Buildah logo

Buildah Release Announcements

22 Oct 2025 » Buildah version 1.42.0 Release Announcement by tsweeney

buildah logo

Buildah version 1.42.0 Release Announcement

We’re pleased to announce the release of Buildah version 1.42.0, which is now available from GitHub for any Linux distro. We are shipping this release on Fedora 42 and Fedora 43. Buildah will also be shipped on CentOS, OpenSUSE, and Ubuntu soon. In addition, container images will be available at https://quay.io/repository/buildah/stable and https://quay.io/repository/containers/buildah.

The Buildah project has continued to grow over the past several weeks, welcoming several new contributors to the mix. This release features notable changes:

The meaning of --pull now emulates Docker’s --pull=always
Destination locations for several commands that now end with a /. are treated as directories.
The --imagestore option can now be used when configuring storage.
The --transient-store option stores metadata about containers under the storage state directory. See the buildah (1) man page for details.

This release comprises changes made for v1.42.0 and will be included in Podman v5.7.

Release Changes

Changes for v1.42.0

Restore the meaning of --pull (without argument), similar to the docker behavior: now defaults to --pull=always by @Romain-Geissler-1A in #6300
Exclude pulled up parent directories at commit-time by @nalind in #6296
Only suppress “noted” items when not squashing by @nalind in #6302
History should note unset-label, timestamp, and rewrite-timestamp by @nalind in #6315
–mount=type=bind now does ignores modtime when looking for cache candidates by @flouthoc in #6311
Destination locations specified for buildah add and buildah copy, and in ADD and COPY instructions for buildah build, that end with “/.” are now always expected to be directories by @nalind in #6310
Run: reap stray processes by @nalind in #6307
imagebuildah.StageExecutor.Execute: commit more “no instructions” cases by @nalind in #6314
Rework how we decide what to filter out of layer diffs by @nalind in #6332
Mount image fails with imagestores by @nalind in #6340
Losen the dependency on go-connections/tlsconfig by @mtrmac in #6328
The global --imagestore flag can now be used when configuring storage by @nalind in #6341
The global --transient-store flag is now recognized by @nalind in #6346
FROM instructions which reference images using both a tag and a digest no longer trigger errors in buildah build with --all-platforms: the tag portion of the reference will be ignored by @nalind in #6353
The chroot isolation handler should now correctly use $PATH to find the binary to run when RUN instructions express the command to run in exec form, and which do not do so using an absolute path by @nalind in #6378
Parent directories created for mounts used by buildah run or by RUN instructions in buildah build will be world-readable again by @nalind in #6381
commit: always return the config digest as the image ID by @nalind in #6426
copier: ignore user.overlay.* xattrs by @nalind in #6429
Include the Sequoia crypto backend, and run integration tests with it by @mtrmac in #6390
build,add: add support for corporate proxies by @userid0x0 in #6274
Documentation:
- Adding mohanboddu as community manager to MAINTAINERS.md by @mohanboddu in #6339
Vendored (Note, storage, image and common move to go.podman.io during this release):
- Vendor github.com/containers/common to v0.64.1
- Vendor github.com/containers/luksy digest to 2cf5bc9
- Vendor github.com/containers/image/v5 to v5.36.1
- Vendor github.com/containers/storage to v1.59.1
- Vendor github.com/cyphar/filepath-securejoin to v0.4.1
- Vendor github.com/docker/docker to v28.5.1+incompatible
- Vendor github.com/docker/go-connections to v0.6.0
- Vendor github.com/fsouza/go-dockerclient to v1.12.2
- Vendor github.com/moby/buildkit to v0.25.1
- Vendor github.com/opencontainers/cgroups to v0.0.5
- Vendor github.com/opencontainers/runc to v1.3.2
- Vendor github.com/openshift/imagebuilder to v1.2.19
- Vendor github.com/seccomp/libseccomp-golang to v0.11.1
- Vendor github.com/stretchr/testify to v1.11.1
- Vendor github.com/spf13/cobra to v1.10.1
- Vendor github.com/spf13/pflag to v1.0.10
- Vendor github.com/ulikunitz/xz to v0.5.15
- Vendor go.etcd.io/bbolt to v1.4.3
- Vendor go.podman.io/common to v0.66.0
- Vendor go.podman.io/image/v5 to v5.38.0
- Vendor go.podman.io/storage to v1.61.0
- Vendor golang.org/x/crypto to v0.43.0
- Vendor golang.org/x/sys to v0.37.0
- Vendor golang.org/x/term to v0.34.0
Tests:
- CI: make runc tests non-blocking by @nalind in #6286
- Make some test files different from each other by @nalind in #6405
Changes to the build infrastructure:
- Switch common, storage and image to monorepo. by @jankaluza in #6356
- Update to Go 1.24 by @nalind in #6380
- .cirrus.yml: Test Vendoring bump golang by @flouthoc in #6386

New Contributors:

@Romain-Geissler-1A first contribution in #6300
@mohanboddu made their first contribution in #6339
@jankaluza made their first contribution in #6356
@userid0x0 made their first contribution in #6274

Try it Out.

If you haven’t yet, install Buildah from one of the Linux repos or GitHub and give it a spin. We’re betting you’ll find it’s an easy and quick way to build containers in your environment without a daemon being involved!

For those of you who contributed to this release, thank you very much for your contributions! If you haven’t joined our community yet, don’t wait any longer! Come join us on GitHub, where Open Source communities live.

Buildah == Simplicity

21 Jul 2025 » Buildah version 1.41.0 Release Announcement by tsweeney

buildah logo

Buildah version 1.41.0 Release Announcement

We’re pleased to announce the release of Buildah version 1.41.0, which is now available from GitHub for any Linux distro. We are shipping this release on Fedora 41 and Fedora 42. Buildah will also be shipped on CentOS, OpenSUSE, and Ubuntu soon. In addition, container images will be available at https://quay.io/repository/buildah/stable and https://quay.io/repository/containers/buildah.

The Buildah project has continued to grow over the past several weeks, welcoming several new contributors to the mix. This release features notable changes:

A number of changes have been made to allow for “reproducible builds”, which, in specific scenarios, should reduce the pull time of images.
The --inherit-annotations, --source-date-epoch, --rewrite-timestamp, and --unsetannotation commands have been added to the build command. See the build man page for more details.
The --link option on the COPY and ADD commands in a Containerfile now fully supports layered build caching.

This release comprises changes made for v1.41.0 and will be included in Podman v5.6.

Release Changes

Changes for v1.41.0

Filter image only when necessary, which reduces overhead when creating images by @hanwen-flow in #6141
Support label_users in buildah from containers.conf by @rhatdan in #6161
Fix typo in comment by @brawer in #6167
Refactor NewImageSource to add a manifest type abstraction by @aaronlehmann in #5743 *When using –layers buildah will select most recent layer in case of conflict by @flouthoc in #6171
The buildah build’s “–output” option can now be specified multiple times by @nalind in #6177
The buildah add command now offers a “–timestamp” option by @nalind in #6178
Fixed the link to the Maintainers file by @JayKayy in #6187
The buildah build --add-host option now automatically resolves host-gateway from a string by @flouthoc in #6188
When the --platform option is not invoked, Buildah now uses the default platform. When the --platform option is used, the platform information from the base image is now used by @nalind in #6190
Ensure extendedGlob returns paths in lexical order to achieve a reproducible build by @Honny1 in #6169
The buildah commit command now recognizes --source-date-epoch and --rewrite-timestamp options, which affect the dates recorded in the new image’s configuration and the timestamps on the contents of the new layer by @nalind in #6189
The buildah build command now recognizes the --source-date-epoch and --rewrite-timestamp options, which affect the dates recorded in the new image’s configuration and the timestamps on the contents of the new layers and content generated in response to the --output flag by @nalind in #6208
Added support for the ‘–unsetannotation’ option, which allows users to prevent inheriting a specific annotation from base image in the build and config commands by @flouthoc in #6195
The buildah build sets a fixed hostname for RUN instructions when invoked with the --timestamp or --source-date-epoch options. When building or committing images with the --timestamp or --source-date-epoch options, the hostname, domain name, and name-of-container-which-was-committed will be set to fixed values by @nalind in #6211 *The buildah build and buildah commit commands no longer sets/updates the io.buildah.version label by default when either the --timestamp or --source-date-epoch options are used by @nalind in #6214
Support zstd compression is now working in image commit by @aaronlehmann in #5452
Added support for the --inherit-annotations command to the build command which allows users to specify if they want to inherit annotations from base image or not by @flouthoc in #6198
The buildah build command no longer leave traces of mount targets used for RUN instructions in built images by @nalind in #6233
Images committed in OCI formats now default to including an “org.opencontainers.image.created” annotation by @nalind in #6239
The BUILDTAG btrfs_noversion flag has been removed as it is no longer effective by @rahilarious in #6267
The --link option on the COPY and ADD commands in a Containerfile now fully support layered build caching by @2004joshua in #6240
The build command now makes sure that platform is considered correctly before using the potential image as cache candidate by @flouthoc in #6269
Documentation:
- [CI:DOCS] update a couple of lists in the build man page by @nalind in #6175
- [CI:DOCS] Add CNCF roadmap, touchup other CNCF files by @TomSweeneyRedHat in #6124
- [CI:DOCS] README.md: add openssf passing badge by @lsm5 in #6181
- docs: add –setopt “*.countme=false” to dnf examples by @nalind in #6215
- Update Neil Smith’s GitHub username in MAINTAINERS.md by @actionmancan in #6248
Vendored:
- Vendor in containers/automation_images to v20250422
- Vendor in github.com/containers/common to v0.63.0
- Vendor in github.com/containers/luksy digest to bc60f96
- Vendor in github.com/containers/image/v5 to v5.36.0
- Vendor in github.com/containers/storage to v1.59.0
- Vendor in github.com/docker/docker to v28.3.2+incompatible
- Vendor in github.com/fsouza/go-dockerclient to v1.12.1
- Vendor in github.com/go-viper/mapstructure/v2 to v2.3.0
- Vendor in github.com/moby/buildkit to v0.23.2
- Vendor in github.com/openshift/imagebuilder to v1.2.16
- Vendor in github.com/opencontainers/cgroups to v0.0.3
- Vendor in github.com/opencontainers/runc to v1.3.0
- Vendor in github.com/seccomp/libseccomp-golang to v0.11.0
- Vendor in go.etcd.io/bbolt to v1.4.2
- Vendor in golang.org/x/crypto to v0.40.0
- Vendor in golang.org/x/sync to v0.16.0
- Vendor in golang.org/x/term to v0.33.0
Tests
- test/serve: fix a descriptor leak, add preliminary directory support by @nalind in #6146
- commit-with-extra-files test: use $TEST_SCRATCH_DIR by @nalind in #6231
- Add conditional release-checking system test by @cevich in #6243
- Update “bud with –cpu-shares” test, and rename it by @nalind in #6271
- buildah: move passwd command to tests by @flouthoc in #6264
Changes to the build infrastructure
- [skip-ci] Packit: Ignore ELN and CentOS Stream jobs by @lsm5 in #6172
- [skip-ci] Packit: set fedora-all after F40 EOL by @lsm5 in #6170
- Use Fedora 42 instead of 41 in that one conformance test by @nalind in #6174
- [skip-ci] Packit: Disable osh_diff_scan by @lsm5 in #6164
- remove static nix build by @Luap99 in #6191
- Don’t BuildRequires: ostree-devel by @mtrmac in #6192
- dynamically link sqlite by @Luap99 in #6216
- CI: give the rootless test user some supplemental groups by @nalind in #6227
- conformance: use mirrored frontend and base images by @nalind in #6232
- CI: ensure rootless groups aren’t duplicates by @nalind in #6228
- Adjust a bud and run test as runc does not support keep-groups by @ricardobranco777 in #6226

New Contributors

@hanwen-flow made their first contribution in #6141
@brawer made their first contribution in #6167
@JayKayy made theirfirst contribution in #6187
@ricardobranco777 made their first contribution in #6226
@actionmancan made their first contribution in #6248
@pstoeckle made their first contribution in #6252
@2004joshua made their first contribution in #6240

Try it Out.

Buildah == Simplicity

21 Apr 2025 » Buildah version 1.40.0 Release Announcement by tsweeney

buildah logo

Buildah version 1.40.0 Release Announcement

We’re pleased to announce the release of Buildah version 1.40.0, which is now available from GitHub for any Linux distro. We are shipping this release on Fedora 41 and Fedora 42. Buildah will also be shipped on CentOS, OpenSUSE, and Ubuntu soon. In addition, container images will be available at https://quay.io/repository/buildah/stable and https://quay.io/repository/containers/buildah.

The Buildah project has continued to grow over the past several weeks, welcoming several new contributors to the mix. This release features notable changes:

The --inherit-labels option has been added to inherit labels from the base image, or not.
Add a --parents option for the COPY command to preserve leading directories in the paths of items being copied, relative to either the top of the build context, or to the “pivot point”.
The --timestamp option, if set, is now passed through to a destination of --tag=oci-archive and is applied to the timestamp of entries in the tar archive

This release comprises changes made for v1.40.0 and will be included in Podman v5.5.

Release Changes

Changes for v1.40.0

Bump Buildah to v1.39.0, c/storage v1.57.1, c/image v5.34.0, c/common v0.62.0 by @TomSweeneyRedHat in #5962 *The host directory used when a buildah build RUN instruction or buildah run uses the --mount=type=cache option is now chosen based not only on its “target” or “id” value, but also on the combination of “uid” and “gid” flag values specified, by @nalind in #5978
Better support for the containers.conf container_name_as_hostname option by @nalind in #5943
Better validation of manifest and expected digests by @mtrmac in #6014
stage_executor: history now correctly includes the heredoc summary by @flouthoc in #6041
Add --parents option for the COPY command to preserve leading directories in the paths of items being copied, relative to either the top of the build context, or to the “pivot point” by @Honny1 in #6008
The /proc/interrupts and /sys/devices/system/cpu/*/thermal_throttle are thermal paths are masked by default by @giuseppe in #6074
Fix built-in args on ARM64 by @Honny1 in #6076
The –timestamp option, if set, is now passed through to a destination of –tag=oci-archive: and is applied to the timestamp of entries in the tar archive by @aeijdenberg in #6023
“chroot” isolation should no longer require the “–no-pivot” flag be specified in order to function on “image mode” systems. by @nalind in #6088
Fixed a bug to add: correctly resolve git tags and branches and report errors if no reference is found by @flouthoc in #6087
Fixed a bug in processing Windows style paths by @danegsta in #6083
Return status 125 when a git operation fails instead of relaying the error code directly from git by @flouthoc in #6092
The build process now resets the platform in systemcontext for every stage by @flouthoc in #5971
Allow users to choose if they want to inherit labels from the base image by using –inherit-labels option by @flouthoc in #6103
Certain errors encountered when calling mount() while using “chroot” isolation will now use mount flag names in error diagnostic messages by @nalind in #6129
A bug was fixed to close files after a build properly by @aeijdenberg in #6047

Overall Miscellaneous Changes

Documentation:
- Switch to the CNCF Code of Conduct by @mheon in #5982
- buildah-build.1.md: secret examples by @hdub-tech in #5999
- Add a link to project governance and MAINTAINERS file by @mheon in #6108
- [CI:DOCS] Document rw/src for –mount in buildah-run(1) by @nalind in #6127
- Update Buildah issue template to new version and support podman build by @ninja-quokka in #6099
Vendored:
- Update to Go 1.23 for vendoring
- Vendor in containers/automation_images to v20250324
- Vendor in dependency golangci/golangci-lint to v2.1.0
- Vendor in github.com/containernetworking/cni to v1.3.0
- Vendor in github.com/containers/common to v0.62.2
- Vendor in github.com/containers/image/v5 to v5.34.2
- Vendor in github.com/containers/luksy digest to 40bd943
- Vendor in github.com/opencontainers/selinux to v1.12.0
- Vendor in github.com/containers/storage to v1.58.0
- Vendor in github.com/docker/docker to v28.1.0+incompatible
- Vendor in github.com/go-jose/go-jose/v4 to v4.0.5
- Vendor in github.com/moby/buildkit to v0.21.0
- Vendor in github.com/opencontainers/image-spec
- Vendor in github.com/opencontainers/runc to v1.2.6
- Vendor in github.com/opencontainers/runtime-spec to v1.2.1
- Vendor in github.com/opencontainers/runtime-tools digest to 260e151
- Vendor in github.com/openshift/imagebuilder digest to e87e4e1
- Vendor in github.com/spf13/cobra to v1.9.0
- Vendor in golang.org/x/crypto to v0.37.0
- Vendor in golang.org/x/net to v0.36.0 [security]
- Vendor in golang.org/x/sync to v0.11.0
- Vendor in golang.org/x/sys to v0.30.0
- Vendor in golang.org/x/term to v0.29.0
- Vendor in tags.cncf.io/container-device-interface to v1.0.1
Tests
- tests/conformance/testdata/Dockerfile.add: update some URLs by @nalind in #6012
- conformance: make TestCommit and TestConformance parallel by @flouthoc in #5995
- Fix Conformance tests on ARM64 by @Honny1 in #5990
- [skip-ci] TMT: system tests by @lsm5 in #5885
Changes to the build infrastructure
- CI: parallize unit tests by @flouthoc in #5954
- Use tmpfs for integration tests by @flouthoc in #5959
- .cirrus: bump ci resources by @flouthoc in #5979
- cirrus: reduce task timeout by @Luap99 in #5994
- github: remove cirrus rerun action by @Luap99 in #6063
- github: check_cirrus_cron work around github bug by @Luap99 in #6120
- github: disable cron rerun action by @Luap99 in #6036
- cirrus: make Total Success wait for rootless integration by @Luap99 in #6130
Plus a few minor fixes.

Try it Out.

