@@ -7,10 +7,10 @@ import (
 	"time"
 
 	"github.com/containers/buildah"
+	"github.com/containers/buildah/unshare"
 	"github.com/containers/buildah/util"
 	is "github.com/containers/image/storage"
 	"github.com/containers/image/types"
-	lu "github.com/containers/libpod/pkg/util"
 	"github.com/containers/storage"
 	digest "github.com/opencontainers/go-digest"
 	"github.com/pkg/errors"
@@ -22,7 +22,7 @@ import (
 var needToShutdownStore = false
 
 func getStore(c *cobra.Command) (storage.Store, error) {
-	options, _, err := lu.GetDefaultStoreOptions()
+	options, err := storage.DefaultStoreOptions(unshare.IsRootless(), unshare.GetRootlessUID())
 	if err != nil {
 		return nil, err
 	}

cmd/buildah/common_test.go

@@ -16,7 +16,7 @@ import (
 
 var (
 	signaturePolicyPath = ""
-	storeOptions        = storage.DefaultStoreOptions
+	storeOptions, _     = storage.DefaultStoreOptions(false, 0)
 	testSystemContext   = types.SystemContext{}
 )
 

cmd/buildah/main.go

@@ -5,7 +5,6 @@ import (
 	"github.com/containers/buildah"
 	"os"
 
-	"github.com/containers/libpod/pkg/util"
 	"github.com/containers/storage"
 	ispecs "github.com/opencontainers/image-spec/specs-go"
 	rspecs "github.com/opencontainers/runtime-spec/specs-go"
@@ -51,15 +50,15 @@ func init() {
 	var (
 		defaultStoreDriverOptions []string
 	)
-	storageOptions, _, err := util.GetDefaultStoreOptions()
+	storageOptions, err := storage.DefaultStoreOptions(false, 0)
 	if err != nil {
 		logrus.Errorf(err.Error())
 		os.Exit(1)
 
 	}
 
-	if len(storage.DefaultStoreOptions.GraphDriverOptions) > 0 {
-		optionSlice := storage.DefaultStoreOptions.GraphDriverOptions[:]
+	if len(storageOptions.GraphDriverOptions) > 0 {
+		optionSlice := storageOptions.GraphDriverOptions[:]
 		defaultStoreDriverOptions = optionSlice
 	}
 

cmd/buildah/mount.go

@@ -5,6 +5,7 @@ import (
 	"os"
 
 	buildahcli "github.com/containers/buildah/pkg/cli"
+	"github.com/containers/buildah/unshare"
 	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
 )
@@ -62,7 +63,7 @@ func mountCmd(c *cobra.Command, args []string, noTruncate bool) error {
 		// of the mount command.
 		// Differently, allow the mount if we are already in a userns, as the mount point will still
 		// be accessible once "buildah mount" exits.
-		if os.Getenv(startedInUserNS) != "" && store.GraphDriverName() != "vfs" {
+		if unshare.IsRootless() && store.GraphDriverName() != "vfs" {
 			return fmt.Errorf("cannot mount using driver %s in rootless mode. You need to run it in a `buildah unshare` session", store.GraphDriverName())
 		}
 

cmd/buildah/unshare.go

@@ -20,12 +20,6 @@ import (
 	"github.com/syndtr/gocapability/capability"
 )
 
-const (
-	// startedInUserNS is an environment variable that, if set, means that we shouldn't try
-	// to create and enter a new user namespace and then re-exec ourselves.
-	startedInUserNS = "_BUILDAH_STARTED_IN_USERNS"
-)
-
 var (
 	unshareDescription = "\n  Runs a command in a modified user namespace."
 	unshareCommand     = &cobra.Command{
@@ -63,7 +57,7 @@ func bailOnError(err error, format string, a ...interface{}) {
 
 func maybeReexecUsingUserNamespace(cmdName string, evenForRoot bool) {
 	// If we've already been through this once, no need to try again.
-	if os.Getenv(startedInUserNS) != "" {
+	if unshare.IsRootless() {
 		return
 	}
 
@@ -141,8 +135,8 @@ func maybeReexecUsingUserNamespace(cmdName string, evenForRoot bool) {
 	cmd := unshare.Command(append([]string{"buildah-in-a-user-namespace"}, os.Args[1:]...)...)
 
