Resolved Merge Conflicts

Signed-off-by: Kartik Verma <vkartik97@gmail.com>
2019-05-21 01:52:14 +05:30 · 2019-05-21 01:52:14 +05:30 · f137f81884
parent fa2a2c803b 38c1735d92
commit f137f81884
12 changed files with 66 additions and 78 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,11 +1,11 @@
-# v0.9.0 Release - 2/8/2019
+# v0.9.0 Release - 2019-02-08
 ## Bug Fixes
 * Bug fix with volumes declared in base images during multi-stage builds
 * Bug fix during snapshotting multi-stage builds.
 * Bug fix for caching with tar output.
-# v0.8.0 Release - 1/29/2019
+# v0.8.0 Release - 2019-01-29
 ## New Features
 * Even faster snapshotting with godirwalk
@ -20,7 +20,7 @@
 * Fix bug with USER command and unpacking base images.
 * Added COPY --from=previous stage name/number validation
-# v0.7.0 Release - 12/10/2018
+# v0.7.0 Release - 2018-12-10
 ## New Features
 * Add support for COPY --from an unrelated image
@ -34,7 +34,7 @@
 * Fix bug with call loop
 * Fix caching for multi-step builds
-# v0.6.0 Release - 11/06/2018
+# v0.6.0 Release - 2018-11-06
 ## New Features
 * parse arg commands at the top of dockerfiles [#404](https://github.com/GoogleContainerTools/kaniko/pull/404)
@ -59,7 +59,7 @@
 * fix releasing the cache warmer [#418](https://github.com/GoogleContainerTools/kaniko/pull/418)
-# v0.5.0 Release - 10/16/2018
+# v0.5.0 Release - 2018-10-16
 ## New Features
 * Persistent volume caching for base images [#383](https://github.com/GoogleContainerTools/kaniko/pull/383)
@ -78,7 +78,7 @@
 * Don't cut everything after an equals sign [#381](https://github.com/GoogleContainerTools/kaniko/pull/381)
-# v0.4.0 Release - 10/01/2018
+# v0.4.0 Release - 2018-10-01
 ## New Features
 * Add a benchmark package to store and monitor timings. [#367](https://github.com/GoogleContainerTools/kaniko/pull/367)
@ -137,7 +137,7 @@
 * Fix handling of the volume directive [#334](https://github.com/GoogleContainerTools/kaniko/pull/334)
-# v0.3.0 Release - 7/31/2018
+# v0.3.0 Release - 2018-07-31
 New Features
 * Local integration testing [#256](https://github.com/GoogleContainerTools/kaniko/pull/256)
 * Add --target flag for multistage builds [#255](https://github.com/GoogleContainerTools/kaniko/pull/255)
@ -149,7 +149,7 @@ Bug Fixes
 * Multi-stage errors when referencing earlier stages [#233](https://github.com/GoogleContainerTools/kaniko/issues/233)
-# v0.2.0 Release - 7/09/2018
+# v0.2.0 Release - 2018-07-09
 New Features
 * Support for adding different source contexts, including Amazon S3 [#195](https://github.com/GoogleContainerTools/kaniko/issues/195)
@ -158,7 +158,7 @@ New Features
 * Update go-containerregistry so kaniko works better with Harbor and Gitlab[#227](https://github.com/GoogleContainerTools/kaniko/pull/227)
 * Push image to multiple destinations [#184](https://github.com/GoogleContainerTools/kaniko/pull/184)
-# v0.1.0 Release - 5/17/2018
+# v0.1.0 Release - 2018-05-17
 New Features
 * The majority of Dockerfile commands are feature complete [#1](https://github.com/GoogleContainerTools/kaniko/issues/1)
--- a/Gopkg.lock
+++ b/Gopkg.lock
@ -735,6 +735,14 @@
  pruneopts = "NUT"
  revision = "7e9a647135a142c2669943d4a4d29be015ce9392"
 [[projects]]
  branch = "master"
  digest = "1:15057fc7395024283a7d2639b8afc61c5b6df3fe260ce06ff5834c8464f16b5c"
  name = "github.com/otiai10/copy"
  packages = ["."]