Buildah == Simplicity

03 Feb 2025 » Buildah version 1.39.0 Release Announcement by tsweeney

buildah logo

Buildah version 1.39.0 Release Announcement

We’re pleased to announce the release of Buildah version 1.39.0, which is now available from GitHub for any Linux distro. We are shipping this release on Fedora 40 and Fedora 41. Buildah will also be shipped on CentOS, OpenSUSE, and Ubuntu soon. In addition, container images will be available at https://quay.io/repository/buildah/stable and https://quay.io/repository/containers/buildah.

The Buildah project has continued to grow over the past several weeks, welcoming several new contributors to the mix. This release features notable changes:

An --artifact-annotation option has been added to the manifest add command to allow for annotation of the artifact manifest.
Cache now works when additional build context is used as the source of –mount.
The build command has two new options, –security-opt mask and unmask.
The buildah build RUN instructions and buildah run command can now refer to images with the from argument when using the --mount=type=cache option.

This release comprises changes made for v1.39.0 and will be included in Podman v5.4.

Release Changes

Changes for v1.39.0

executor: allow to specify –no-pivot-root by @giuseppe #5838
The buildah manifest add command now includes a --artifact-annotation flag which can be used to add an annotation to the artifact manifest which is generated and then added to the image index. by @nalind #5854
The buildah build or buildah run with --isolation chroot will now default to using pivot_root() internally, unless the --no-pivot CLI flag is used. by @nalind #5874
Cache now works when additional build context is used as the source of –mount by @flouthoc #5693
Allow cache mounts to be stages and additional build contexts by @nalind #5897
The build command has two new options, –security-opt mask and unmask. Refer to the `build(1) man page for more information by @rhatdan #5883
Add more checks to the –mount flag parsing logic by @nalind #5925
Refactor: replace golang.org/x/exp with stdlib by @Juneezee #5937
Changes were made to more thoroughly unmount images by @nalind #5924
The buildah build RUN instructions and buildah run command can now refer to images with the from argument when using the --mount=type=cache option. by @nalind #5934
The build and run commands now record hash or digest in the image history for sources used in --mount. by @flouthoc #5691

Overall Miscellaneous Changes

Documentation:
- Fixed a broken doc link by @cheesesashimi #5936
Vendored:
- Vendor in github.com/containers/common to v0.62.0
- Vendor in github.com/containers/image to v5.34.0
- Vendor in github.com/containers/luksy digest to a3a812d
- Vendor in github.com/containers/ocicrypt to v1.2.1
- Vendor in github.com/containers/storage to v1.57.1
- Vendor in github.com/cyphar/filepath-securejoin to v0.3.6
- Vendor in github.com/docker/docker to v27.5.1
- Vendor in github.com/moby/buildkit to v0.19.0
- Vendor in github.com/moby/sys/capability to v0.4.8
- Vendor in github.com/opencontainers/runc to v1.2.4
- Vendor in github.com/opencontainers/runtime-tools digest to f7e3563b0271
- Vendor in github.com/stretchr/testify to v1.10.0
- Vendor in github.com/vbatts/tar-split to v0.11.7.
- Vendor in golang.org/x/crypto to v0.32.0
- Vendor in golang.org/x/exp digest to 7d7fa50e5329
- Vendor in golang.org/x/net to v0.34.0
Tests
- Make _prefetch() parallel-safe by @edsantiago #5841
- Parallelize some bats tests by @edsantiago #5552
- copy-preserving-extended-attributes: use a different base image by @nalind #5901
- chroot mount flags integration test: copy binaries by @nalind #5926
Changes to the build infrastructure
- CI VMs: bump again by @edsantiago #5833
- Finish updating to go 1.22 by @nalind #5835
- Makefile cleanups by @kolyshkin #5832
- Makefile: list sources via find conditionally by @danishprakash #5807
- Packit: f39 and rhel cleanups by @lsm5 #5849
- CI: remove some inter-job dependencies, run cross-compile task with make -j, use /tmp for Go build cache by @nalind #5856
- New VM Images by @Luap99 #5900
- RPM: use default gobuild macro on RHEL by @lsm5 #5938
- CI, .cirrus: parallelize containerized integration by @flouthoc #5947
Plus a few minor fixes.

Try it Out.

Buildah == Simplicity

11 Nov 2024 » Buildah version 1.38.0 Release Announcement by tsweeney

buildah logo

Buildah version 1.38.0 Release Announcement

We’re pleased to announce the release of Buildah version 1.38.0, which is now available from GitHub for any Linux distro. We are shipping this release on Fedora 40 and Fedora 41. Buildah will also be shipped on CentOS, OpenSUSE, and Ubuntu soon. In addition, container images will be available at https://quay.io/repository/buildah/stable and https://quay.io/repository/containers/buildah.

The Buildah project has continued to grow over the past several weeks, welcoming several new contributors to the mix. This release features notable changes:

ADD commands now use configured CA certificates with HTTPS
Git sources can now be used in Containerfile ADD commands
Fixes for CVE-2024-9407 and CVE-2024-9675

This release comprises changes made for v1.38.0 and will be included in Podman v5.3.

Release Changes

Changes for v1.38.0

buildah add and ADD instructions used with buildah build now use configured CA certificates and retry settings when retrieving contents from HTTPS locations by @nalind in #5646
On Debian/Ubuntu, add installation of libbtrfs-dev and libdevmapper-dev by @jelmer in #5541
COPY and ADD instructions being processed by buildah build will now be handled correctly if items matched by source location globs have names that include characters that are treated as special when globbing by @nalind in #5676
A retry mechanism process was added to the committing process to local storage to help with parallelization by @nalind in #5686
Fixed a nil pointer dereference on FreeBSD by @dfr in #5694
buildah build now expands “**” path components in source locations in ADD and COPY instructions as referring to any subdirectory by @nalind in #5688
Buildah now uses the pasta –map-guest-addr option by default which is used for the host.containers.internal entry to allow the container to reach the host by default. by @Luap99 in #5724
Add support for git sources in the Containerfile ADD command by @danishprakash in #5438
buildah manifest add --artifact no longer fails if it’s invoked with multiple file arguments. All of the files should be added to a single artifact manifest which should then be added to the image index being updated by @nalind in #5728
If a target platform for buildah build is not specified with one of the --platform, --os, or --arch flags, but a TARGETPLATFORM build argument has been set with --build-arg, its value will be used as though it had been specified to --platform by @nalind in #5731
The buildah build --compat-excludes flag will now has the intended effect when used in combination with --layers. by @nalind in #5729
buildah container images will now attempt to use the qemu-user-static binaries they include, if they also include configuration for them, for running binaries built for non-native architectures by @nalind in #5732
Including a file with the security.ima xattr set as a non-root user will no longer fail as the xattr could not be set by @mheon in #5741
Fixed a duplicate condition issue by @cuishuang in #5745
CVE-2024-9407: validate “bind-propagation” flag settings in run commands by @nalind in #5761
buildah manifest push --all is now true by default to match Podman by @k9withabone in #5755
Fixed CVE-2024-9675 which allowed arbitrary paths from the host to be mounted into a build container using the --mount type=cache argument to the RUN instruction in Dockerfiles. by @mheon in #5778
Add support for COPY –exclude and ADD –exclude options by @rhatdan in #5733
Newlines were added at the end of some printed error messages to make them more readable by @nalind in #5753
RUN instructions which use the –mount flag with a relative “target” path no longer trigger an error if the current stage does not have a defined working directory by @nalind in #5798

Overall Miscellaneous Changes

Documentation:
- buildah-build.1.md: expand the –layer-label description by @nalind in #5701
- update some godocs, use 0o to prefix an octal in a comment by @nalind in #5702
- Update tutorials to keep up with API changes in storage by @nalind in #5665
- Document how entrypoint is configured in buildah config by @rhatdan in #5734
- buildah-manifest-create.1: Fix manpage section by @siretart in #5757
- Document that zstd:chunked is downgraded to zstd when encrypting by @mtrmac in #5759
- Document more buildah build –secret options by @nalind in #5784
Vendored:
- Vendor in containers/automation_images to v20241010
- Vendor in github.com/containers/common to v0.61.0
- Vendor in github.com/containers/image/v5 to v5.33.0
- Vendor in github.com/containers/luksy digest to e2530d6
- Vendor in github.com/containers/storage to v1.56.0
- Vendor in github.com/cyphar/filepath-securejoin to v0.3.4
- Vendor in github.com/docker/docker to v27.3.1+incompatible
- Vendor in github.com/fsouza/go-dockerclient to v1.12.0
- Vendor in github.com/moby/buildkit to v0.17.1
- Vendor in github.com/onsi/ginkgo/v2 to v2.19.1
- Vendor in github.com/onsi/gomega to v1.34.1
- Vendor in github.com/opencontainers/runc to v1.2.1
- Vendor in github.com/opencontainers/runtime-tools digest to 6c9570a
- Vendor in github.com/opencontainers/selinux to v1.11.1
- Vendor in github.com/openshift/imagebuilder to v1.2.15
- Vendor in golang.org/x/crypto to v0.29.0
- Vendor in golang.org/x/exp digest to f66d83c
- Vendor in golang.org/x/sys to v0.27.0
- Vendor in golang.org/x/term to v0.26.0
Tests
- Drop the e2e test suite by @nalind in #5668
- conformance tests: use mirror.gcr.io for most images by @nalind in #5673
- unit tests: use test-specific policy.json and registries.conf by @nalind in #5672
- conformance: move weirdly-named files out of the repository by @nalind in #5684
- tests: add quotes to names by @Luap99 in #5765
- Integration tests: run git daemon on a random-but-bind()able port by @nalind in #5783
- tests: mkcw: bug fixes, refactor by @edsantiago in #5802
- tests: sbom: never write to cwd by @edsantiago in #5803
- tests: blobcache: use unique image name by @edsantiago in #5801
- tests: bud: make parallel-safe by @edsantiago in #5804
- tests/tools: update golangci-lint to v1.61.0 by @Luap99 in #5821
Changes to the build infrastructure
- CI VMs: bump f40 -> f41 by @edsantiago in #5820
- CI: enable the gofumpt and whitespace linters by @nalind in #5689
- gofix, gofmt the code, add gofmt linter by @kolyshkin in #5680
- make vendor-in-container: use the caller’s Go cache if it exists by @nalind in #5667
- Use Epoch: 2 and respect the epoch in dependencies. by @jnovy in #5654
- New VMs by @edsantiago in #5703
- Update to go 1.22 by @Luap99 in #5715
- Packit: Enable sidetags for bodhi updates by @lsm5 in #5730
- Packit: constrain koji job to fedora package to avoid dupes by @lsm5 in #5774
- Add a validation script for Makefile $(SOURCES) by @nalind in #5704
Plus a few minor fixes.

Try it Out.

Buildah == Simplicity

26 Jul 2024 » Buildah version 1.37.0 Release Announcement by tsweeney

buildah logo

Buildah version 1.37.0 Release Announcement

We’re pleased to announce the release of Buildah version 1.37.0, which is now available from GitHub for any Linux distro. We are shipping this release on Fedora 39 and Fedora 40. Buildah will also be shipped on CentOS, OpenSUSE, and Ubuntu soon. In addition, container images will be available at https://quay.io/repository/buildah/stable and https://quay.io/repository/containers/buildah.

The Buildah project has continued to grow over the past several weeks, welcoming several new contributors to the mix. This release features notable changes:

When building an image using buildah build, the contents of directories marked as volumes (defined by VOLUME instructions), whether as part of the build, or inherited from a base image, will no longer be saved before, and restored after, processing RUN instructions. The --compat-volumes flag can be used to re-enable this behavior.
The config command now supports the --healthcheck-start-interval option, which allows the user to specify the time between health checks during the start period.
When buildah copy is given the --from option, the ownership of items being copied from other images or containers will be preserved by default for better consistency with handling of the COPY instruction in Dockerfiles. The previous behavior can be forced by adding the --chown=0:0 flag,

This release comprises changes made for v1.37.0 and will be included in Podman v5.2.

Release Changes

Changes for v1.37.0

Fix secret mounts for environment variables when using chroot isolation by @jonahbull in #5544
imagebuildah: Support custom image reference lookup for cache push/pull by @aaronlehmann in #5532
The config command now supports the --healthcheck-start-interval option, which allows the user to specify the time between healthchecks during the start period by @flouthoc in #5472
A nil pointer reference on that could occur on FreeBSD systems when using the buildah run command has been corrected by @dfr in #5580
Add some NetBSD support by @coypoop in #5559
When buildah copy is given the --from option, the ownership of items being copied from other images or containers will be preserved by default for better consistency with handling of the COPY instruction in Dockerfiles. The previous behavior can be forced by adding the --chown=0:0 flag, by @nalind in #5597
Images built using buildah build without --layers=true will describe their base image in the history entry for the first instruction that was processed, rather than the last instruction by @nalind in #5595
If the “FROM” command was used with a --platform option, it is now included when logging the instruction by @nalind in #5599
Unrecognized values for the --pull command line flag are no longer silently treated as if they were “missing” by @nalind in #5605
Change default for podman build to –pull missing by @rhatdan in #5583
When building an image using buildah build, the contents of directories marked as volumes (defined by VOLUME instructions), whether as part of the build, or inherited from a base image, will no longer be saved before, and restored after, processing RUN instructions. The --compat-volumes flag can be used to re-enable this behavior by @nalind in #5604

Overall Miscellaneous Changes

Documentation:
- Update godoc for Builder.EnsureContainerPathAs by @nalind in #5594
- Clarify the definition of –pull options by @rhatdan in #5407
Vendored:
- Vendor in github.com/containerd/containerd to v1.7.18
- Vendor in github.com/containernetworking/cni to v1.2.3
- Vendor in github.com/containers/common to v0.60.0
- Vendor in github.com/containers/image/v5 to v5.32.0
- Vendor in github.com/containers/storage to v1.55.0
- Vendor in github.com/cyphar/filepath-securejoin to v0.3.1
- Vendor in github.com/docker/docker to v27.1.1+incompatible
- Vendor in github.com/containers/luksy digest to v0.0.0-20240618143119-a8846e21c08c
- Vendor in github.com/fsouza/go-dockerclient to v1.11.1
- Vendor in github.com/onsi/ginkgo/v2 to v2.19.0
- Vendor in github.com/opencontainers/runc to v1.1.13
- Vendor in github.com/openshift/imagebuilder to v1.2.14
- Vendor in github.com/spf13/cobra to v1.8.1
- Vendor in golang.org/x/crypto to v0.25.0
- Vendor in golang.org/x/exp digest to v0.0.0-20240613232115-7f521ea00fb8
- Vendor in golang.org/x/sys to v0.22.0
- Vendor in golang.org/x/term to v0.22.0
Tests
- Re-enable two conformance tests by @nalind in #5566
- tests: set _CONTAINERS_USERNS_CONFIGURED=done for libnetwork by @nalind in #5574
Changes to the build infrastructure
- CI: Clarify Debian use for conformance tests by @cevich in #5538
- [skip-ci] Packit: enable c10s downstream sync by @lsm5 in #5514
- CI VMs: bump, to debian with cgroups v2 by @edsantiago in #5550
- Cross-build on Fedora by @cevich in #5572
- CI VMs: bump by @edsantiago in #5600
- CI: use local registry by @edsantiago in #5584
Plus a few minor fixes.

Try it Out.

Buildah == Simplicity

23 May 2024 » Buildah version 1.36.0 Release Announcement by tsweeney

buildah logo

Buildah version 1.36.0 Release Announcement

We’re pleased to announce the release of Buildah version 1.36.0, which is now available from GitHub for any Linux distro. We are shipping this release on Fedora 39 and Fedora 40. Buildah will also be shipped on CentOS, OpenSUSE, and Ubuntu soon. In addition, container images will be available at https://quay.io/repository/buildah/stable and https://quay.io/repository/containers/buildah.

The Buildah project has continued to grow over the past several weeks, welcoming several new contributors to the mix. This release features notable changes:

The --device option has been added to the buildah run command.
CVE-2024-3727 and CVE-2024-1753 have been addressed.
Improvements to the Heredoc functionality.

This release comprises changes made for v1.36.0 and will be included in Podman v5.1.

Release Changes

Changes for v1.36.0

fix /etc/hosts and resolv.conf setup with network configs by @Luap99 in #5409
CVE-2024-1753 container escape fix by @TomSweeneyRedHat in #5411
Makefile - instead of calling as directly, use it from env var by @rahilarious in #5436
buildah run now accepts a --device option. The --device option can now accept names of devices that are specified using CDI (container device interface). by @nalind in #5443
Makefile: softcode strip, use it from env var by @rahilarious in #5446
Fix caching when mounting a cached stage with COPY/ADD by @aaronlehmann in #5445
source-push: add support for –digestfile by @flouthoc in #5444
heredoc: honor inline COPY irrespective of .containerignore file by @flouthoc in #5459
Address CVE-2024-3727, an image library flaw by @TomSweeneyRedHat in #5523
Setting –arch should set the TARGETARCH build arg by @rhatdan in #5478
Add release note template to split dependency chores by @der-eismann in #5463
Don’t leak temp files on failures by @rhatdan in #5527
Environment variables referenced in RUN instructions that use heredoc syntax will now be evaluated by the command being invoked rather than by the builder by @nalind in #5473

Overall Miscellaneous Changes

Documentation:
- fix links to containerignore doc by @Pvlerick in #5402
- [CI:DOCS] Migrate buildah container image by @cevich in #5384
- Update install.md by @onlykzy in #5457
- [CI:DOCS] Add golang 1.21 update warning by @cevich in #5437
- Fix buildah prune –help examples by @naskya in #5534
Vendored:
- Vendor in github/containers.common to v0.59.0
- Vendor in github.com/containers/image/v5 to v5.31.0
- Vendor in github.com/containers/luksy to 84b50f50f3ee
- Vendor in github.com/containers/ocicrypt to v1.1.10
- Vendor in github.com/cyphar/filepath-securejoin to v0.2.5
- Vendor in github.com/docker/docker to v26.1.3+incompatible
- Vendor in gopkg.in/go-jose/go-jose.v2 to v2.6.3
- Vendor in github.com/go-jose/go-jose/v3 to v3.0.3
- Vendor in github.com/onsi/ginkgo/v2 to v2.18.0
- Vendor in google.golang.org/protobuf to v1.33.0
- Vendor in github.com/opencontainers/runtime-spec to v1.2.0
- Vendor in golang.org/x/exp to v0.0.0-20240416160154-fe59bbe5cc7f
- Vendor in golang.org/x/net to v0.25.0
Tests
- tests: skip_if_no_unshare(): check for –setuid by @edsantiago in #5360
- pr-should-include-tests: use GitHub label, not commit text by @edsantiago in #5374
- tests: enable pasta tests by @Luap99 in #5381
- Change RUN to comment in bud.bats by @TomSweeneyRedHat in #5415
- Switch packit configuration to use epel-9-$arch instead of centos-stream+epel-next-9-$arch by @nalind in #5484
- Integration tests: fixup use of _prefetch by @nalind in #5480
- integration test: handle new labels in “bud and test –unsetlabel” by @nalind in #5487
- Disable packit builds for centos-stream+epel-next-8 by @nalind in #5493
- Integration tests: switch some base images by @nalind in #5499
- CI VMs: bump to new versions with tmpfs /tmp by @edsantiago in #5470
- Integration tests: fake up a replacement for nixery.dev/shell by @nalind in #5495
- bud tests: fix breakage when vendoring into podman by @edsantiago in #5537
Changes to the build infrastucture
- Fix a build break on FreeBSD by @dfr in #5293
- [CI:DOCS] Stop rebasing renovate PRs automatically by @cevich in #5414
- CI: bump VMs by @edsantiago in [#5426](https://github.com/containers/buildah/pull/5426
- [skip-ci] Fix issue/pr lock workflow by @cevich in #5466
- fix CentOS/RHEL build - no BATS there by @jnovy in #5528
Plus a few minor fixes.