 	// If, somehow, we don't become UID 0 in our child, indicate that the child shouldn't try again.
-	err = os.Setenv(startedInUserNS, "1")
-	bailOnError(err, "error setting %s=1 in environment", startedInUserNS)
+	err = os.Setenv(unshare.UsernsEnvName, "1")
+	bailOnError(err, "error setting %s=1 in environment", unshare.UsernsEnvName)
 
 	// Set the default isolation type to use the "rootless" method.
 	if _, present := os.LookupEnv("BUILDAH_ISOLATION"); !present {
@@ -210,7 +204,7 @@ func unshareCmd(c *cobra.Command, args []string) error {
 		args = []string{shell}
 	}
 	cmd := exec.Command(args[0], args[1:]...)
-	cmd.Env = append(os.Environ(), "_BUILDAH_STARTED_IN_USERNS=")
+	cmd.Env = unshare.RootlessEnv()
 	cmd.Stdin = os.Stdin
 	cmd.Stdout = os.Stdout
 	cmd.Stderr = os.Stderr

cmd/buildah/unshare_unsupported.go

@@ -6,10 +6,6 @@ import (
 	"github.com/spf13/cobra"
 )
 
-const (
-	startedInUserNS = "_BUILDAH_STARTED_IN_USERNS"
-)
-
 func init() {
 	unshareCommand := cobra.Command{
 		Use:    "unshare",

common.go

@@ -5,9 +5,9 @@ import (
 	"os"
 	"path/filepath"
 
+	"github.com/containers/buildah/unshare"
 	cp "github.com/containers/image/copy"
 	"github.com/containers/image/types"
-	"github.com/containers/libpod/pkg/rootless"
 	"github.com/containers/storage"
 )
 
@@ -28,7 +28,6 @@ func getCopyOptions(store storage.Store, reportWriter io.Writer, sourceReference
 	if destinationSystemContext != nil {
 		*destinationCtx = *destinationSystemContext
 	}
-
 	return &cp.Options{
 		ReportWriter:          reportWriter,
 		SourceCtx:             sourceCtx,
@@ -49,7 +48,7 @@ func getSystemContext(store storage.Store, defaults *types.SystemContext, signat
 		if sc.BlobInfoCacheDir == "" {
 			sc.BlobInfoCacheDir = filepath.Join(store.GraphRoot(), "cache")
 		}
-		if sc.SystemRegistriesConfPath == "" && rootless.IsRootless() {
+		if sc.SystemRegistriesConfPath == "" && unshare.IsRootless() {
 			userRegistriesFile := filepath.Join(store.GraphRoot(), "registries.conf")
 			if _, err := os.Stat(userRegistriesFile); err == nil {
 				sc.SystemRegistriesConfPath = userRegistriesFile

import.go

@@ -17,7 +17,11 @@ func importBuilderDataFromImage(ctx context.Context, store storage.Store, system
 		return nil, errors.Errorf("Internal error: imageID is empty in importBuilderDataFromImage")
 	}
 
-	uidmap, gidmap := convertStorageIDMaps(storage.DefaultStoreOptions.UIDMap, storage.DefaultStoreOptions.GIDMap)
+	storeopts, err := storage.DefaultStoreOptions(false, 0)
+	if err != nil {
+		return nil, err
+	}
+	uidmap, gidmap := convertStorageIDMaps(storeopts.UIDMap, storeopts.GIDMap)
 
 	ref, err := is.Transport.ParseStoreReference(store, imageID)
 	if err != nil {

info.go

@@ -11,7 +11,7 @@ import (
 	"strings"
 	"time"
 
-	"github.com/containers/libpod/pkg/rootless"
+	"github.com/containers/buildah/unshare"
 	"github.com/containers/storage"
 	"github.com/containers/storage/pkg/system"
 	"github.com/sirupsen/logrus"
@@ -47,7 +47,7 @@ func hostInfo() (map[string]interface{}, error) {
 	info["os"] = runtime.GOOS
 	info["arch"] = runtime.GOARCH
 	info["cpus"] = runtime.NumCPU()
-	info["rootless"] = rootless.IsRootless()
+	info["rootless"] = unshare.IsRootless()
 	mi, err := system.ReadMemInfo()
 	if err != nil {
 		logrus.Error(err, "err reading memory info")

pkg/blobcache/blobcache_test.go

@@ -14,7 +14,7 @@ import (
 	"testing"
 