  pruneopts = "NUT"
  revision = "7e9a647135a142c2669943d4a4d29be015ce9392"
 [[projects]]
  branch = "master"
  digest = "1:3bf17a6e6eaa6ad24152148a631d18662f7212e21637c2699bff3369b7f00fa2"
--- a/README.md
+++ b/README.md
@ -40,6 +40,7 @@ _If you are interested in contributing to kaniko, see [DEVELOPMENT.md](DEVELOPME
    - [--cache-dir](#--cache-dir)
    - [--cache-repo](#--cache-repo)
    - [--cleanup](#--cleanup)
    - [--digest-file](#--digest-file)
    - [--insecure](#--insecure)
    - [--insecure-pull](#--insecure-pull)
    - [--no-push](#--no-push)
@ -50,6 +51,7 @@ _If you are interested in contributing to kaniko, see [DEVELOPMENT.md](DEVELOPME
    - [--skip-tls-verify-pull](#--skip-tls-verify-pull)
    - [--target](#--target)
    - [--tarPath](#--tarpath)
    - [--verbosity](#--verbosity)
  - [Debug Image](#debug-image)
 - [Security](#security)
 - [Comparison with Other Tools](#comparison-with-other-tools)
@ -359,9 +361,21 @@ If `--destination=gcr.io/kaniko-project/test`, then cached layers will be stored
 _This flag must be used in conjunction with the `--cache=true` flag._
 #### --digest-file
 Set this flag to specify a file in the container. This file will
 receive the digest of a built image. This can be used to
 automatically track the exact image built by Kaniko.
 For example, setting the flag to `--digest-file=/dev/termination-log`
 will write the digest to that file, which is picked up by
 Kubernetes automatically as the `{{.state.terminated.message}}`
 of the container.
 #### --insecure-registry
-Set this flag to use plain HTTP requests when accessing a registry. It is supposed to be useed for testing purposes only and should not be used in production!
+Set this flag to use plain HTTP requests when accessing a registry. It is supposed to be used for testing purposes only and should not be used in production!
 You can set it multiple times for multiple registries.
 #### --skip-tls-verify-registry
@ -415,6 +429,10 @@ Set this flag to indicate which build stage is the target build stage.
 Set this flag as `--tarPath=<path>` to save the image as a tarball at path instead of pushing the image.
 #### --verbosity
 Set this flag as `--verbosity=<panic|fatal|error|warn|info|debug>` to set the logging level. Defaults to `info`.
 ### Debug Image
 The kaniko executor image is based off of scratch and doesn't contain a shell.
@ -449,6 +467,7 @@ You may be able to achieve the same default seccomp profile that Docker uses in
 Similar tools include:
 - [BuildKit](https://github.com/moby/buildkit)
 - [img](https://github.com/genuinetools/img)
 - [orca-build](https://github.com/cyphar/orca-build)
 - [umoci](https://github.com/openSUSE/umoci)
@ -458,10 +477,10 @@ Similar tools include:
 All of these tools build container images with different approaches.
-`img` can perform as a non root user from within a container, but requires that
+BuildKit (and `img`) can perform as a non root user from within a container, but requires
-the `img` container has `RawProc` access to create nested containers.  `kaniko`
+seccomp and AppArmor to be disabled to create nested containers.  `kaniko`
-does not actually create nested containers, so it does not require `RawProc`
+does not actually create nested containers, so it does not require seccomp and AppArmor
-access.
+to be disabled.
 `orca-build` depends on `runc` to build images from Dockerfiles, which can not
 run inside a container (for similar reasons to `img` above). `kaniko` doesn't
--- a/cmd/executor/cmd/root.go
+++ b/cmd/executor/cmd/root.go
@ -128,6 +128,7 @@ func addKanikoOptionsFlags(cmd *cobra.Command) {
 	RootCmd.PersistentFlags().BoolVarP(&opts.NoPush, "no-push", "", false, "Do not push the image to the registry")
 	RootCmd.PersistentFlags().StringVarP(&opts.CacheRepo, "cache-repo", "", "", "Specify a repository to use as a cache, otherwise one will be inferred from the destination provided")
 	RootCmd.PersistentFlags().StringVarP(&opts.CacheDir, "cache-dir", "", "/cache", "Specify a local directory to use as a cache.")