Try it Out.

Buildah == Simplicity

07 Mar 2024 » Buildah version 1.35.0 Release Announcement by tsweeney

buildah logo

Buildah version 1.35.0 Release Announcement

We’re pleased to announce the release of Buildah version 1.35.0, which is now available from GitHub for any Linux distro. We are shipping this release on Fedora 38 and Fedora 39. Buildah will also be shipped on CentOS, OpenSUSE, and Ubuntu soon. In addition, container images will be available at https://quay.io/repository/buildah/stable and https://quay.io/repository/containers/buildah.

The Buildah project has continued to grow over the past several weeks, welcoming several new contributors to the mix. This release features notable enhancements:

An --add-file flag has been added to the commit command to add the file to the committed image.
A --sbom flag has been added to the build and commit commands, which allows the created image to be scanned and build contexts.
The manifest push command now supports the --retry and --retry-delay flags.

This release comprises changes made for v1.35.0 and will be included in Podman v5.0.

Release Changes

Changes for v1.35.0

SELinux relabeling via :Z and :z on file systems that do not support labels like NFS are now ignored by @rhatdan in #5197
An --add-file option has been added to the commit command to add the file to the committed image by @nalind in #5226
When building using Heredoc notation, Buildah now correctly bursts the layer cache if the HereDoc content is changed by @flouthoc in #5261
The buildah mkcw command now accepts an --add-file option, which can be used to add a file to the committed image without modifying the working container which is being committed by @nalind in #5252
The buildah commit and buildah build commands now recognize --sbom and related options, which can be used to scan the image that is being created. The scanner’s output can be added to the image or saved to the local disk by @nalind in #5279
An interpreter/shebang is now honored in HereDoc by @flouthoc in #5255
The no-dereference option has been added as a valid mount option by @rhatdan in #5299
The manifest push command now supports the --retry and --retry-delay flags by @flouthoc in #5315
Buildah now sets the maximum ulimits, nofile and nproc values by default by @rhatdan in #5275
The build output now shows a progress bar while pushing and pulling images by @flouthoc in #5314
buildah manifest add now accepts an --artifact option, which can create artifact manifests for arbitrary files and add those artifact manifests to an image index by @nalind in #5301
buildah manifest annotate now accepts a --index option, indicating that --annotation values should be added to the image index rather than an item listed in an image index by @nalind in #5301
Error messages when using the --sbom related flags have been tidied up by @nalind in #5288
Building with --all-platforms will now refrain from building for platforms with OS or Architecture values that are empty or set to the value “unknown”. Additionally, “Architecture” values that are not recognized by the Go compiler will also be skipped by @nalind in #5335
Changed the base image of the official Buildah image to fedora-minimal to reduce its size by @isker in #5347
The build --pull=false command no longer pulls the image by @rhatdan in #5354
Default values for --retry and --retry-delay can be set in containers.conf by @rhatdan in #5345
The manifest add command now complains if --artifact-* options are used without the --artifact option by @nalind in #5366

Overall Miscellaneous Changes

Documentation:
- [CI:DOCS] Document use of containers-transports values in buildah by @rhatdan in #5230
- [CI:DOCS] move footnotes to where they’re applicable by @edsantiago in #5305
- [CI:DOCS] Revert “Reduce official image size” by @cevich in #5350
- [CI:DOCS] docs: correct default authfile path by @rhatdan in #5319
- [CI:DOCS] Add comment re: Total Success task name by @cevich in #5342
- Use reversed logo for dark theme in README by @Sea-n in #5287
Vendored:
- Vendor in github.com/containerd/containerd v1.7.13
- Vendor in github.com/containernetworking/plugins v1.4.0
- Vendor in github.com/containers/common v0.58.0
- Vendor in github.com/containers/image/v5 v5.30.0
- Vendor in github.com/containers/luksy v0.0.0-20240212203526-ceb12d4fd50c
- Vendor in github.com/containers/storage v1.53.0
- Vendor in github.com/fsouza/go-dockerclient v1.10.1
- Vendor in github.com/moby/buildkit v0.12.5
- Vendor in github.com/onsi/gomega v1.31.1
- Vendor in github.com/opencontainers/image-spec v1.1.0
- Vendor in github.com/opencontainers/runc v1.1.11
- Vendor in github.com/openshift/imagebuilder v1.2.6
- Vendor in github.com/stretchr/testify v1.9.0
- Vendor in go.etcd.io/bbolt v1.3.9
- Vendor in golang.org/x/crypto v0.21.0
- Vendor in golang.org/x/sync v0.6.0
- Vendor in golang.org/x/term v0.18.0
Tests
- tests: skip_if_no_unshare(): check for –setuid by @edsantiago in #5360
- Add a conformance test for copying to a mounted prior stage by @nalind in #5375
- conformance tests: don’t break on trailing zeroes in layer blobs by @nalind in #5386
Changes to the build infrastucture
- Fix a build break on FreeBSD by @dfr in #5293
Plus a few minor fixes.

Try it Out.

Buildah == Simplicity

13 Dec 2023 » Buildah version 1.34.0 Release Announcement by tsweeney

buildah logo

Buildah version 1.34.0 Release Announcement

We’re pleased to announce the release of Buildah version 1.34.0, which is now available from GitHub for any Linux distro. We are shipping this release on Fedora 38 and Fedora 39. Buildah will also be shipped on CentOS, OpenSUSE, and Ubuntu soon. In addition, container images will be available at https://quay.io/repository/buildah/stable and https://quay.io/repository/containers/buildah.

The Buildah project has continued to grow over the past several weeks, welcoming several new contributors to the mix. This release is a quick turnaround release to shrink the size of the Buildah image via changes to the new HereDoc code.

This release comprises changes made for v1.34.0 and will be included in Podman v4.9.

Release Changes

Changes for v1.34.0

Bump to v1.33.1 by @edsantiago in #5182
Allow using just one jail per container with run on FreeBSD by @dfr in #5176

Overall Miscellaneous Changes

Documentation:
- [CI:DOCS] man pages: underscores, too-wide lines by @edsantiago in #5203
Vendored:
- Vendor in github.com/containerd/containerd v1.7.11
- vendor in github.com/containers/common v0.57.1-0.20231130092720-630c929caef9
- vendor in github.com/containers/image v5.29.1-0.20231120202631-293b00ba7166
- vendor in github.com/containers/storage v1.51.1-0.20231204015418-15c3cb7881e4
- vendor in github.com/fsouza/go-dockerclient to v1.10.0
- vendor in github.com/moby/buildkit to v0.12.4
- vendor in github.com/onsi/ginkgo/v2 to v2.13.2
- vendor in github.com/openshift/imagebuilder v1.2.6-0.20231127234745-ef2a5fe47510
- vendor in golang.org/x/crypto to v0.16.0
- vendor in golang.org/x/sys to v0.15.0
- vendor in golang.org/x/term to v0.15.0
Tests
- Integration tests: make skip_if_no_unshare check –map-users by @nalind in #5192
Changes to the build infrastucture
- Set makefile target internal/mkcw/embed/entrypoint.gz as .PHONY on non x86_64 by @dcermak in #5183
Plus a few minor fixes.

Try it Out.

Buildah == Simplicity

17 Nov 2023 » Buildah version 1.33.0 Release Announcement by tsweeney

buildah logo

Buildah version 1.33.0 Release Announcement

We’re pleased to announce the release of Buildah version 1.33.0, which is now available from GitHub for any Linux distro. We are shipping this release on Fedora 38 and Fedora 39. Buildah will also be shipped on CentOS, OpenSUSE, and Ubuntu soon. In addition, container images will be available at https://quay.io/repository/buildah/stable and https://quay.io/repository/containers/buildah.

The Buildah project has continued to grow over the past several weeks, welcoming several new contributors to the mix. This release features notable enhancements:

Heredoc syntax is now supported for the RUN, COPY and ADD commands in a Containerfile.
Added support for –unsetlabel in the build and config commands.
The build command now has a --no-hostname option which prevents the container’s /etc/hostname file from being populated.
The login and logout commands now support editing Docker-compatible config files, using a --compat-auth-file.
The ADD command in a Containerfile now supports the –checksum flag for HTTP sources This release comprises changes made for v1.33.0 and will be included in Podman v4.8.

Release Changes

Changes for v1.33.0

Tag a v1.32.0 release by @nalind in #5046
The buildah add and buildah copy commands should correctly handle relative path names for sources when the –context-directory` flag is used by @nalind in #5050
Removing selinux_tag.sh as it is no longer needed after #580356f by @rahilarious in #5054
When the base is scratch, build an image without layers by @flouthoc in #5031
Add support for –unsetlabel in the build and config commands by @flouthoc in #5062
Consider the .ignorefile with –build-context by @danishprakash in #5021
Previously, when mounting multiple mounts, if any mount had a type specified, it would override the default type for subsequent mounts. This corrects it, by @BenjaminSchubert in #5067
run: use internal.GetTempDir instead of os.MkdirTemp by @flouthoc in #5084
Do not remove base-image in a multi-stage build when built without --layers by @flouthoc in #5081
The build command now has a --no-hostname option which prevents the container’s /etc/hostname file from being populated by @rhatdan in #5094
When a build that uses multiple –platform flags fails, the error message will indicate which platform experienced the failure by @nalind in #5112
TEE types used with buildah build --cw and buildah mkcw are no longer required to be specified in lower-case by @nalind in #5159
The login and logout commands now support editing Docker-compatible config files, using a --compat-auth-file option by @mtrmac in #5143
The buildah build command using a Containerfile with no instructions, with either --unsetenv or --unsetlabel specified on the command line, now correctly generates a new image by @nalind in #5160
The ADD command in a Containerfile now supports the –checksum flag for HTTP sources by @jfroy in #5152
The value put into DefaultNetworkSysctl is no longer hard coded and now pulls the value from the containers.conf file by @rhatdan in #5156
Heredoc syntax is now supported for the RUN, COPY and ADD commands in a Containerfile by @flouthoc in #5092
The buildah commit command now accepts optional --change and --config options, which can be used to make last-minute changes to the configuration of an image when it is committed, by @nalind in #5150
The buildah build command will no longer produce an empty image when the --cw option is used along with the --layers option and the final instruction in the Dockerfile is not an ADD, COPY, or RUN command by @nalind in #5161

Overall Miscellaneous Changes

Documentation:
- [CI:DOCS] Protocol can be specified with –port. Ex. –port 514/udp by @ranjithrajaram in #5066
- [CI:DOCS] Pass secrets from the host down to internal podman containers by @rhatdan in #5154
Vendored:
- Vendor in github.com/containerd/containerd v1.7.7
- Vendor in github.com/containers/common v0.57.0
- Vendor in github.com/containers/image v5.29.0
- Vendor in github.com/containers/storage v1.51.0
- Vendor in github.com/containers/luksy v0.0.0-20231030195837-b5a7f79da98b
- Vendor in github.com/onsi/gomega to v1.30.0
- Vendor in github.com/opencontainers/image-spec to v1.1.0-rc5
- Vendor in github.com/opencontainers/runc to v1.1.10
- Vendor in github.com/spf13/cobra to v1.8.0
- Vendor in go.etcd.io/bbolt to v1.3.8
- Vendor in golang.org/x/crypto to v0.15.0
- Vendor in golang.org/x/net to v0.18.0
- Vendor in golang.org/x/sync to v0.5.0
- Vendor in golang.org/x/sys to v0.14.0
- Vendor in golang.org/x/term to v0.14.0
- Vendor in sigs.k8s.io/yaml to v1.4.0
Tests:
- conformance tests: use go-dockerclient for BuildKit builds by @nalind in #5165
- conformance tests: archive the context directory as 0:0 by @nalind in #5171
- conformance: use require.NoErrorf() more by @nalind in #5146
- blobcacheinfo,test: blobs must be resued when pushing across registry by @flouthoc in #5153
Changes to the build infrastructure:
- [CI:BUILD] Packit: tag @packit-build team on copr build failures by @lsm5 in #5060
- Update cirrus and version of golang by @rhatdan in #5139
- build: downgrade to go 1.20 by @giuseppe in #5166
- mkcw: remove entrypoint binaries by @flouthoc in #5076
Plus several minor fixes.

Try it Out.

Buildah == Simplicity

03 Oct 2023 » Buildah version 1.32.0 Release Announcement by tsweeney

buildah logo

Buildah version 1.32.0 Release Announcement

We’re pleased to announce the release of Buildah version 1.32.0, which is now available from GitHub for any Linux distro. We are shipping this release on Fedora 38 and Fedora 39. Buildah will also be shipped on CentOS, OpenSUSE, and Ubuntu soon. In addition, container images will be available at https://quay.io/repository/buildah/stable and https://quay.io/repository/containers/buildah.

The Buildah project has continued to grow over the past several weeks, welcoming several new contributors to the mix. This release features notable enhancements:

Labels can now be added to intermediate images.
Ulimits can now be set to the maximum by passing -1 as the value.
The mkcw command has been created to convert a container image into a confidential workload image. See the buildah-mkcw(1) man page for details.

This release comprises changes made for v1.32.0 and will be included in Podman v4.5.

Release Changes

Changes for v1.32.0

Add limited support for FreeBSD in the overlay pkg by @dfr in #4888
contrib/buildahimage: set config correctly for rootless build user by @flouthoc in #4905
manifest, push: implement –add-compression to push with compressed variants by @flouthoc in #4912
buildah: add –layer-label for setting labels on intermediate images by @flouthoc in #4940
buildah/push/manifest-push: add support for –force-compression to prevent reusing other blobs by @flouthoc in #4973
Added support for ArchPARISC(64) and ArchRISCV64 in seccomp filters by @michalbiesek in #4976
Restored loong64 cross targets to the Makefile by @michalbiesek in #4979
The build-arg warnings are no longer displayed if an argument is already defined globally by @flouthoc in #4983
Comments are now ignored when parsing /etc/group on FreeBSD by @dfr in #4997
You can now specify -1 for values when setting ulimits to indicate maximum by @rhatdan in #5000
The owner of the storage.conf in the Containerfile that builds images for quay.io has been corrected by @indyvanmol in #5001
When pushing, the –force-compression option is set to true when used with the –compression-format option by @flouthoc in #5013
The buildah mkcw command has been created, and adds a --cw flag for buildah build and buildah commit by @nalind in #4960
Move code around to not require libimage to help reduce the size of the Podman image by @Luap99 in #5039
Fixed the handling of image_copy_tmp_dir from containers.conf by @rhatdan in #5043

Overall Miscellaneous Changes

Documentation:
- [CI:DOCS] Update debian/ubuntu build instructions by @andrewgdotcom in #4876
- [CI:DOCS] Replace troff code with markdown in buildah-{copy,add}.1.md by @PeterWhittaker in #4985
- [CI:DOCS] docs: add a reference to oci-hooks by @flouthoc in #5004
- [CI:DOCS] Update install.md changes to reflect current Debian stable version name by @aaerrolla in #4955
Vendored:
- Vendor in github.com/containerd/containerd v1.7.6
- Vendor in github.com/containers/common v0.56.0
- Vendor in github.com/containers/image v5.28.0
- Vendor in github.com/containers/ocicrypt v1.1.8
- Vendor in github.com/containers/storage v1.50.2
- Vendor in github.com/cyphar/filepath-securejoin v0.2.4
- Vendor in github.com/docker/docker v24.0.6
- Vendor in github.com/onsi/gomega v1.27.10
- Vendor in github.com/opencontainers/image-spec v1.1.0-rc4
- Vendor in github.com/opencontainers/runc v1.1.9
- Vendor in github.com/opencontainers/runtime-spec v1.1.0
- Vendor in golang.org/x/crypto v0.13.0
- Vendor in golang.org/x/sys v0.12.0
- Vendor in golang.org/x/term v0.12.0
Tests:
- None
Changes to the build infrastructure:
- [CI:BUILD] Packit: fix pre-sync action for downstream tasks by @lsm5 in #4907
- [CI:BUILD] Packit: downstream task script needs GOPATH by @lsm5 in #4924
- [CI:BUILD] Packit: remove pre-sync action by @lsm5 in #4926
- [CI:BUILD] RPM: define gobuild macro for rhel/centos stream by @lsm5 in #4946
- [CI:BUILD] Packit: add fedora-eln targets and build docs with vendored go-md2man by @lsm5 in #4964
- [CI:BUILD] RPM: fix buildtags by @lsm5 in #4971
- [CI:BUILD] rpm: spdx compatible license field by @lsm5 in #4984
- Cirrus: container/rootless env. var. passthrough by @cevich in #4872
- Cirrus: Remove multi-arch buildah image builds by @cevich in #5006
- packit: Build PRs into default packit COPRs by @martinpitt in #4959
Plus several minor fixes.