 	cp "github.com/containers/image/copy"
-	"github.com/containers/image/pkg/blobinfocache"
+	"github.com/containers/image/pkg/blobinfocache/none"
 	"github.com/containers/image/signature"
 	"github.com/containers/image/transports/alltransports"
 	"github.com/containers/image/types"
@@ -128,11 +128,11 @@ func TestBlobCache(t *testing.T) {
 				if err != nil {
 					t.Fatalf("error opening source image for writing: %v", err)
 				}
-				_, err = destImage.PutBlob(context.TODO(), bytes.NewReader(blobBytes), blobInfo, blobinfocache.NoCache, false)
+				_, err = destImage.PutBlob(context.TODO(), bytes.NewReader(blobBytes), blobInfo, none.NoCache, false)
 				if err != nil {
 					t.Fatalf("error writing layer blob to source image: %v", err)
 				}
-				_, err = destImage.PutBlob(context.TODO(), bytes.NewReader(configBytes), configInfo, blobinfocache.NoCache, true)
+				_, err = destImage.PutBlob(context.TODO(), bytes.NewReader(configBytes), configInfo, none.NoCache, true)
 				if err != nil {
 					t.Fatalf("error writing config blob to source image: %v", err)
 				}

pkg/secrets/secrets.go

@@ -7,7 +7,6 @@ import (
 	"path/filepath"
 	"strings"
 
-	"github.com/containers/libpod/pkg/rootless"
 	"github.com/containers/storage/pkg/idtools"
 	rspec "github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/opencontainers/selinux/go-selinux/label"
@@ -133,12 +132,12 @@ func getMountsMap(path string) (string, string, error) {
 }
 
 // SecretMounts copies, adds, and mounts the secrets to the container root filesystem
-func SecretMounts(mountLabel, containerWorkingDir, mountFile string) []rspec.Mount {
-	return SecretMountsWithUIDGID(mountLabel, containerWorkingDir, mountFile, containerWorkingDir, 0, 0)
+func SecretMounts(mountLabel, containerWorkingDir, mountFile string, rootless bool) []rspec.Mount {
+	return SecretMountsWithUIDGID(mountLabel, containerWorkingDir, mountFile, containerWorkingDir, 0, 0, rootless)
 }
 
 // SecretMountsWithUIDGID specifies the uid/gid of the owner
-func SecretMountsWithUIDGID(mountLabel, containerWorkingDir, mountFile, mountPrefix string, uid, gid int) []rspec.Mount {
+func SecretMountsWithUIDGID(mountLabel, containerWorkingDir, mountFile, mountPrefix string, uid, gid int, rootless bool) []rspec.Mount {
 	var (
 		secretMounts []rspec.Mount
 		mountFiles   []string
@@ -148,7 +147,7 @@ func SecretMountsWithUIDGID(mountLabel, containerWorkingDir, mountFile, mountPre
 	// Note for testing purposes only
 	if mountFile == "" {
 		mountFiles = append(mountFiles, []string{OverrideMountsFile, DefaultMountsFile}...)
-		if rootless.IsRootless() {
+		if rootless {
 			mountFiles = append([]string{UserOverrideMountsFile}, mountFiles...)
 		}
 	} else {

run.go

@@ -22,6 +22,7 @@ import (
 	"github.com/containers/buildah/bind"
 	"github.com/containers/buildah/chroot"
 	"github.com/containers/buildah/pkg/secrets"
+	"github.com/containers/buildah/unshare"
 	"github.com/containers/buildah/util"
 	"github.com/containers/storage/pkg/idtools"
 	"github.com/containers/storage/pkg/ioutils"
@@ -417,7 +418,7 @@ func (b *Builder) setupMounts(mountPoint string, spec *specs.Spec, bundlePath st
 	}
 
 	// Get the list of secrets mounts.
-	secretMounts := secrets.SecretMountsWithUIDGID(b.MountLabel, cdir, b.DefaultMountsFilePath, cdir, int(rootUID), int(rootGID))
+	secretMounts := secrets.SecretMountsWithUIDGID(b.MountLabel, cdir, b.DefaultMountsFilePath, cdir, int(rootUID), int(rootGID), unshare.IsRootless())
 
 	// Add temporary copies of the contents of volume locations at the
 	// volume locations, unless we already have something there.

tests/e2e/buildah_suite_test.go

@@ -236,7 +236,7 @@ func (p *BuildAhTest) CreateArtifact(image string) error {
 
 // RestoreArtifact puts the cached image into our test store
 func (p *BuildAhTest) RestoreArtifact(image string) error {
-	storeOptions := sstorage.DefaultStoreOptions
+	storeOptions, _ := sstorage.DefaultStoreOptions(false, 0)
 	storeOptions.GraphDriverName = "vfs"
 	//storeOptions.GraphDriverOptions = storageOptions
 	storeOptions.GraphRoot = p.Root

tests/imgtype/imgtype.go

@@ -28,7 +28,7 @@ func main() {
 	expectedManifestType := ""
 	expectedConfigType := ""
 