 	RootCmd.PersistentFlags().StringVarP(&opts.DigestFile, "digest-file", "", "", "Specify a file to save the digest of the built image to.")
 	RootCmd.PersistentFlags().BoolVarP(&opts.Cache, "cache", "", false, "Use cache when building image")
 	RootCmd.PersistentFlags().BoolVarP(&opts.Cleanup, "cleanup", "", false, "Clean the filesystem at the end")
 	RootCmd.PersistentFlags().DurationVarP(&opts.CacheTTL, "cache-ttl", "", time.Hour*336, "Cache timeout in hours. Defaults to two weeks.")
--- a/integration/dockerfiles/Dockerfile_test_cache
+++ b/integration/dockerfiles/Dockerfile_test_cache
@ -16,15 +16,7 @@
 # If the image is built twice, /date should be the same in both images
 # if the cache is implemented correctly
-FROM alpine as base_stage
+FROM gcr.io/google-appengine/debian9@sha256:1d6a9a6d106bd795098f60f4abb7083626354fa6735e81743c7f8cfca11259f0
 RUN mkdir foo && echo base_stage > foo/base
 FROM base_stage as cached_stage
 RUN echo cached_stage > foo/cache
 FROM cached_stage as bug_stage
 RUN echo bug_stage > foo/bug
 RUN date > /date
 COPY context/foo /foo
 RUN echo hey
--- a/pkg/config/options.go
+++ b/pkg/config/options.go
@ -30,6 +30,7 @@ type KanikoOptions struct {
 	Target                  string
 	CacheRepo               string
 	CacheDir                string
 	DigestFile              string
 	Destinations            multiArg
 	BuildArgs               multiArg
 	Insecure                bool
--- a/pkg/executor/build.go
+++ b/pkg/executor/build.go
@ -190,12 +190,7 @@ func (s *stageBuilder) optimize(compositeKey CompositeCache, cfg v1.Config) erro
 func (s *stageBuilder) build() error {
 	// Set the initial cache key to be the base image digest, the build args and the SrcContext.
-	dgst, err := util.ReproducibleDigest(s.image)
+	compositeKey := NewCompositeCache(s.baseImageDigest)
 	if err != nil {
 		return err
 	}
 	compositeKey := NewCompositeCache(dgst)
 	compositeKey.AddKey(s.opts.BuildArgs...)
 	// Apply optimizations to the instructions.
 	if err := s.optimize(*compositeKey, s.cf.Config); err != nil {
--- a/pkg/executor/push.go
+++ b/pkg/executor/push.go
@ -19,6 +19,7 @@ package executor
 import (
 	"crypto/tls"
 	"fmt"
 	"io/ioutil"
 	"net/http"
 	"time"
@ -74,6 +75,19 @@ func CheckPushPermissions(opts *config.KanikoOptions) error {
 // DoPush is responsible for pushing image to the destinations specified in opts
 func DoPush(image v1.Image, opts *config.KanikoOptions) error {
 	t := timing.Start("Total Push Time")
 	if opts.DigestFile != "" {
 		digest, err := image.Digest()
 		if err != nil {
 			return errors.Wrap(err, "error fetching digest")
 		}
 		digestByteArray := []byte(digest.String())
 		err = ioutil.WriteFile(opts.DigestFile, digestByteArray, 0644)
 		if err != nil {
 			return errors.Wrap(err, "writing digest to file failed")
 		}
 	}
 	destRefs := []name.Tag{}
 	for _, destination := range opts.Destinations {
 		destRef, err := name.NewTag(destination, name.WeakValidation)
--- a/pkg/snapshot/snapshot.go
+++ b/pkg/snapshot/snapshot.go
@ -178,7 +178,7 @@ func (s *Snapshotter) scanFullFilesystem() ([]string, []string, error) {
 			return nil, nil, err
 		}
 		if fileChanged {
-			logrus.Infof("Adding %s to layer, because it was changed.", path)
+			logrus.Debugf("Adding %s to layer, because it was changed.", path)
 			filesToAdd = append(filesToAdd, path)
 		}
 	}
--- a/pkg/util/fs_util.go
+++ b/pkg/util/fs_util.go
@ -79,10 +79,7 @@ func GetFSFromImage(root string, img v1.Image) ([]string, error) {
 	if err != nil {
 		return nil, err
 	}
-
+	extractedFiles := []string{}
 	// Store a map of files to their mtime. We need to set mtimes in a second pass because creating files
 	// can change the mtime of a directory.