Try it Out.

Buildah == Simplicity

21 Jul 2023 » Buildah version 1.31.0 Release Announcement by tsweeney

buildah logo

Buildah version 1.31.0 Release Announcement

We’re pleased to announce the release of Buildah version 1.31.0, which is now available from GitHub for any Linux distro. We are shipping this release on Fedora 37, Fedora 38, and Fedora 39. Buildah will also be shipped on CentOS, OpenSUSE, and Ubuntu soon. In addition, container images will be available at https://quay.io/repository/buildah/stable and https://quay.io/repository/containers/buildah.

The Buildah project has continued to grow over the past several weeks, welcoming several new contributors to the mix. This release features notable enhancements:

Buidlah now supports pasta as network mode like podman.
Slirp4netns now uses the options from containers.conf and uses ipv6 by default.
Buildah now reads the default_rootless_network_cmd containers.conf option to get the default rootless network program.
The device mapper storage driver support has been removed.

This release comprises changes made for v1.31.0 and will be included in Podman v4.5.

Release Changes

Changes for v1.31.0

Revert “buildah image should not enable fuse-overlayfs for rootful mode” by @flouthoc in #4722
Add support for relabel bind mount option by @danishprakash in #4705
build: –platform must accept only arch by @flouthoc in #4757
parse: filter edge-case for podman-remote by @flouthoc in #4765
Fix an overflow on retries on container name conflicts by @mtrmac in #4752
Manifest, push: use source as destination if not specified by @flouthoc in #4767
When doing a mount in the run command, remove the path only if they didnt pre-exist by @flouthoc in #4755
Accept required flag for a secret without value by @flouthoc in #4791
Build: The volumes are now validated on the backend rather than the frontend by @flouthoc in #4792
Problematic calls to prctl(PR_SET_PDEATHSIG) have been dropped from the Go code by @giuseppe in #4790
References to registry.centos.org have been removed since it is decommissioned by @flouthoc in #4819
Labels defined for the build process are now applied to only the final stage by @flouthoc in #4817
The ‘image_copy_tmp_dir’ field from containers.conf is now used if ENV: TMPDIR is not found by @flouthoc in #4844
When run with debug-level logging enabled, the buildah binary will log the set of effective capabilities at startup by @nalind in #4836
The device mapper storage driver support has been removed by @kolyshkin in #4832
The hostname is now added to /etc/hosts when running with host network by @Luap99 in #4869
Buidlah now supports pasta as network mode like podman. Also, Slirp4netns now uses the options from containers.conf and uses ipv6 by default by @Luap99 in #4877
Buildah now reads the default_rootless_network_cmd containers.conf option to get the default rootless network program by @Luap99 in #4889

Overall Miscellaneous Changes

Documentation:
- Clarify the need for qemu-user-static package by @rhatdan in #4738
- Update the demos README file to fix minor typos by @pixdrift in #4781
- Update comment to remove ambiguity by @cevich in #4849
- Renovate: Don’t touch fragile test stuffs by @cevich in #4856
- Add a warning to build –secret docs by @rijenkii in #4823
Vendored:
- Vendor in github.com/containerd/containerd v1.7.2
- Vendor in github.com/containers/common v0.55.1
- Vendor in github.com/containers/image/v5 v5.26.1
- Vendor in github.com/containers/storage v1.48.0
- Vendor in github.com/docker/docker v24.0.2
- Vendor in github.com/docker/distribution to v2.8.2
- Vendor in github.com/onsi/gomega v1.27.8
- Vendor in github.com/opencontainers/runc v1.1.7
- Vendor in github.com/opencontainers/runtime-spec v1.1.0-rc.3
- Vendor in github.com/openshift/imagebuilder v1.2.5
- Vendor in github.com/sirupsen/logrus v1.9.3
- Vendor in github.com/stretchr/testify v1.8.4
- Vendor in golang.org/x/crypto v0.10.0
- Vendor in golang.org/x/sync v0.3.0
- Vendor in golang.org/x/term v0.9.0
Tests:
- Add smoke tests for encryption CLI helpers by @mtrmac in #4745
- Use debian instead of docker.io/library/debian:testing-slim when testing by @flouthoc in #4807
- The intermediate-images inherit-label test has been made debuggable by @edsantiago in #4837
- Fix the transition test to work with the latest selinux policy by @rhatdan in #4829
Changes to the build infrastructure:
- Fix a test broken by the renovatebot by @edsantiago in #4812
- Support testing w/ podman-next COPR packages by @cevich in #4830
- Makefile: don’t show sed invocations by @kolyshkin in #4841
- Makefile: increase conformance timeout by @flouthoc in #4760 * Packit: add jobs for downstream Fedora package builds by @lsm5 in #4870
- Fix a meta task failing to find commits by @cevich in #4773
- Explicitly ref. quay images for CI by @cevich in #4828
Plus several minor fixes.

Try it Out.

Buildah == Simplicity

21 Apr 2023 » Buildah version 1.30.0 Release Announcement by tsweeney

buildah logo

Buildah version 1.30.0 Release Announcement

We’re pleased to announce the release of Buildah version 1.30.0, which is now available from GitHub for any Linux distro. We are shipping this release on Fedora 37, Fedora 38, and Fedora 39. Buildah will also be shipped on CentOS, OpenSUSE, and Ubuntu soon. In addition, container images will be available at https://quay.io/repository/buildah/stable and https://quay.io/repository/containers/buildah.

The Buildah project has continued to grow over the past several weeks, welcoming several new contributors to the mix. This release features notable enhancements:

The login command now supports interspersed args
The --network option is now handled by RUN commands in Containerfiles.
The ARG command in a Containerfile will now honor any value passed, and environment variables work more intuitively in Containerfiles.

This release comprises changes made for v1.29.1 and v1.30.0 and will be included in Podman v4.5.

Release Changes

Changes for v1.30.0

Added a new CleanCacheMount API which allows cleaning of the buildcache generated on the host. #4552
The login command now supports interspersed args for password from stdin. I.e. $ cat password.txt | buildah login docker.io -u user --password-stdin #4558
Changes to cleanup routines ensure that orphaned stages and dangling containers are now appropriately removed. #4595
buildah build should no longer produce spurious “Pushing cache []:…” messages while building images.#4602
OCI images produced using multi-stage builds, where the final stage is based on an earlier stage, will no longer include an “org.opencontainers.image.base.name” annotation for the base of that earlier stage combined with an “org.opencontainers.image.base.digest” annotation which corresponds to the image produced by that earlier stage, which are two different images. #4618
Then ExtendedAgent now supports signing with flags as BuildKit does. #4637
The COPY command in a Containerfile will now honor any ARG value #4578
Buildah no longer warns about unused TARGETARCH,TARGETOS,TARGETPLATFORM variables #4634
Buildah container images now will inform users the list of capabilities they require, including CAP_SYS_CHROOT. #4643
The “ifnewer” option has been added to the help message for the pull1 command. The option had been added to the command prior. #4645
Buildah now only attempts to push the cache during a build only when the cacheKey is generated. #4650
Support has been added for inline --network options in Containerfile RUN statements. #4566
The build command now prints a 12-digit hash instead of an 11-digit hash upon successful completion. #4660
A fresh sysfs is now mounted when the netns is private #4684
The --build-arg-file {your-args} option in a Containerfile now allows specifying --build-args from a file instead of inline in the build command. #4686
Buildah now only applies a label on the final image during the build instead of all intermediate images#4673
The RUN --network=default command in a Containerfile is now ignored as it is in BuildKit. #4659
Process environment variables as passed by reference. The buildah run --env command will now lookup environment variables. Also, if --env A is passed and A is not defined, A will now remain unset rather than being set to blank. #4702

Overall Miscellaneous Changes

Documentation:
- Fixed documentation on which Capabilities are allowed by default. #4584
- Fixed the tutorial for rootless mode. #4629
- Clarified the behaviour of buildah’s distributed cache. #4644
- Updated the build instruction for Ubuntu. #4690
- Clarified in the documenation that buildah image should not enable fuse-overlayfs for rootful mode. #4699
- Documented the order preference for FROM when using multiple Containerfiles. #4546
- Add defaults for Run() in Tutorrial #4. #4611
Vendored:
- Updated to Go 1.18
- Vendor in github.com/containerd/containerd from v1.6.17
- Vendor in go.etcd.io/bbolt v1.3.7
- Vendor in golang.org/x/crypto v0.8.0
- Vendor in golang.org/x/term v0.6.0
- Vendor in github.com/containers/common v0.52.0
- Vendor in github.com/containers/image/v5 v5.25.0
- Vendor in github.com/containers/storage v1.45.3
- Vendor in github.com/fsouza/go-dockerclient v1.9.7
- Vendor in github.com/onsi/gomega v1.27.6
- Vendor in github.com/opencontainers/runc v1.5.0
- Vendor in github.com/opencontainers/runtime-tools v0.9.1-0.20230317050512-e931285f4b69
- Vendor in github.com/opencontainers/selinux v1.11.0
- Vendor in github.com/openshift/imagebuilder v1.2.4-0.20230309135844-a3c3f8358ca3
- Vendor in github.com/docker/docker v23.0.3+incompatible
Tests:
- The conformance tests now use scratch for minimal test to unblock CI issues #4552
- Fix requiring tests on Makefile changes by @cevich in #4663
Changes to the build infrastructure:
- Dependabot has been disabled in favor of renovate for updating vendored projects.
- el8 builds have been fixed. #4439
- [CI:BUILD] Packit: Enable Copr builds on PR and commit to main by @lsm5 in #4681
- Replace Ubuntu macines with Debian machines in the CI #4610
Plus several minor fixes.

Try it Out.

Buildah == Simplicity

27 Jan 2023 » Buildah version 1.29.0 Release Announcement by tsweeney

buildah logo

Buildah version 1.29.0 Release Announcement

We’re pleased to announce the release of Buildah version 1.29.0, which is now available from GitHub for any Linux distro. We are shipping this release on Fedora 36 and Fedora 37. Buildah will also be shipped on CentOS, OpenSUSE, RHEL, and Ubuntu soon. In addition, container images will be available at https://quay.io/repository/buildah/stable and https://quay.io/repository/containers/buildah.

The Buildah project has continued to grow over the past several weeks, welcoming several new contributors to the mix. This release features notable enhancements:

The prune command has been added to clean intermediate images as well as the build and mount cache.
Added support for the --group-add option to the from and build commands. One useful feature of this, it to use the –group-add keep-groups option, which allows rootless users to take advantage of their group access to file and devices mounted into the build containers.
The --cache-from and --cache-to options for the build command now allow for multiple sources. This can be used to improve the speed of builds, especially in CI/CD environments.

This release comprises changes made for v1.28.1 and v1.28.2 and will be included in Podman v4.4.

Release Changes

Changes for v1.29.0

Fixed an issue with the build command when using the --mount option with the RUN command. In some cases, the correct build stage was not being used (#4522).
When the --env command line flag conflicts with an ENV instruction in a Containerfile, the Containerfile’s value is now the one that is recorded in the output image.
Multiple --label command line flags now generate only one history entry in the output image.
The --env command line flag now generates a history entry in the output image.
Added support for the --group-add option to the from and build commands which assign additional groups to the primary user running within the container.
Fixed an error in the ignorefile handling when the file was a symlink.
Network setup errors have been clarified. *The Containerfile’s RUN command now allows relative mountpoints, in regards to the work directory, to be specified in the --mount option.
The prune command has been added to clean intermediate images as well as the build and mount cache.
The CleanCacheMount API can now be called outside of Buildah.
Multiple sources and destinations are now supported by the --cache-from and the --cache-to options of the build command. See the buildah-build (1) man page for more details.
The Containerfile RUN commands mount=type=cache option now creates a separate cache parent on the host for each user.
Changes to the mount command were made to allow better operability on FreeBSD.
The build command now supports --security-opt no-new-privileges flag.
The base image honors userargs and heading args when built with the build --all-platforms option.
An error has been addressed that prevented the --secret type=env option from working when running the build command within a container.
Mult-stage builds now resolve the named image appropriately if a build arg is the same name.
When the build command used a RUN --mount=type=bind command to a previous stage, the contents were not accessible of the stage had been cached (#4375). This has been fixed.
An issue with the build ---cache-from not working properly with the ARG command has been corrected (#4315).
Locking mechanisms used for cacheing were simplified within the code and an issue was locks with multiple mounts was fixed..
Simplify the interface of GetCacheMount and getCacheMount.
When using the --mount=type=secret option for the Containerfile RUN command, relative paths from the configured work directory can now be specified.
When cached volumes were mounted with locking enabled, the RUN clause could hang (#4342). This has been corrected.
A Warning message is no longer shown for an argument that was not used during the build process (#4303).
The Containerfiles used to build the variety of Buildah container images on quay.io has been consolidated into one file.
Bump to v1.28.1-dev.

Overall Miscellaneous Changes

Documentation:
- Fixed two diversity issues in a tutorial.
- An unnecessary sudo in the main README.md’s example on lighttpd was removed.
- The build --squash option has been clarified.
- Documentation was added for the buildah build --pull=missing option.
- Fixed the installation instructions for Gentoo Linux.
- Fixed the man pages to match the options the various commands have.
Vendored:
- Vendor in github.com/containerd/containerd 1.6.15
- Vendor in github.com/containers/common 0.51.0
- Vendor in github.com/containers/image 5.24.0
- Vendor in github.com/containers/ocicrypt 1.1.6
- Vendor in github.com/containers/storage 1.45.3
- Vendor in github.com/docker/docker 20.10.23
- Vendor in github.com/fsouza/go-dockerclient 1.9.3
- Vendor in github.com/onsi/gomega 1.26.0
- Vendor in github.com/spf13/cobra 1.6.0
- Vendor in golang.org/x/crypto 0.4.0
- Vendor in golang.org/x/sys 0.3.0
- Vendor in golang.org/x/term 0.3.0
Tests:
- Flake 3710 has been closed. Reenable the test.
- Tests: improve build-with-network-test.
- Fix bud-multiple-platform-with-base-as-default-arg flake.
- Tests: change the runtime-flag test for crun * system tests: remove unhelpful assertions.
- Test: fix preserve rootfs with –mount for podman-remote.
- Test: fix prune logic for cache-from after adding content summary.
- Test: cleaning cache must not clean lockfiles.
- Update tests for error message changes.
- Test: retrofit ‘bud with undefined build arg directory’.
- Test: bud.bats refactoring: $TEST_SCRATCH_DIR, part 2 of 2.
- Test: bud.bats refactoring: $TEST_SCRATCH_DIR, part 1 of 2.
- Userns: add arbitrary steps/stage to –userns=auto test.
- System test cleanup: document, clarify, fix.
- Test: removing unneeded/expensive COPY.
- Removed a number of unnecessary, hence misleading, rmi commands in the tests.
- Test: warning behaviour for unset/set TARGETOS,TARGETARCH,TARGETPLATFORM.
- Define and use a safe, reliable test image.
- A locking issue regarding ssh was corrected in the test suites.
Changes to the build infrastructure:
- Cirrus: Update VM Images.
- Fixed a multi-arch manifest-list build timeouts.
- Update to F37 CI VM Images, re-enable prior-fedora.
- Cirrus: Migrate OSX task to M1.
- GHA: Reuse both cirrus rerun and check workflows.
- GHA: Simplify Cirrus-Cron check slightly.
- Makefile: Fix install on FreeBSD.
- [CI:BUILD] copr: buildah rpm should depend on containers-common-extra.
- Cirrus CI add flavor parameter.
- Makefile: Use $(MAKE) to start sub-makes in install.tools.
- pr-should-include-tests: allow specfile, golangci.
Plus several minor fixes.

Try it Out.

Buildah == Simplicity

09 May 2022 » Buildah version 1.26.1 Released! by tsweeney

buildah logo

Buildah version 1.26.1 Released!

We’re pleased to announce the release of Buildah version 1.26.1 and version 1.26.0, which are now available from GitHub for any Linux distro. We are shipping this release on Fedora 35, Fedora 36, and RHEL 8.6.0.2. Buildah will also be shipped on CentOS, OpenSUSE, and Ubuntu soon. In addition, container images will be available at https://quay.io/repository/buildah/stable and https://quay.io/repository/containers/buildah.

The Buildah project has continued to grow over the past several weeks, welcoming several new contributors to the mix. This release features notable enhancements:

A number of additonal BuildKit additions.
A number of performance enhancements.
Several bug fixes and other minor improvements.

The full release announcement is in the works and will be out soon, in the meantime

Try it Out.

Buildah == Simplicity

04 May 2022 » Buildah version 1.26.0 Release Announcement by tsweeney

buildah logo

Buildah version 1.26.0 Release Announcement

We’re pleased to announce the release of Buildah version 1.26.0, which is now available from GitHub for any Linux distro. We are shipping this release on Fedora 35 and Fedora 36. Buildah will also be shipped on CentOS, OpenSUSE, RHEL, and Ubuntu soon. In addition, container images will be available at https://quay.io/repository/buildah/stable and https://quay.io/repository/containers/buildah.

The Buildah project has continued to grow over the past several weeks, welcoming several new contributors to the mix. This release features notable enhancements:

The buildah build command now includes a --env option to complement its --unsetenv option.
The buildah build and buildah config commands now accept --os-version and --os-feature flags for setting the corresponding fields in an image’s configuration.
Custom build outputs are now allowed (#3789) and the type and destination can be selected.

This release comprises changes made for v1.25.1 and the main branch and will be included in Podman v4.1.1.