-	storeOptions := storage.DefaultStoreOptions
+	storeOptions, _ := storage.DefaultStoreOptions(false, 0)
 	debug := flag.Bool("debug", false, "turn on debug logging")
 	root := flag.String("root", storeOptions.GraphRoot, "storage root directory")
 	runroot := flag.String("runroot", storeOptions.RunRoot, "storage runtime directory")

unshare/unshare.go

@@ -11,6 +11,7 @@ import (
 	"runtime"
 	"strconv"
 	"strings"
+	"sync"
 	"syscall"
 
 	"github.com/containers/buildah/util"
@@ -57,8 +58,8 @@ func (c *Cmd) Start() error {
 
 	// Please the libpod "rootless" package to find the expected env variables.
 	if os.Geteuid() != 0 {
-		c.Env = append(c.Env, "_LIBPOD_USERNS_CONFIGURED=done")
-		c.Env = append(c.Env, fmt.Sprintf("_LIBPOD_ROOTLESS_UID=%d", os.Geteuid()))
+		c.Env = append(c.Env, "_CONTAINERS_USERNS_CONFIGURED=done")
+		c.Env = append(c.Env, fmt.Sprintf("_CONTAINERS_ROOTLESS_UID=%d", os.Geteuid()))
 	}
 
 	// Create the pipe for reading the child's PID.
@@ -272,3 +273,36 @@ func (c *Cmd) CombinedOutput() ([]byte, error) {
 func (c *Cmd) Output() ([]byte, error) {
 	return nil, errors.New("unshare: Output() not implemented")
 }
+
+var (
+	isRootlessOnce sync.Once
+	isRootless     bool
+)
+
+const (
+	// UsernsEnvName is the environment variable, if set indicates in rootless mode
+	UsernsEnvName = "_CONTAINERS_USERNS_CONFIGURED"
+)
+
+// IsRootless tells us if we are running in rootless mode
+func IsRootless() bool {
+	isRootlessOnce.Do(func() {
+		isRootless = os.Geteuid() != 0 || os.Getenv(UsernsEnvName) != ""
+	})
+	return isRootless
+}
+
+// GetRootlessUID returns the UID of the user in the parent userNS
+func GetRootlessUID() int {
+	uidEnv := os.Getenv("_CONTAINERS_ROOTLESS_UID")
+	if uidEnv != "" {
+		u, _ := strconv.Atoi(uidEnv)
+		return u
+	}
+	return os.Getuid()
+}
+
+// RootlessEnv returns the environment settings for the rootless containers
+func RootlessEnv() []string {
+	return append(os.Environ(), UsernsEnvName+"=")
+}

unshare/unshare_unsupported.go

@@ -0,0 +1,27 @@
+// +build !linux
+
+package unshare
+
+import (
+	"os"
+)
+
+const (
+	// UsernsEnvName is the environment variable, if set indicates in rootless mode
+	UsernsEnvName = "_CONTAINERS_USERNS_CONFIGURED"
+)
+
+// IsRootless tells us if we are running in rootless mode
+func IsRootless() bool {
+	return false
+}
+
+// GetRootlessUID returns the UID of the user in the parent userNS
+func GetRootlessUID() int {
+	return os.Getuid()
+}
+
+// RootlessEnv returns the environment settings for the rootless containers
+func RootlessEnv() []string {
+	return append(os.Environ(), UsernsEnvName+"=")
+}

vendor.conf

@@ -3,13 +3,12 @@ github.com/blang/semver v3.5.0
 github.com/BurntSushi/toml v0.2.0
 github.com/containerd/continuity 004b46473808b3e7a4a3049c20e4376c91eb966d
 github.com/containernetworking/cni v0.7.0-rc2
-github.com/containers/image v1.5
+github.com/containers/image f52cf78ebfa1916da406f8b6210d8f7764ec1185
 github.com/vbauerster/mpb v3.3.4
 github.com/mattn/go-isatty v0.0.4
 github.com/VividCortex/ewma v1.1.1
 github.com/boltdb/bolt v1.3.1
-github.com/containers/libpod v1.0
-github.com/containers/storage v1.11
+github.com/containers/storage v1.12.1
 github.com/docker/distribution 5f6282db7d65e6d72ad7c2cc66310724a57be716
 github.com/docker/docker 54dddadc7d5d89fe0be88f76979f6f6ab0dede83
 github.com/docker/docker-credential-helpers v0.6.1