 	extractedFiles := map[string]time.Time{}
 	for i, l := range layers {
 		logrus.Debugf("Extracting layer %d", i)
@ -113,17 +110,10 @@ func GetFSFromImage(root string, img v1.Image) ([]string, error) {
 			if err := extractFile(root, hdr, tr); err != nil {
 				return nil, err
 			}
-			extractedFiles[filepath.Join(root, filepath.Clean(hdr.Name))] = hdr.ModTime
+			extractedFiles = append(extractedFiles, filepath.Join(root, filepath.Clean(hdr.Name)))
 		}
 	}
-
+	return extractedFiles, nil
 	fileNames := []string{}
 	for f, t := range extractedFiles {
 		fileNames = append(fileNames, f)
 		os.Chtimes(f, time.Time{}, t)
 	}
 	return fileNames, nil
 }
 // DeleteFilesystem deletes the extracted image file system
@ -272,7 +262,6 @@ func extractFile(dest string, hdr *tar.Header, tr io.Reader) error {
 			return err
 		}
 	}
 	return nil
 }
@ -377,8 +366,7 @@ func RelativeFiles(fp string, root string) ([]string, error) {
 }
 // ParentDirectories returns a list of paths to all parent directories
-// Ex. /some/temp/dir -> [/some, /some/temp, /some/temp/dir]
+// Ex. /some/temp/dir -> [/, /some, /some/temp, /some/temp/dir]
 // This purposefully excludes the /.
 func ParentDirectories(path string) []string {
 	path = filepath.Clean(path)
 	dirs := strings.Split(path, "/")
--- a/pkg/util/tar_util.go
+++ b/pkg/util/tar_util.go
@ -54,7 +54,6 @@ func (t *Tar) Close() {
 // AddFileToTar adds the file at path p to the tar
 func (t *Tar) AddFileToTar(p string) error {
 	logrus.Debugf("Adding file %s to tar", p)
 	i, err := os.Lstat(p)
 	if err != nil {
 		return fmt.Errorf("Failed to get file info for %s: %s", p, err)
--- a/pkg/util/util.go
+++ b/pkg/util/util.go
@ -20,14 +20,11 @@ import (
 	"crypto/md5"
 	"crypto/sha256"
 	"encoding/hex"
 	"encoding/json"
 	"io"
 	"os"
 	"strconv"
 	"syscall"
 	"github.com/google/go-containerregistry/pkg/v1"
 	"github.com/google/go-containerregistry/pkg/v1/partial"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 )
@ -130,29 +127,3 @@ func SHA256(r io.Reader) (string, error) {
 	}
 	return hex.EncodeToString(hasher.Sum(make([]byte, 0, hasher.Size()))), nil
 }
 type ReproducibleManifest struct {
 	Layers []v1.Descriptor
 	Config v1.Config
 }
 func ReproducibleDigest(img partial.WithManifestAndConfigFile) (string, error) {
 	mfst, err := img.Manifest()
 	if err != nil {
 		return "", err
 	}
 	cfg, err := img.ConfigFile()
 	if err != nil {
 		return "", err
 	}
 	rm := ReproducibleManifest{
 		Layers: mfst.Layers,
 		Config: cfg.Config,
 	}
 	b, err := json.Marshal(rm)
 	if err != nil {
 		return "", err
 	}
 	return string(b), nil
 }