Release Changes

Changes for v1.26.0

Changes were made to the copy algorithm of the build command to prevent concurrent read/write actions on the internal maps.
The buildah build command now includes a --env option to complement its --unsetenv option. See the buildah-build.1.md man page for details.
The default value of the io.buildah.version label can now be overridden at the buildah build command line using the --label option. See the buildah-build.1.md man page for details.
The buildah build and buildah config commands now accept --os-version and --os-feature flags for setting the corresponding fields in an image’s configuration. See the buildah-build.1.md and buildah-config.1.md mang pages for details.
The TARGETPLATFORM variable in the build process is now set correctly when one or more --platform options are specified.
When the --layers option was used, build did not always handle aliases as it should (#3939). This has been corrected.
Custom build outputs are now allowed (#3789) and the type and destination can be selected. See the --output option on the buildah-build.1.md man page for more information.
An error that at times did not allow for a file to be written to a directory during the build process has been corrected.
Error messages now use consistent lowercase ‘invalid’ in returned error messages.
The hostname within the container is now set to the server’s hostname rather than “localhost”.
Fixed an error where only an image with a shortname could be pushed (3915).
The network backend is now initialized appropriately before the first pull rather than defaulting to cni more times than it should have.
Changes were made to the mount functionality called when in a rootless environment to mount volumes appropriately.
Buildah now uses the settings in containers.conf for ‘netns’ configuration.
The buildah build command only accepts at most one argument, it errors now when multiple arguments are given instead of ignoring them.
When trying to add a local image to the manifest while also setting the variant or arch, would fail to find the local image and would pull it from the registry (#3511). This has been corrected.
The io.buildah.version labels can now be suppressed (#3826) in the build and commit commands with the --identity-label option. See the buildah-build.1.md and buildah-commit.1.md man pages for details.
Containers created by running “buildah from” and specifying the base image using its full ID, or during a “buildah build”, will be given shorter auto-generated names.
Fixed a hang caused by a timing issue when the oci runtime would fail.
Fixed an error when running in rootless, not all processes were killed that should have been.
Bump back to v1.26.0-dev

Overall Miscellaneous Changes

Documentation:
- The option usage text across the manpages was made more consistent.
- The FreeBSD builds for documentation have been fixed.
Vendored:
- Vendor in github.com/containerd/containerd 1.6.15
- Vendor in github.com/containerd/containerd 1.6.4
- Vendor in github.com/containernetworking/cni 1.1.0
- Vendor in github.com/containers/common 0.48.0
- Vendor in github.com/containers/image 5.21.1
- Vendor in github.com/containers/storage 1.40.2
- Vendor in github.com/fsouza/go-dockerclient 1.7.11
- Vendor in github.com/opencontainers/runc 1.1.1
- Vendor in github.com/opencontainers/selinux 1.10.1
- Vendor in github.com/openshift/imagebuilder 1.2.4
Tests:
- Tests were added for the --platform option with the Containerfile’s FROM command and also for builtinargs behavior.
- Renamed the variable $TESTSDIR (the plural one), to $TESTDIR within the tests.
- Issues with some corner cases involving assert calls were corrected.
- Concurrency was reduced in the flaky bud-multiple-platform-no-run test.
- Rootless on cgroupv2 in the root environment is now skipped.
- The copier tests now use the correct UID/GID in test archives.
- Some of the integration tests now use a dummy registry.
Changes to the build infrastructure:
- The build now automatically sets the correct TARGETPLATFORM where expected.
- Updated the CI VMs to Fedora 36.
- Fixed a static check linter warning for a deprecated function.
- Set permissions correctly for a few GitHub actions.
Plus several minor fixes.

Try it Out.

Buildah == Simplicity

29 Mar 2022 » Buildah version 1.25.0 Release Announcement by tsweeney

buildah logo

Buildah version 1.25.0 Release Announcement

We’re pleased to announce the release of Buildah version 1.25.0, which is now available from GitHub for any Linux distro. We are shipping this release on Fedora 34, and Fedora 35. Buildah will also be shipped on CentOS, OpenSUSE, and Ubuntu soon. In addition, container images will be available at https://quay.io/repository/buildah/stable and https://quay.io/repository/containers/buildah.

The Buildah project has continued to grow over the past several weeks, welcoming several new contributors to the mix. This release features notable enhancements:

A container will now wait up to four minutes, up from 5 seconds, when it is created before it will fail due to network issues.
A --no-hosts option was added to the build and run commands.
A new global option, --cgroup-manager, has been added.

This release comprises changes made for v1.24.1, v1.24.2, and v1.25.0 and will be included in Podman v4.1.

Release Changes

Changes for v1.25.0

A container will now wait up to four minutes, up from 5 seconds, when it is created before it will fail due to network issues.
A fix for CVE-2022-27651 addressed an issue with inheritable capabilities within the container.
The --mount=type=cache option now supports locking the external cache store.
A --no-hosts option was added to the build and run commands. When used, an /etc/host file is not created within the container or container image by default.
Processing was added to the add command to ensure the context directory is an absolute path.
During a build, if the base image has a healthconfig and the child image does not, the healthconfig is inherited from the base image. This emulates the processing that Docker does.
The buildah container images on quay.io now contain cpp.
The subuid/subgid values in buildah container images on quay.io have been increased to 65535.
Proxy variables are now only added to the container image’s history only if they are specified with the ARG command in the Containerfile. This emulates Docker’s behavior.
A new option, --cgroup-manager, has been added that allows the cgroup manager to be overridden. More information on the Buildah(1) man page.
When the --cgroup-manager is set to systemd, the --systemd-cgroup option for the OCI runtime is used, which is understood by both runc and crun.
A build would fail if a RUN command was specified in a Containerfile after a Volume command. This issue has been addressed.
An issue with the run command’s --cap-add=all option not appropriately setting the capabilities has been corrected.
Support has been added for the FROM command in a Containerfile to allow specification of the OS, ARCH, or VARIANT values. See the --platform option on the buildah-build (1) man page for more details.

Overall Miscellaneous Changes

Documentation:
- The source files for the Containerfile and containeringore man pages have moved to the containers/common project.
- The options for commands in the man pages are now sorted alphabetically.
- Removed references to Kubic for CentOS and Ubuntu on the installation guide.
Vendored:
- Vendor in github.com/containerd/containerd from v1.6.2
- Vendor in github.com/containers/common to v0.47.5
- Vendor in github.com/containers/image/v5 v5.20.0
- Vendor in github.com/containers/ocicrypt v1.1.3
- Vendor in github.com/containers/storage v1.39.0
- Vendor in github.com/docker/distribution v2.8.1
- Vendor in github.com/docker/docker v20.10.14
- Vendor in github.com/fsouza/go-dockerclient v1.7.10
- Vendor in github.com/onsi/gomega v1.18.1
- Vendor in openshift/imagebuilder v1.2.2
- Vendor in github.com/prometheus/client_golang to v1.11.1
- Vendor in github.com/spf13/cobra v1.4.0
- Vendor in github.com/stretchr/testify v1.7.1
Tests:
- Add a few “replace-directory-with-symlink” tests in the conformance tests.
- Removed a number of skips for rootless users.
- Now unshares mount/umount if test is_rootless.
- The copy tests now read the correct containers.conf and initialize the network.
- Tests for rootless, which need unshare.
- Added a test to protect against CVE-2022-27651 in the future.
- The integration tests now run in a rootless environment.
- An issue between TESTDIR and TESTSDIR in the test environment was fixed.
- The combination-namespaces test has been sped up.
- Tests now print a full pathname for files to output.
Changes to the build infrastructure:
- Cirrus: Use updated VM images.
- Makefile: build with systemd when available.
- Cirrus: added a separate task and matrix for rootless.
Plus several minor fixes.

Try it Out.

Buildah == Simplicity

26 Jan 2022 » Buildah version 1.24.0 Release Announcement by tsweeney

buildah logo

Buildah version 1.24.0 Release Announcement

We’re pleased to announce the release of Buildah version 1.24.0, which is now available from GitHub for any Linux distro. We are shipping this release on Fedora 34, and Fedora 35 Buildah will also be shipped on CentOS, OpenSUSE, and Ubuntu soon. In addition, container images will be available at https://quay.io/repository/buildah/stable and https://quay.io/repository/containers/buildah.

The Buildah project has continued to grow over the past several weeks, welcoming several new contributors to the mix. This release features notable enhancements:

The --compression-format and compression-level flags have been added to the push command.
Several options were added to the --mount option for the Containerfile RUN and run commands.
The build --network option now supports custom networks.

This release comprises changes made for v1.24.0 and will be included in Podman v4.0.

Release Changes

Changes for v1.24.0

Label modification during a build now mimics Docker behavior.
Handle zstd compression when unmarshalling a layer.
A bug was fixed in the build that, under particular circumstances, could cause the build to stall.
The --compression-format and compression-level flags have been added to the push command.
Added the –all-platforms option to “buildah build”.
Added support for --mount=type=tmpfs to the Containerfile RUN and run commands to allow mounting volatile memory instead of persistent storage.
Added support for persistent caching across builds with –mount=type=cache.
Support for --mount=type=bind to the Containerfile RUN and run commands.
The from= field is now a valid option to pass to the --mount option for run. This allows images to be used as a source.
Add support for host.containers.internal in the /etc/hosts
Report ignorefile location when no content is added during a build, and an ignorefile is present.
Support has been added for overlayfs paths that contain a colon.
Rootless containers users should use additional groups by @rhatdan in #3593
USERS specified in a Containerfile can now become members of a supplementary group as specified in a Containerfile.
NetworkEnabled is now set appropriately when passed with the --network option.
Support was added to allow an environment variable to specify the source of a secret for a build command.
The image history no longer contains ARG values.
The /sys file system is no longer mounted if it is not needed.
An image’s variant field can now be seen via the inspect command or set with the config command.
The build --network option now supports custom networks.
Output for several errors were changed to show the command output for better debugging.
The --unsetenv option was added to the commit and build commands.
The time before closing an ssh connection has been Increased to allow for ssh enough time to close properly.
Multiple filters are now accepted by the images command.
The MediaType in OCI manifests is now set properly.
Rootless buildah commands can now set resource limits on cgroup V2.
The --memory-swap option for the build command can be set to -1 to allow unlimited memory swap.
Callers of the build command, such as Podman, can now replace the ContainerPrefix with a value of their choosing.
Fix default CNI paths so that their value is no longer hardcoded but pulled from the containers.conf file.
A number of changes were made to the Cobra CLI calls to make things more consistent for developers and end users.
Fixed the --platform option for the build command so it appropriately uses the value passed into it.
A fix was added to allow the runtime to be searched using a fully qualified path.
Added support to specify non-volatile upperdir and workdir for overlay volumes with the Containerfile RUN and run commands.
The pull commands are now: --pull, --pull=true, --pull=false, --pull=never, and --pull=always. Older commands such as --pull-always and --pull-never are still functional but are no longer documented.

Overall Miscellaneous Changes

Documentation:
- Added a man page for Containerfile and .containerignore.
- Updated the build1 –platform’ option’s compatibility notes.
- Added example usage for manifest on its man page.
- Fixed the tutorial to correct the run command in the ‘Using Containerfiles/Dockerfiles with Buildah’ section.
- Updates were made to the tutorials to clarify how the run command works.
- Clarifications were added to the build command’s --volume option.
- A number of typos and grammatical errors were corrected throughout the man pages.
- The links for the commands in top-level README.md were corrected.
Vendored:
- Vendor in github.com/containerd/containerd 1.5.9
- Vendor in github.com/containernetworking/cni 1.0.1
- Vendor in github.com/containers/common 0.46.0
- Vendor in github.com/containers/image/v5 5.19.0
- Vendor in github.com/containers/storage 1.37.0
- Vendor in github.com/docker/docker 20.10.12+incompatible
- Vendor in github.com/fsouza/go-dockerclient 1.7.7 *Vendor in github.com/golangci/golangci-lint 1.44.0
- Vendor in github.com/onsi/ginkgo 1.16.5
- Vendor in github.com/onsi/gomega 1.18.0
- Vendor in github.com/opencontainers/runc 1.1.0
- Vendor in github.com/opencontainers/selinux 1.9.1
- Vendor in github.com/spf13/cobra 1.3.0
- Vendor in github.com/vbauerster/mpb v7.1.5
Tests:
- Conformance: allow test cases to specify dockerUseBuildKit.
- Conformance: add more tests for exclusion short-circuiting.
- Tests now rely only on static/unchanging images.
- The buildkit mount test files are now moved from TESTSDIR to TESTDIR before any modifications.
- Enabled git-daemon tests.
- Tests tools versions were bumped and some refactoring.
- The tests no longer pull the PHP and composer images; instead, they pull the smaller busybox and libpod/testimage, which are smaller. This speeds up the tests and prevents a number of network timeouts.
- The build tests now use a local git daemon for the git protocol test.
- Fixed the libsubid test.
Changes to the build infrastructure:
- Updated the VM Images and dropped prior-ubuntu testing.
- Makefile now checks for -race using -mod=vendor.
- Adjusted the -ldflags/-gcflags/-gccgoflags in the Makefile depending on the go implementation.
- Makefile now only uses race detection when it’s available.
- Cirrus: Run int. tests in parallel with unit tests.
- Cirrus: Fix defunct package metadata breaking cache.
- Cirrus: Bump up to Fedora 35 & Ubuntu 21.10.
- Cirrus: remove static_build.
- Cirrus: Re-ordered tasks for more parallelism.
- Cirrus: Freshen the VM images
- Updated golangci-lint, its config, and fixed some warnings.
- The GitHub workflow now reports both failures and errors.
Plus several minor fixes.

Try it Out.

Buildah == Simplicity

14 Sep 2021 » Buildah version 1.23.0 Release Announcement by tsweeney

buildah logo

Buildah version 1.23.0 Release Announcement

We’re pleased to announce the release of Buildah version 1.23.0, which is now available from GitHub for any Linux distro. We are shipping this release on Fedora 34 & 35, and RHEL 8.5. Buildah will also be shipped on CentOS, OpenSUSE, and Ubuntu soon. In addition, container images will be available at https://quay.io/repository/buildah/stable and https://quay.io/repository/containers/buildah.

The Buildah project has continued to grow over the past several weeks, welcoming several new contributors to the mix. This release features notable enhancements:

Support has been added for rootless containers to use overlay mounts.
An epoch time field has been added to the container images created by Buildah.
The bud command has been renamed to build. An alias for bud was created for backward compatibility and to not break existing scripts.
The platform option for build can now take multiple values.
The login and logout commands now accept repositories as Podman does.

This release comprises changes made for v1.23.0 and will be included in Podman v3.3.1

Release Changes

Changes for v1.23.0

Added support for rootless containers to use overlay mounts.
The build command now mirrors the value provided to the --authfile option to a temporary file on the filesystem if it is pointing to a file descriptor instead of a file.
The rm <list> option of the build command has been corrected to only remove manifests rather than referenced images.
Improvements have been made to the performance of --compress=false of the build command.
Fixed an issue when tagging a manifest list. It would at times tag an image instead of the manifest.
Add support for libsubid which will allow remote access to /etc/subuid and /etc/subgid information from LDAP services when shadow-utils is shipped with libsuid.
Added an epoch time field to buildah images.
Fix ownership of the /home/build/.local/share/containers directory in the Containerfiles that build the images on quay.io.
Rename the bud command to build, while keeping an alias for to bud.
Fixed a possible timing issue with the stage processing of the build command.
Support has been added for SSH mounts in the buildah run command.
Fixed a DNS resolution issue when using the --net=private option with buildah run.
Fixed a nil dereference in buildah run command logger option.
The --platform option to buildah bud can now take a comma-separated list or be specified multiple times, for use in combination with the --manifest option.
Set the new annotations for the fqdn and digest of the base image.
Accept repositories on login/logout as Podman does.
Fix build processing when .git url is part of the context directory
Bump to v1.23.0-dev [NO TESTS NEEDED]

Overall Miscellaneous Changes

Documentation:
- Corrected the man page section in the registries.conf sample file to mention its man page.
- Clarify the rmi command behavior when using a manifest list or an image index.
Vendored:
- Bump go for vendor-in-container from 1.13 to 1.16
- Vendor in containerd/containerd v1.5.5
- Vendor in containers/common v0.44.0
- Vendor in containers/image/v5 v5.16.0
- Vendor in containers/storage v1.36.0
- Vendor in fsouza/go-dockerclient v1.7.4
- Vendor in onsi/gomega v1.16.0
- Vendor in opencontainers/runc v1.0.2
- Vendor in opencontainers/selinux v1.8.5
Tests:
- tests/serve/serve.go: use a kernel-assigned port.
- conformance: tighten up exception specifications.
Changes to the build infrastructure:
- .cirrus.yml: run cross_build_task on Big Sur.
- Makefile: update the Makefile’s cross target to build on every architecture.
- Cirrus: Increase unit-test timeout.
- Install new source manpages to correct sections.
- Updates to vendor-in-container processing.
Plus several minor fixes.

Try it Out.

Buildah == Simplicity

10 Aug 2021 » Buildah version 1.22.0 Release Announcement by tsweeney

buildah logo

Buildah version 1.22.0 Release Announcement

We’re pleased to announce the release of Buildah version 1.22.0, which is now available from GitHub for any Linux distro. We are shipping this release on Fedora 32, 33 & 34, and RHEL 8.5. Buildah will also be shipped on CentOS, OpenSUSE, and Ubuntu soon. In addition, container images will be available at https://quay.io/repository/buildah/stable and https://quay.io/repository/containers/buildah.

The Buildah project has continued to grow over the past several weeks, welcoming several new contributors to the mix. This release features notable enhancements:

To be more inclusive, the “master” branch has been renamed to “main” in the GitHub repository. A number of changes throughout the project were made to account for this.
A number of changes were made to the Dockerfiles and procedures that build the Buildah container images that are on quay.io to allow them to run Buildah more easily within them, especially as a rootless user.
A dangling image is now considered dangling if it is “untagged” and does not have children. This now matches the definition used by Docker.

This release comprises changes made for v1.21.0 through v1.22.0 and will be included in Podman v3.3.

Release Changes

Changes for v1.22.0

Changes were made to allow dst and destination to be used for targets in secret mounts.
Previously, a dangling image was an “untagged” image. This has been refined to an “untagged” image without children which emulates Docker’s definition.
An invalid ADD --chown <value> command in a Containerfile would not error 3380. This has been corrected.
Fixed a CVE where environment values could leak into intermediate processes.
Reuse code from containers/common/pkg/parse.
Excludes exceptions beginning with / or ./ in a .dockerignore file were being ignored [3272}(https://github.com/containers/buildah/issues/3272) and this has been corrected.
No longer set 0_NONBLOCK on stdin to address 3152.
The methods used to create a default network in a container have been moved to containers/common.
Added the --env and --workingdir flags to the run command. See the run man page for details.
Added the --json flag to the mount and version commands. See the mount and version man page for details.
The copy and add commands can now use a .containerignore file 3303.
When copying a single file to the workdir, the workdir is no longer mistakenly overwritten podman#10671.
The way that the auth.json file was searched for when running as a rootless user was different for a variety of commands 3259. This has been corrected to search for the file in the appropriate location.
Bump to v1.21.1-dev

Overall Miscellaneous Changes

Documentation:
- Remove specific kernel version number requirement from install.md.
- In buildah bud: –ignore-file requires a parameter.
- In push/pull man pages: clarify supported transports.
- Fix documentation of the –format option of buildah push.
- Clarify rmi removes dangling parents in the rmi man page.
- Fix links to containers/image master branch to the new main branch.
Vendored:
- Update nix pin with make nixpkgs.
- Vendor in containers/common v0.42.1.
- Vendor in containers/image/v55.15.0.
- Vendor in containers/ocicrypt 1.1.2.
- Vendor in containers/storage to 1.33.1.
- Vendor in fsouza/go-dockerclient 1.7.3.
- Vendor in go.etcd.io/bbolt 1.3.6.
- Vendor in mattn/go-shellwords 1.0.12.
- Vendor in onsi/ginkgo 1.16.4.
- Vendor in onsi/gomega 1.14.0.
- Vendor in opencontainers/runc 1.0.1.
- Vendor in opencontainers/selinux 1.8.2.
Tests:
- The runtime-flag (debug) test now handles old and new runc.
- Added a few tests on cgroups V2.
- Adjust conformance-test error-message regex to account for a change in output.
- Make it easier to override the location of the copy helper in some tests.
- Workarounds for the appearance of differing debug messages.
Changes to the build infrastructure:
- Always push updated version-tagged multi-arch container images.
- Made steps generic for the multi-arch container image build process.
- Update cirrus-cron notification GH workflow.
- Freshened VM images used by Cirrus.
- Drop dependence on fedora-minimal.
- Now Install Docker from the package cache.
- Updates for the master->main branch rename.
- Synchronized the workflow for multi-arch image builds across Skopeo, Buildah, and Podman.
- Fix handling of the --restore shadow-utils rpm option in the container image Dockerfiles.
- Add volumes to the container image Dockerfiles to make running Buildah within a container easier.
Plus several minor fixes.

Try it Out.

Buildah == Simplicity

09 Jun 2021 » Buildah version 1.21.0 Release Announcement by tsweeney

buildah logo

Buildah version 1.21.0 Release Announcement

We’re pleased to announce the release of Buildah version 1.21.0, which is now available from GitHub for any Linux distro. We are shipping this release on Fedora 32, 33 & 34, and RHEL 8.5. Buildah will also be shipped on CentOS, OpenSUSE, and Ubuntu soon. In addition, container images will be available at https://quay.io/repository/buildah/stable and https://quay.io/repository/containers/buildah.

The Buildah project has continued to grow over the past several weeks, welcoming several new contributors to the mix. This release features notable enhancements:

A --secret option has been added to the bud command, which allows passing secret information (such as a database password) to the Container without it being stored in the final image. See the buildah bud man page for more information.
The buildah manifest rm command has been added and allows the user to remove one or more manifest lists. See the buildah manifest and buildah manifest rm man pages for more information.
The code that did container image handling has been removed from Buildah and replaced with the new libimage package that resides in containers/common. This code is used by a number of projects in the Containers organization and has proven to be more efficient than the older code.

This release comprises changes made for v1.20.0 through v1.21.0.

Release Changes

Changes for v1.21.0

Containerfiles no longer fail during CPP processing if a comment is contained within the file.
The --default-mounts-file option for the buildah bud command now works correctly.
The logrus messages for Info, Warning, and Debug are now being written to stderr when using the buildah bud command.
The check for a bad image name now happens much earlier in the build process rather than at the end.
When podman build pulled an image, it would use the --pull-never policy, using only the locally available image. This has been corrected, and the image is now pulled from the registry if it is available.
Fixed a couple of race conditions that were causing containers to fail just before they exited.
The ownership of a lower directory is preserved when doing an overlay mount, similar to the way that bind mounts work.
The handling of images with signatures could fail under certain circumstances, this has been corrected.
Errors emitting from the runtime are now more clearly labeled.
The logic involving built-in volumes has been reworked to better handle non-overlayfs mounts.
Changes were made to work better with the VFS driver.
A --secret option has been added to the bud command, which allows passing secret information (such as a database password) to the Container without it being stored in the final image. See the buildah bud man page for more information.
The buildah manifest rm command has been added and allows the user to remove one or more manifest lists. See the buildah manifest and buildah manifest rm man pages for more information.
The non functioning and unsupported buildah bud --loglevel option has been removed.
The code that did container image handling has been removed from Buildah and replaced with the new libimage package that resides in containers/common. This code is used by a number of projects in the Containers organization and has proven to be more efficient than the older code.
The buildah bud command handled multiple tags but did not report them to the user. If there are multiple tags, buildah bud now reports that.
Logged debugging and error messages will once again include a count of seconds elapsed since buildah was started.

Overall Miscellaneous Changes

Documentation:
- Documented the location of the auth.json file if XDG_RUNTIME_DIR is not set.
- Updated the steps for runc users on CentOS in the install guide.
- Removed several older distro from the install guide.
- Minor fixes to Buildah as a library tutorial documentation.
Vendored:
- Vendor in containers/common v0.38.4
- Vendor in containers/image/v5 to 5.12.0
- Vendor in containers/ocicrypt to 1.1.1
- Vendor in containers/storage to v1.31.1
- Vendor in onsi/ginkgo to 1.16.2
- Vendor in onsi/gomega to 1.12.0
- Vendor in opencontainers/runc to 1.0.0-rc94
- Vendor in openshift/imagebuilder to 1.2.2
Tests:
- Do not force using crun in rootless mode.
- Fixed ‘arg missing’ warning in bud tests.
- Check without a flag in the ‘from –cgroup-parent’ test.
- Fixed a bats warning in the bud bats test.
- The namespaces test was refactored and cleaned up.
- Refactored the ‘idmapping’ system test.
- Fixed many system tests for the ‘bud’ subcommand.
- Added a system test for ‘buildah help’.
- Fixed an infinite hang in the copy.bats test.
- Added a system test for ‘buildah version`.
- Added a few system tests for ‘buildah from’.
- The run.bats had a flake in the run-user test that has been fixed.
- The :Z option has been added to a number of tests of transient mounts.
- Fixed an incorrect expected message when pulling an image in the bud tests.
Changes to the build infrastructure:
- The Buildah CI will not run the majority of its tests if the [CI:DOCS] tag is part of the pull requests title.
- Notification email for cirrus-cron build failures is now sent to an email list monitored by the maintainers.
- The GitHub action that makes the multi-arch container images on quay.io was reworked to match the actions in the Podman and Skopeo projects.
- Cirrus: Update Fedora 34beta -> Fedora 34
- Cirrus: Update Ubuntu image-action workflow unifications to 21.04.
- Updated the nix pin with make nixpkgs.
- Upgraded to GitHub-native Dependabot.
- Buildah’s CI test system now requires a test to be included with a PR unless the tag [NO TESTS NEEDED] is included in the pull request’s description.
Plus several minor fixes.

Try it Out.

Buildah == Simplicity

31 Mar 2021 » Buildah version 1.20.0 Release Announcement by tsweeney

buildah logo

Buildah version 1.20.0 Release Announcement

We’re pleased to announce the release of Buildah version 1.20.0, which is now available from GitHub for any Linux distro. We are shipping this release on Fedora 32, 33 & 34, and RHEL 8.5. Buildah will also be shipped on CentOS, OpenSUSE, and Ubuntu soon. In addition, container images will be available at https://quay.io/repository/buildah/stable and https://quay.io/repository/containers/buildah.

The Buildah project has continued to grow over the past several weeks, welcoming several new contributors to the mix. This release features these notable enhancements:

A number of packages and dead code have been removed from Buildah to shrink the size of its executable.
- This included moving the internal structure definitions in Buildah to the ‘define’ subdirectory, so tools like Podman that vendor in Buildah could be streamlined.
Buildah’s copy processing has been changed to speed up the processing and better support rootless users.
Multi-arch container images are now built automatically and are available for Buildah on quay.io
The buildah add and buildah copy commands have added the --chmod option to set the destination permissions.
A few issues with the recently added buildah manifest command have been addressed.
A number of other bug fixes have been completed.

This release comprises changes made for v1.19.0 through v1.20.0.

Release Changes

Changes for v1.20.0

Multi-arch Buildah container images are now provided on quay.io.
Use a faster way to check the container image for a version tag existence during multi-arch build of Buildah images on quay.io.
Look for a Containerfile file if the user specifies a directory with the --file/-f option in the bud command.
Added a number of changes to Bulidah’s copy logic to gain speed improvements and allow more robust functionality for rootless users.
Changes were made to allow the different kinds of pull to work with Podman’s REST API.
An image would not be pulled when pulling a specific architecture and the same image with a different architecture was already present.
Permissions set on the destination directory of a container using overlayfs were not always set. This has been corrected.
A number of unused packages were removed to shrink the size of the Buildah executable.
Added a colon to the buildah images <image_name> error message to differentiate the error message from the error-inducing image name.
The add/copy man pages now have --chmod examples.
The buildah login and buildah logout commands entered user namespace and did not need to. This has been corrected.
Bash completions for the chmod and chown options have been corrected.
If an image was built with an older version of Buildah, the Buildah version label in the image is now being updated when a newer version of Buildah changes it.
The values of isolation strings: oci, chroot, and rootless, are now being handled appropriately.
Build stages with no instructions are no longer reaped.
The name of the base image is now stored in the comment of the image’s first layer.
The overlay file system has a new “volatile” mount option which reduces I/O by ignoring fsync and syncfs requests. This has been enabled for Buildah containers.
A number of options in the buildah config command now support the - value (single dash), which removes all values in the configuration for that option type. Examples are --label, --port, and more. See the buildah config man page for details.
When building an image with the same build args, the cache was not used Issue 2992. This has been corrected.
The buildah add and buildah copy commands have added the --chmod option to set the destination permissions.
The --iidfile option now prefixes the imageId with a hash character compatible with Docker.
A few issues with the recently added buildah manifest command have been addressed.
Several changes were made to better handle the --build-arg option in the buildah bud command.
Local container images can now be looked up by digest.
The default OCI Runtime is now determined by the value in the containers.conf file.
If the destination of a volume mount does not exist, Buildah now creates the destination directory in the container rather than throwing an error.

Overall Miscellaneous Changes

Documentation:
- Fixed rootful typo in docs.
- Added documentation and testing for .containerignore.
- Clarified userns options in man pages.
- Remove the duplicate arch and os from the from man page.
- Fixed the tutorial for rootless mode.
- Fixed the --format option documentation in the buildah push man page.
- Add information about multi-arch images to the buildahimageReadme.
- Added required devel packages to this tutorial.
Vendored:
- Vendor in containernetworking/cni to v0.8.1
- Vendor in github.com/containers/common 0.35.3
- Vendor in github.com/containers/image v5.10.5
- Vendor in github.com/containers/ocicrypt 1.1.0
- Vendor in github.com/containers/storage v1.28.1
- Vendor in github.com/fsouza/go-dockerclient 1.7.2
- Vendor in github.com/hashicorp/go-multierror 1.1.1
- Vendor in github.com/mattn/go-shellwords 1.0.11
- Vendor in github.com/onsi/ginkgo 1.15.2
- Vendor in github.com/onsi/gomega 1.11.0
- Vendor in github.com/openshift/imagebuilder 1.2.0
- Vendor in github.com/sirupsen/logrus 1.8.1
- Vendor in github.com/spf13/cobra 1.1.3
- Vendor in github.com/stretchr/testify 1.7.0
- Vendor in golang.org/x/crypto v0.0.0-20201221181555-eec23a3978ad
Tests:
- Tests: prefetch: use Buildah, not Podman, for pulls.
- COPY –chown: expand the conformance test.
- Fix system test of ‘containers -a’.
- Update system test for ‘from –cap-add/drop’.
- Added further system tests.
- Stop testing directory permissions with the latest Docker.
- Remove a duplicate system test for ‘buildah containers -a’.
- Fix the “overlay source permissions” test in overlay.bats
- Fix: Containerfiles - smaller set of userns u/gids.
- A workaround for a RHEL gating test failure was added.
Changes to the build infrastructure:
- Update nix pin with make nixpkgs.
- Added a “stale” bot to remind maintainers when an issue has not been touched for over 30 days.
- Cirrus: Temp. disable prior-fedora (F32) testing.
- ‘make validate’: now require PRs to include tests.
- Cirrus: Native OSX Build added.
- Cirrus: Two minor cleanup items.
Plus a number of smaller fixes.

Try it Out.

Buildah == Simplicity

03 Feb 2021 » Buildah version 1.19.0 Release Announcement by tsweeney

buildah logo

Buildah version 1.19.0 Release Announcement

We’re pleased to announce the release of Buildah version 1.19.0, which is now available from GitHub for any Linux distro. We are shipping this release on Fedora 32 & 33 and RHEL 8.4. Buildah will also be shipped on CentOS, OpenSUSE, and Ubuntu soon. In addition, container images will be available at https://quay.io/repository/buildah/stable and https://quay.io/repository/containers/buildah.

The Buildah project has continued to grow over the past several weeks, welcoming several new contributors to the mix. This release features the notable enhancements: The --stdin and --from options have been added to the bud command, further support for multi-arch images were added to the bud and commit commands, container image short name aliasing is now enabled by default, a few speed improvements to the build process, and a number of bug fixes.

When using the bud command, users can now employ the --stdin option to feed input into the build process. See the buildah bud man page for details.
A new --from option has been added to the bud command. When used, the value in the first FROM declaration in the Containerfile is overridden by the argument passed to the --from option. See the buildah bud man page for details.
Added support to the ‘bud and the commit commands for the –manifest option to allow the building of multi-arch images. See the buildah bud and buildah commit` man pages for details.
Short-name aliasing has been enabled by default when running Buildah in a terminal. When pulling an image by a short name, Buildah may now present a prompt to choose which image to pull. Please refer to a recent blog post for details.

This release comprises changes made for v1.18.0 through v1.19.0.

Release Changes

Changes for v1.19.0

The buildah inspect command can now inspect manifests.
The buildah push command can now push manifests lists and digests.
Fixed handling of TMPDIR environment variable to now work as designed.
Added support to the ‘bud and the commit1 commands for the --manifest option to allow the building of multi-arch images. See the buildah bud and buildah commit man pages for details.
When mounting over a destination directory in a container, the mode is now preserved on the destination directory.
Enabled the --arch and --os options to be used in place of the --override-os and override-arch options to select architecture and os. The --override-os and override-arch options are still usable but are deprecated and no longer listed in the man pages.
Attempting to ADD device nodes to a working container when running as an unprivileged user in rootless mode will now quietly ignore the device nodes and appear to succeed again, matching the behavior of versions before 1.16, instead of triggering an error.
The buildah rmi --prune now works as expected.
When using the bud command, users can now employ the --stdin option to feed input into the build process. See the buildah bud man page for details.
A spurious error log message on failure to mount on /sys file systems when running rootless has been changed to an info log.
Switched references of the /var/run directory to the /run directory. The /var/run directory is a legacy directory that has been replaced by the /run directory. In some environments, warnings were raised due to the use of the /var/run directory.
A new --from option has been added to the bud command. When used, the value in the first FROM declaration in the Containerfile is overridden by the argument passed to the --from option. See the buildah bud man page for details.
Several changes to the copier code were made to handle replacing directories with non-directories and a few efficiency changes.
Added the U volume flag to chown source volumes within the container.
Rootless operations now use the correct isolation, “rootless”, instead of “oci”.
Enable short-name aliasing of container images by default.
When calling the manifest create or manifest add commands, the registry is now checked before the local images.
Added further container information to the .containerenv file.
Added the --ignorefile and --contextdir options to the add, bud, and create commands. Using these two options allows for an alternative location of the context directory and the .dockerignore file.
Fixed a crash on invalid filter commands.
A few shebangs in some of the scripts and examples were non-portable and have been corrected.
RUN instructions in builds will no longer run attached to a pseudo-terminal unless the --stdin flag is added.
The diffID for a mapped-layer is now computed when creating the image source to avoid a failure during container creation.
Bump to v1.19.0-dev

Overall Miscellaneous Changes

Documentation:
- Updated installation doc to reflect current status.
- Updated docs for debian testing and unstable.
- Removed copy/paste errors that leaked Podman into man pages.
Vendored:
- Vendor in github.com/containers/storage v1.24.5.
- Vendor in github.com/containers/common v0.33.0.
- Vendor in github.com/opencontainers/selinux v1.8.0.
- Vendor in github.com/onsi/gomega v1.10.4.
Tests:
- Test: ensure a non-directory in a Dockerfile path is handled correctly.
- Moved away from using docker.io in the CI tests.
- Turn off PRIOR_UBUNTU Test until the VM is updated.
- pkg/supplemented test: replace our null blobinfocache
Changes to the build infrastructure:
- Cirrus: Track libseccomp and golang version.
- Update nix pin with make nixpkgs.
- Added a source debug build.
- Add suggests cpp to the buildah.spec file.
- SELinux no longer requires a tag in the Makefile.
Plus a number of smaller fixes.

Try it Out.

Buildah == Simplicity

03 Dec 2020 » Buildah version 1.18.0 Release Announcement by tsweeney

buildah logo

Buildah version 1.18.0 Release Announcement

We’re pleased to announce the release of Buildah version 1.18.0 which is now available from GitHub for any Linux distro. We are shipping this release on Fedora 32 & 33 and RHEL 8.4. This will also be shipped on CentOS, openSUSE and Ubuntu in the near future. In addition, container images will be available at https://quay.io/repository/buildah/stable and https://quay.io/repository/containers/buildah.

The Buildah project has continued to grow over the past several weeks, welcoming several new contributors to the mix. This release features the notable enhancements: Short name aliases for container image names can now be declared and used more securely, the pull policy to use with the buildah pull command can now be specified, a few speed improvements to the build process were created, and a number of bug fixes.

Short name aliases can now be declared and used in a more secure manner. For more details see this blog post.
The --policy option has been added to buildah pull allowing the user to specify the pull policy to use when pulling. The valid values are: missing, always and never. See (buildah-pull(1)](https://github.com/containers/buildah/blob/main/docs/buildah-pull.md) for details.

This release comprises changes made for v1.17.0 through v1.18.0.

Release Changes

Changes for v1.18.0

Short-names aliasing for container images has been enhanced.
The --policy option has been added to buildah pull allowing the user to specify the pull policy to use when pulling. The valid values are: missing, always and never. See (buildah-pull(1)](https://github.com/containers/buildah/blob/main/docs/buildah-pull.md) for details.
A number of error messages have been changed to be more comprehensible.
The --hostname option for the buildah run command should work as expected for unprivileged users.
The --cmd option for the buildah config command should now handle an array of commands as originally designed.
Fixed a NPE when the path to a Dockerfile contained non-directory entries.
Changes were made in the way that image are built to make it more efficient.
The format of the values passed to the --userns-uid-map and the userns-gid-map is now evalutated appropriately.
The build cache should take into account ownership differences due to ADD and COPY being used with the –chown flag.
Added a fix to address CVE-2019-14271.
Bump to v1.18.0-dev

Overall Miscellaneous Changes

Documentation:
- Update the buildah bud man page from the podman build man page.
Vendored:
- Vendor in github.com/containers/storage v1.24.0.
- Vendor in github.com/containers/common v0.26.3.
Tests:
- Test: ensure a non-directory in a Dockerfile path is handled correctly.
- Add a few tests for pull command.
Changes to the build infrastructure:
- Avoid overriding LDFLAGS in Makefile.
- Update nix pin with make nixpkgs.
- Use CPP, CC and flags in dep check scripts.
Plus a number of smaller fixes.

Try it Out.

Buildah == Simplicity

05 Nov 2020 » Buildah version 1.17.0 Release Announcement by tsweeney

buildah logo

Buildah version 1.17.0 Release Announcement

We’re pleased to announce the release of Buildah version 1.17.0 which is now available from GitHub for any Linux distro. We are shipping this release on Fedora 32 & 33 and RHEL 8.4. This will also be shipped on CentOS, openSUSE and Ubuntu in the near future. In addition, container images will be available at https://quay.io/repository/buildah/stable and https://quay.io/repository/containers/buildah The Buildah project has continued to grow over the past several weeks, welcoming several new contributors to the mix. This release features the notable enhancements: Several new options were added to the buildah manifest add command, the mount command now returns a container name rather than a container id, changes were made to allow Buildah containers to be accessible to Podman, and a number of bug fixes.

The following new options have been added to the manifest add command: cert-dir, auth-file, creds, tls-verify. See the buildah-manifest-add(1) man page for details.
The buildah mount command now returns a container name rather than a container id. See the buildah-mount(1) man page for more details.
A number of internal changes were made to the Buildah containers to make them more accessible from within Podman. Stay tuned to future announcements from Podman and Buildah.
A number of bug fixes were made concerning the extraction of images during build processes, the setting of permissions for bind mounts, a number of bash completions were added, support for Read Only overlay mounts was corrected, and a number of other fixes.

This release comprises changes made for v1.16.0 through v1.17.0.

Release Changes

Changes for v1.17.0

Handle cases where other tools such as Podman mount/unmount containers.
Changes were made to support RO overlay mounts.
Changes were made use fusermount for rootless overlay umounts.
Fixed umount for overlay volumes.
Switch default log level of Buildah to Warn.
ADD instructions which attempt to extract archives containing PAX global extended headers should no longer trigger errors.
The buildah bud command no longer uses stdin by default.
Improvements were made in error reporting in cases where ADD or COPY (or “buildah add” or “buildah copy”) encounter an error while attempting to create a file in a working container.
The tlsVerify options now work appropriately when using insecure BUILD_REGISTRY_SOURCES in the registries.conf file.
Fixed an error message during a bud command when the Dockerfile was not in the local directory.
An update fixed a regression introduced in 1.16 which caused some exceptions to exclusion rules noted in .dockerignore to not be copied or added from a build context.
Directory ownership when copied with ID mapping is now set correctly. Further regression tests were added to guard against this going forward.
The contents of archives contained in directories being copied using the ADD instruction or buildah add should no longer be expanded into the destination directory.
Shell Completion for podman build flags were added.
Permissions and ownership information on the contents of archives added using the ADD instruction or “buildah add” on the command line should be preserved again.
Create bind mount targets using access permission 0755 instead of 0700 for better consistency with runc.
Environment variables set in containers.conf will no longer be set for commands run using buildah run or by RUN instructions during buildah build-using-dockerfile.
A warning is now raised when setting healthcheck while configuring an image that is in OCI format.
The regression in buildah add which caused it to not properly handle source locations specified using relative paths should be fixed.
The buildah mount command now displays container names and not ids when it completes.
The bash completions for the manifest options have been corrected.
Updates to bash completions for the manifest add sub command were completed.
Fixes a regression where attempting to “squash” an image while committing it could fail.
The following new options have been added to the manifest add command: cert-dir, auth-file, creds, tls-verify. See the buildah-manifest-add(1) man page for details.
Bump to v1.17.0-dev

Overall Miscellaneous Changes

Documentation:
- Replace wget with curl in the CentOS installation instructions.
- The bud flag option definitions are now sorted alphabetically in the man page.
- Move –userns-uid-map/–userns-gid-map description into buildah man page.
- Added an “In Progress” section to the contributing page.
- Conisistency issues with formatting were made across several man pages.
- The manifest add man page was updated.
- Added the missing --format option in the buildah from man page.
Vendored:
- Vendor in github.com/containerd/containerd v1.4.1
- Vendor in github.com/containers/common v0.26.2
- Vendor in github.com/containers/image/v5 v5.6.0
- Vendor in github.com/containers/storage v1.23.7
- Vendor in github.com/docker/docker v17.12.0
- Vendor in github.com/fsouza/go-dockerclient v1.6.6
- Vendor in github.com/onsi/ginkgo v1.14.1
- Vendor in github.com/onsi/gomega v1.10.2
- Vendor in github.com/openshift/imagebuilder v1.1.8
- Vendor in github.com/sirupsen/logrus from v1.7.0
- Vendor in github.com/spf13/cobra to v1.1.1
- Vendor in golang.org/x/sys
Tests:
- tests/testreport: adjust for API break in storage v1.23.6.
- integration tests: make sure tests run in ${topdir}/tests.
- Add a few tests of push command.
- bud.bats: use absolute paths in newly-added tests.
- tests: Add some tests.
Changes to the build infrastructure:
- CI: require that conformance tests pass.
- CI: run gating tasks with a lot more memory.
- New CI check: xref –help vs man pages.
- CI: re-enable several linters.
- CI: expand cross-compile checks.
- Remove docs from the CI that refer to bors, since we’re not using it.
- Cirrus: Remove bors artifacts.
- Cirrus: Skip git-validate on branches.
- Cirrus: Fix validate commit epoch.
- contrib/cirrus/lib.sh: don’t use CN for the hostname.
- Updates were made to the nix build processing.
- Remove configuration for bors.
- Lint: Use same linters as podman
Plus a number of smaller fixes.

Try it Out.

Buildah == Simplicity

16 Sep 2020 » Buildah version 1.16.0 Release Announcement by tsweeney

buildah logo

Buildah version 1.16.0 Release Announcement

We’re pleased to announce the release of Buildah version 1.16.0 which is now available from GitHub for any Linux distro. We are shipping this release on Fedora 32 & 33 and RHEL 8.4. This will also be shipped on CentOS, openSUSE and Ubuntu in the near future. In addition, container images will be available at https://quay.io/repository/buildah/stable and https://quay.io/repository/containers/buildah.

The Buildah project has continued to grow over the past several weeks, welcoming several new contributors to the mix. This release features the notable enhancements: A number of changes made to the bud command in order to speed up build processing, a static build of Buidah is now available via nix, environment variables can now be set in containers.conf and the --jobs option has been added to the bud command.

A number of changes to the internal processing of the bud command have been made to speed up the processing of that command. Some nice gains have been made and work continues on further improvements.
The Nix package manager can now be run to create a static build of Buildah.
Environment variables that will be common to all your container images can now be set in the containers.conf file. See the containers.conf man page for more details.
The --jobs option in the bud command now allows for multiple jobs to be run in parallel. See the bud man page for more details.

This release comprises changes made for v1.15.1 through v1.15.2 and v1.16.0.

Release Changes

Changes for v1.16.0

When a new layer is created in the build process, the time of the layer is no longer set to the current time if a timestamp is not provided.
The retry delay option values for retrying that were sent to the commit, pull and push commands are now honored.
The handling of seccomp is now done in the containers/common project.
The --timestamp option has been added to the bud and commit commands to allow the ‘create’ timestamp to be set to seconds since epoch, replacing the --omit-timestamp option. See the respective man pages for more information.
The --quiet option should be more quiet.
Fix ownership of content copied using COPY --from, prior ownership information on files was being dropped.
Error handling was improved in the run command and a few messages were clarified.
A copier package is now used internally to rework the handling of caches during ADD and COPY operations.
When doing a COPY of an archive file, the destination file name was incorrectly being blanked out; this has been corrected.
The retry functions have been replaced by functions from the common/pkg/retry package.
A number of timestamp comparisons were being done with == and they have been converted to use time.Time.Equal() which is more accurate.
Fixed errors found in a Coverity scan.
Namespace handling options in the bud, from and run commands have been changed to match the same options in Podman. In addition the --network option for bud now accepts the same values that the corresponding Podman command does.
A dependency on the xz package has been added to Buildah images that are built for quay.io.
Storage was not always shutdown as it should have been on error, which could lead to a leaked mount point. This has been corrected.
The COPY --from command now works when an argument is given to it.
The version of Buildah used to build an image is now embedded in the BuilderIdentityAnnotation within the image.
The /etc/host and /etc/resolv.conf files are no longer bound if network is not present in the container.
An unnecessary call to the function NewImage() has been removed from the build processing.
When processing multiple archives during a .dockerignore process, the processing would stop at the end of the first archive. Now all archives are processed as they should be.
Fixed & added notes regarding problematic language in the codebase that were not inclusive.
Added a dependency on github.com/stretchr/testify/require.
The build processing now waits for stages that might not have even started yet instead of trying to continue and then failing.
Mounts under /sys were not always accessible to rootless users. This has been corrected.
Environment variables can now be pre-declared in the containers.conf(5) file.
The right stage’s image is now returned as the “final” image.
When build arguments and environment variables have duplicate names, the values are now deduplicated. Build arguments override Default arguments and Environment variables set during the build process override both of those.
Made changes based on the project containers/libpod renaming itself to containers/podman.
A Containerfile to build the stable buildah image using Centos7 was added.
A race condition has been created that would cause a failure if the container would exit before the runtime sent a signal.
Made changes to how Buildah handled the /sys/fs/selinux mountpoint so that it would be available to Podman.
The files needed to run VFS in the Buildah container images were added.
The value “readonly” can now be used as an alias to “ro” in mount options.
The OS X specific --consistency mount option is now ignored.
When doing builds where one stage requires the result of an earlier stage, Buildah now waits for that first stage to complete before the dependent stage starts.
Resolved a possible race in map handling during build stage processing.
The Dockerfiles that build the Buildah container images now use a containers.conf file.
The --jobs option in the bud command now allows for multiple jobs to be run in parallel.
Bump to v1.17.0-dev

Overall Miscellaneous Changes

Documentation
- Clarified the ‘triples’ format of the variable provided to the bud --userns-uid-map option.
- The “Using Buildah with container registries” tutorial had some syntax errors corrected.
- Added documentation for .dockerignore to the add, bud, and copy man pages.
- The “Using Buildah to build images in a rootless OpenShift container” tutorial was added.
- The commit manage page had some wording corrected and an example for --rm added.
- Added the quay.io/containers/buildah image to the README.md in the contrib/buildahimage directory and made other changes to the document, including a known configuration issue with the fuse module on some systems.
- Fixed markdown formatting issues in CHANGELOG.md.
Vendored:
- Vendor in github.com/containers/common v0.21.0
- Vendor in giithub.com/containers/image/v5 v5.5.2
- Vendor in github.com/containers/ocicrypt v1.0.3
- Vendor in github.com/containers/storage v1.23.3
- Vendor in github.com/onsi/ginkgo v1.14.0
- Vendor in github.com/opencontainers/runc v1.0.0-rc92
- Vendor in github.com/opencontainers/selinux v1.6.0
- Vendor in github.com/openshift/imagebuilder v1.1.6
- Vendor in go.etcd.io/bbolt v1.3.5
- Vendor in golang.org/x/text v0.3.3
Tests:
- Added further bud regression tests.
- Corrections were made to ‘.dockerignore’ bud integration tests.
- Added more authentication tests to a local registry.
- BATS tests were made more robust to avoid intermittent CI test flakes.
- Fixed a race hit during conformance tests.
- Reworked the conformance testing from ginkgo to the default testing package.
- Invoke the cmd/buildah tests with flags containing two dashes.
- Added a test for COPY from a subdirectory to the conformance tests.
- The conformance tests now ignore buildah.BuilderIdentityAnnotation labels when comparing images .
- Increased the test timeout to 40 for the tests and to 45 minutes for the test job as recently added tests have run out of time when otherwise processing successfully.
- A number of run_buildah commands within the test code were being sent to a unix pipe to validate the test run. Most of these pipes have been replaced with a more appropriate call to expect_output.
Changes to the build infrastructure
- Added htpasswd in registry image calls due to new changes in the registry image.
- 32bit builds now set the values for Inblock and Outblock appropriately.
- Added a nix build to provide for static builds of Buildah.
- Made a few adjustments to the initial nix work.
- The version of Go that is used during CI testing is now logged for future reference.
Plus a number of smaller fixes.

Try it Out.

Buildah == Simplicity

27 Jun 2020 » Buildah version 1.15.0 Release Announcement by tsweeney

buildah logo

Buildah version 1.15.0 Release Announcement

We’re pleased to announce the release of Buildah version 1.15.0 which is now available from GitHub for any Linux distro. We are shipping this release on Fedora, RHEL 8, CentOS, openSUSE and Ubuntu in the near future. Also container images will be available at https://quay.io/repository/buildah/stable and https://quay.io/repository/containers/buildah.

The Buildah project has continued to grow over the past several weeks, welcoming several new contributors to the mix. This release features new options for the push, pull, bud, from and commit commands for encryption and decryption, in addition the pull, from, commit and push commands will now retry on most failures, the buildah login command is now usable as a rootless user, and many bug fixes. Notable enhancements:

There are three new options: --encryption-key, --encrypt-layer, and --decryption-key that are usable from the push, pull, bud, from and commit commands as appropriate. Please reference the man page for each of these commands for more details.
The pull, from, commit, and push commands will now automatically retry on most error conditions. The default is to retry 3 times at 2 second intervals.
Rootless users were not able to login into a registry using buildah login. This has been corrected.

This release comprises changes made for v1.14.1 through v1.14.8 and v1.15.0.

Release Changes

Changes for v1.15.0

Removed a dependency on an openshift struct which reduced the executable size by 25%.
Warnings are now issued when an ARG variable does not have a value set.
The encryption-key, encrypt-layer and decryption-keys have been created for the push, pull, bud, from and commit commands.
Fixed and issue with the handling of docker: in Docker Official images.
Add preliminary profiling support to the CLI for memory and CPU. These options are not currently supported.
A symlink issue when .dockerignore was evaluated has been addressed.
The handling of a build stage has been adjusted to not use a stage for further building until the stage has fully completed.
Fix permissions on containers.conf so that it can be read by a rootless container.
The exit code from failed containers in a build process are now showing the correct error.
The c/common/pkg/auth is now used with the login/logout commands.
Removed an invalid warning about systemd inside of container.
Internal error handling conventions were changed to show errors more appropriately.
Arguments are only added to the history when they are in scope for the build making process.
Fixed fips-mode check for RHEL8 boxes.
Fixed a potential CVE in tarfile with symlinks (Addresses CVE-2020-10696).
Fixed issues with .dockerignore handling of globs and ! commands.
Fixed compilation errors on non linux platforms.
Volume uid and gid values are now retained through the build process.
If a file was not pollable during the run process, it is not repolled unless there’s a chance of a following poll working based on the returned errors. This improves the speed of RUN.
The local runtime image is now searched for per values in containers.conf.
The ownership of the working directory is now set appropriately so it can be written to.
Replace unix.* calls with syscall.* calls within Buildah to allow vendoring into libpod/Podman which needs to run in Linux and non-Linux environments.
A remote manifest can now be retrieved by specifying its name.
Adjustments were made to manifest handling which makes it easier to determine when to convert v2s1 images to v2s2 images.
The order in which elements are added to $PATH has been changed to prioritize those passed from containers.conf, those from the base image, and then those pass from the API.
OCI images don’t always have a creation date set, the code now checks that it is before dereferencing it.
The commit id from a build is been made more clear and some “noisy” output from the build process has been removed.
When copying a file above the context directory during a build, a less confusing error message is now provided.
The pull/from/commit/push commands now retry on most failures, retrying 3 times every 2 seconds by default.
Buildah now makes use of the containers.conf configuration file.
Non-root users are now able to log into a registry using buildah login.
Bump to v1.15.0-dev

Overall Miscellaneous Changes

Documentation
- Added a Code of Conduct.
- Added a Security Policy.
- Added a Pull Request Template.
- Fixed the lighttpd example.
- Updated the unshare man page to fix script example.
- Included installation steps for CentOS 8.
- Included installation steps for CentOS7 and forks.
- Adjusted Ubuntu install information to also work on Pop!_OS.
- Added CVE-2020-10696 notation to pertinent entries in CHANGELOG.md and changelog.txt.
- Updated the installation steps for Amazon Linux 2.
- Fixed formattig issues in the build instructions and made some minor modifications.
Vendored:
- Vendor in go.etcd.io/bbolt v1.3.4
- Vendor in github.com/containers/common v0.13.1
- Vendor in github.com/containers/image/v5 v5.4.4
- Vendor in github.com/containers/storage v1.20.2
- Vendor in github.com/fsouza/go-dockerclient v1.6.5
- Vendor in github.com/mattn/go-shellwords v1.0.10
- Vendor in github.com/onsi/ginkgo v1.12.3
- Vendor in github.com/opencontainers/runc v1.0.0-rc90
- Vendor in github.com/opencontainers/selinux v1.5.2
- Vendor in github.com/openshift/imagebuilder v1.1.5
- Vendor in github.com/opencontainers/go-digest v1.0.0
- Vendor in gitthub.com/seccomp/containers-golang v0.5.0
- Vendor in github.com/stretchr/testify v1.6.1
- Vendor in github.com/sirupsen/logrus v1.6.0
- Vendor in github.com/spf13/cobra v0.0.7
Tests:
- Updated exit code for tests.
- Don’t force tests to use runc.
- Update gitignore to exclude test Dockerfiles.
- dockerignore tests : remove symlinks, rework.
- Fix bud-build-arg-cache test.
- Digest test : make more robust.
- Add comment for RUN command in volume ownership test.
- Run stat command directly for volume ownership test.
- Add tests for volume ownership.
- Skip overlay test w/ vfs driver.
- Use alpine, not centos, for various tests.
- bud.bats - cleanup, refactoring.
- BATS : in teardown, umount stale mounts.
- Show validation command-line in tests.
Changes to the build infrastructure
- Bors: Fix no. req. github reviews.
- Bors: Workaround ineffective required statuses.
- Bors: Enable app + Disable Travis.
- Bors-ng: Add documentation and status-icon.
- Cirrus: Temporarily disable Ubuntu 19 testing.
- Cirrus: Fixes from review feedback.
- Cirrus: Use pre-installed VM packages + F32.
- Cirrus: Re-enable all distro versions.
- Cirrus: Update to F31 + Use cache images.
- Cirrus+Bors: Simplify temp branch skipping.
- Cirrus: Disable F29 testing.
- Cirrus: Add jq package.
- Cirrus: Fix lint + validation using wrong epoch.
- Cirrus: Add standardized log-collection.
- Cirrus: Improve automated lint + validation.
- Cirrus: Fixes from review feedback.
- Cirrus: Temporarily ignore VM testing failures.
- Cirrus: Migrate off papr + implement VM testing.
- Cirrus: Update packages + fixes for get_ci_vm.sh.
- Allow passing options to golangci-lint.
- Stop using fedorproject registry.
- golangci-lint: Disable gosimple.
- Lower number of golangci-lint threads.
- Make vendor: run tidy after vendor.
- Added .swp files to .gitignore.
Plus a number of smaller fixes.

Try it Out.

Buildah == Simplicity

17 Feb 2020 » Buildah version 1.14.0 Release Announcement by tsweeney

buildah logo

Buildah version 1.14.0 Release Announcement

We’re pleased to announce the release of Buildah version 1.14.0 which is now available from GitHub for any Linux distro. We are shipping this release on Fedora, RHEL 8, CentOS, openSUSE and Ubuntu in the near future. Also container images will be available at https://quay.io/repository/buildah/stable.

The Buildah project has continued to grow over the past several weeks, welcoming several new contributors to the mix. This release features a new containers.conf file, added options for the bud, commit, push and pull commands, and many bug fixes. Notable enhancements:

Containers.conf support. Containers.conf is a way to modify the default ways containers run on the system. The /usr/share/containers/containers.conf and /etc/containers/containers.conf files can now be used by Buildah to attain configuration options. In the near future Podman, Skopeo and other projects in the Containers repository will make use of these files too.
A number of performance improvements were made to the bud command, especially so when a .dockerignore file was in use.
The bud command now accepts --os and --arch as options.
A --sign-by option has been added to the bud, commit and push commands.
A --remove-signatures option has been added to the pull and/push commands.

This release comprises changes made for v1.13.1, v1.13.2 and v1.14.0.

Release Changes

Changes for v1.14.0

The manifest push now has a --format option.
The correct values of docker schema 1 manifests are now shown.
Better error handling for multiple errors from seccomp have been added.
The storage.conf file has been tweaked to use fuse-overlayfs specific mount options.
The build has been fixed to better handle 32bit platforms.
The bud command now accepts --os and --arch as options. See the buildah bud man page for more details.
Environment variables were not always resolved appropriately in COPY commands in Dockerfiles, this has been corrected.
A --sign-by option has been added to the bud, commit and push commands. See the man pages for details.
A --remove-signatures option has been added to the pull andpush commands. See the man pages for details.
Support was added for /etc/containers/containers.conf when running as root, and /usr/share/containers/containers.conf when running as a rootless user.
Added codespell support to the builds to catch spelling errors.
A number of internal changes were made to tar file handling in the build process to close files at an appropriate time and to not digest files that the process would otherwise ignore.
A number of changes were made to speed up the bud command when .dockerignore was in use.
Set the HOME environment variable to /root on chroot-isolation by default.
When the buildah bud --volume command runs, it now runs in TMPDIR rather than in the source directory.
The format of images names returned from the from command are now more consistent.
The bud command has been made quiet again when the --quiet option is used.
The buildah images output is more consistent when the --format option is used.
Bump to v1.14.0-dev.

Overall Miscellaneous Changes

Documentation
- Clarifications were made to some of the os/architecture documentation.
- The install instructions for Debian, Raspbian and Ubuntu were updated.
- A number of references to containers-*.5 were fixed within the documentation.
Vendored:
- Bump github.com/mtrmac/gpgme v0.1.2
- Bump github.com/containers/common to v0.1.4
- Bump github.com/onsi/gomega from 1.8.1 to 1.9.0
- vendor github.com/containers/image/v5@v5.2.0
- Bump github.com/opencontainers/selinux from 1.3.0 to 1.3.1
- Bump github.com/containers/common from 0.0.5 to 0.0.7
- Bump github.com/onsi/ginkgo from 1.10.3 to 1.11.0
- Bump github.com/pkg/errors from 0.8.1 to 0.9.0
Tests:
- The info test now deals with random key order.
- The copy tests now makes sure we detect failures due to missing a source.
- A unit test for manifests was corrected.
Plus a number of smaller fixes.

Try it Out.

Buildah == Simplicity

28 Jan 2020 » Buildah version 1.13.0 Release Announcement by tsweeney

buildah logo

Buildah version 1.13.0 Release Announcement

We’re pleased to announce the release of Buildah version 1.13.0 which is now available from GitHub for any Linux distro. We are shipping this release on Fedora, RHEL 8, RHEL 7, CentOS, openSUSE and Ubuntu in the near future. Also container images will be available at https://quay.io/repository/buildah/stable.

The Buildah project has continued to grow over the past several weeks, welcoming several new contributors to the mix. This release had a quick release cadence due to a few critical issues with volume handling. Notable enhancements:

Changes to unmount volumes cleanly and to handle full volume specifications in the bud command.
$TMPDIR, which defaults to /var/tmp is now used when pulling and pushing images.
Further support added to enable FIPS-Mode.

This release comprises changes made for v1.13.0.

Release Changes

Changes for v1.13.0

The version of containers/storage vendored in this release has a fix to handle the situation when a volume was ‘unmounted’ by the user, but due to namespace handling, the counter tracking the number of mounts the volume had was not decremented as it should have been.
Fixed option handling for volumes in build. If a volume specification had a comma within it i.e. myvol:/myvol:rw,Z, the CLI parsed the ,Z incorrectly and errored.
Reworked the overlay pkg so it could be more easily shared with libpod.
Fixed buildahimage builds for the Buildah images on quay.io. The shadows-utils package is now installed on those images and a default user build has been added to force the generation of the /etc/subuid and /etc/subgid files. This should allow for the building of a container in that image by a non-root user.
Add support for FIPS-Mode backends to the project.
The TMPDIR used for pushing and pulling images is now set to $TMPDIR. By default this points to the /var/tmp directory. This should correct the issue of running out of space when doing a push or pull.

Overall Miscellaneous Changes

Vendored:
- Bump github.com/containers/storage to v1.15.5
- Bump github.com/containers/image/v5 from 5.0.0 to 5.1.0
- Bump github.com/containers/common from 0.0.3 to 0.0.5
Tests:
- Develop a safer test for pull –all-tags
- BATS major cleanup: blobcache.bats: refactor
- BATS major cleanup: Added a number of missing ‘run_buildah’ commands, changed the log-level in the tests, and a number of small cleanups throughout.
Plus a number of smaller fixes.

Try it Out.

Buildah == Simplicity

14 Jan 2020 » Buildah version 1.12.0 Release Announcement by tsweeney

buildah logo

Buildah version 1.12.0 Release Announcement

We’re pleased to announce the release of Buildah version 1.12.0 which is now available from GitHub for any Linux distro. We are shipping this release on Fedora, RHEL 8, RHEL 7, CentOS, openSUSE and Ubuntu in the near future. Also container images will be available at https://quay.io/repository/buildah/stable.

The Buildah project has continued to grow over the past several weeks, welcoming several new contributors to the mix.

Notable enhancements:

A new manifest command.
A new --history option for the image command.
A new --device option has been added to the bud and from commands.
Changes to the --pull option used by the bud and from commands.
Buildah now uses a ‘Containerfile’ by default rather than a ‘Dockerfile’.

05 Sep 2019 » Buildah version 1.11.0 Release Announcement by tsweeney

buildah logo

Buildah version 1.11.0 Release Announcement

We’re pleased to announce the release of Buildah version 1.11.0 which is now available from GitHub for any Linux distro. We are shipping this release on Fedora, RHEL 8, RHEL 7, CentOS, openSUSE and Ubuntu in the near future. Also container images will be available at https://quay.io/repository/buildah/stable.

The Buildah project has continued to grow over the past several weeks, welcoming several new contributors to the mix. Notable enhancements: * Cgroups v2 is now supported. (Fedora 31 default) * The --debug option has been changed to --log-level for all commands.
* Error reporting for the run command has been improved.

16 Aug 2019 » Buildah version 1.10.1 Release Announcement by tsweeney

buildah logo

Buildah version 1.10.1 Release Announcement

We’re pleased to announce the release of Buildah version 1.10.1 which is now available from GitHub for any Linux distro. We are shipping this release on Fedora, RHEL 7, RHEL 8, CentOS, openSUSE and Ubuntu in the near future. Also container images will be available at https://quay.io/repository/buildah/stable.

The Buildah project has continued to grow over the past several weeks, welcoming several new contributors to the mix. Notable enhancements.

A number of changes were made to buildah config to make removing values and volumes easier.
Better support for additional stores(defined in the /etc/containers/mounts.conf file).
- Listing images now can indicate whether an image is from a read/only store
- Deleting all images does not attempt to remove from read/only stores
- Committing images with read/only stores now works..
Buildah unshare has a new --mount option that allows you to mount the container image while entering a user namespace.
Initial support for potential HPC use cases.

25 Jun 2019 » Buildah version 1.9 Release Announcement by tsweeney

buildah logo

Buildah version 1.9 Release Announcement

We’re pleased to announce the release of Buildah version 1.9 which is now available from GitHub for any Linux distro. We are shipping this release on Fedora, RHEL 7, CentOS, openSUSE and Ubuntu in the near future.

The Buildah project has continued to grow over the past several weeks, welcoming several new contributors to the mix. A number of changes were made to expedite the building of containers and installing software onto them, a new option has been added for dns handling for bud and from commands, symbolic link handling in the build process has been corrected, Buildah container images are now available at quay.io/buildah, and more!

30 Apr 2019 » Buildah version 1.8 Release Announcement by tsweeney

buildah logo

Buildah version 1.8 Release Announcement

We’re pleased to announce the release of Buildah version 1.8 which is now available from GitHub for any Linux distro. We are shipping this release on Fedora, RHEL 7, CentOS, openSUSE and Ubuntu in the near future.

The Buildah project has continued to grow over the past several weeks, welcoming several new contributors to the mix. Further updates were made to the performance of pulling and pushing images. The “.dockerignore” file is now usable with the buildah bud command, and the handling of symlinks during the container image process creation and the ways that layers are created has been corrected and tuned for better performance. This release also updates to the latest versions of containers/storage and containers/image giving Buildah improved pulling and pushing performance along with fixing many bugs.

25 Feb 2019 » Buildah version 1.7 Release Announcement by tsweeney

buildah logo

Buildah version 1.7 Release Announcement

We’re pleased to announce the release of Buildah version 1.7 which is now available from GitHub for any Linux distro. We are shipping this release on Fedora, RHEL 7, CentOS, openSUSE and Ubuntu in the near future.

The Buildah project has continued to grow over the past several weeks, welcoming several new contributors to the mix. Updates were made to the performance of pulling and pushing images, an –add-history option has been added to several commands, the Cobra CLI is now being used and bug fixes.

22 Jan 2019 » Buildah version 1.6 Release Announcement by tsweeney

buildah logo

Buildah version 1.6 Release Announcement

We’re pleased to announce the release of Buildah version 1.6 which is now available from GitHub for any Linux distro. We are shipping this release on Fedora, RHEL 7, CentOS, openSUSE and Ubuntu in the near future.

The Buildah project has continued to grow over the past several weeks, welcoming several new contributors to the mix. Updates were made to the performance of many commands, a buildah info command has been added, Dockerfile processing updates and bug fixes.

28 Nov 2018 » Buildah version 1.5 Release Announcement by tsweeney

buildah logo

Buildah version 1.5 Release Announcement

We’re pleased to announce the release of Buildah version 1.5 which is now available from GitHub for any Linux distro. We are shipping this release on Fedora, RHEL 7, CentOS, openSUSE and Ubuntu in the near future.

The Buildah project has continued to grow over the past several weeks, welcoming several new contributors to the mix. Updates were made to rootless user handling, added support for a few Dockerfile commands that were missing, a number of performance changes for the underlying pull commands and bug fixes.

08 Oct 2018 » Buildah version 1.4 Release Announcement by tsweeney

buildah logo

Buildah version 1.4 Release Announcement

We’re pleased to announce the release of Buildah version 1.4 which is now available from GitHub for any Linux distro. We are shipping this release on Fedora, RHEL 7, CentOS, openSUSE and Ubuntu in the near future.

The Buildah project has continued to grow over the past several weeks, welcoming several new contributors to the mix. The highlights of this release are fixes for “rootless” users, improvements in symbolic link and chroot handling in Dockerfiles, the addition of a pull command, better error messaging for OCI containers and several other enhancements and bug fixes.

08 Aug 2018 » Buildah version 1.3 Release Announcement by tsweeney

buildah logo

Buildah version 1.3 Release Announcement

We’re pleased to announce the release of Buildah version 1.3 which is now available from GitHub for any Linux distro. We are shipping this release on Fedora, RHEL 7, CentOS, openSUSE and Ubuntu in the near future.

The Buildah project has continued to grow over the past several weeks, welcoming several new contributors to the mix. The highlights of this release are Dockerfile handling improvements, added the buildah pull command, added the buildah rename command, updated ulimits settings, added isolation control and several other enhancements and bug fixes.

18 Jul 2018 » Buildah version 1.2 Release Announcement by tsweeney

buildah logo

Buildah version 1.2 Release Announcement

We’re pleased to announce the release of Buildah version 1.2 which is now available from GitHub for any Linux distro. We are shipping this release on Fedora, RHEL 7, CentOS and Ubuntu in the near future.

The Buildah project has continued to grow over the past several weeks, welcoming several new contributors to the mix. The highlights of this release are the added ability to control image layers when building an image, CVE’s Fixes, the initial support for user namespace handling and several other enhancements and bug fixes.

12 Jun 2018 » Buildah version 1.1 Release Announcement by tsweeney

buildah logo

Buildah version 1.1 Release Announcement

buildah logo

We’re pleased to announce the release of Buildah version 1.1 which is now available from GitHub for any Linux distro. We are shipping this release on Fedora, RHEL 7, CentOS and Ubuntu in the near future.

The Buildah project has continued to grow over the past several weeks, welcoming several new contributors to the mix, launching new functionality and creating a number of improvements and bug fixes.

05 Apr 2018 » Buildah Alpha version 0.16 Release Announcement by tsweeney

buildah logo

Buildah Alpha version 0.16 Release Announcement

We’re pleased to announce the release of Buildah Alpha version 0.16 which is now available from GitHub for any Linux distro. We will be shipping this release on Fedora, CentOS and Ubuntu in the near future.

The Buildah project has continued to grow over the past several weeks, welcoming several new contributors to the mix, launching new functionality and creating a number of improvements and bug fixes.

21 Feb 2018 » Buildah Alpha version 0.12 Release Announcement by tsweeney

buildah logo

We’re pleased to announce the release of Buildah Alpha version 0.12 on both Fedora 26 and Fedora 27. As always, the latest Buildah can also be acquired from GitHub for any other Linux distribution.

The Buildah project has been building some steam over the past several weeks, welcoming several new contributors to the mix, launching new functionality and creating a number of improvements and bug fixes. The major highlights for this release are: