|
| 1 | +# Buildah — OCI-image builder. |
| 2 | +# |
| 3 | +# Daemonless tool for building OCI/Docker container images. Same |
| 4 | +# family as podman (already in pantry); buildah focuses on the image |
| 5 | +# *building* side, podman on the image-running side. |
| 6 | +# |
| 7 | +# Linux-only: buildah uses Linux-specific syscalls (mount namespaces, |
| 8 | +# unshare, user namespaces, fs overlay) that have no macOS equivalent. |
| 9 | + |
| 10 | +distributable: |
| 11 | + url: https://github.com/containers/buildah/archive/refs/tags/{{ version.tag }}.tar.gz |
| 12 | + strip-components: 1 |
| 13 | + |
| 14 | +versions: |
| 15 | + github: containers/buildah/releases/tags |
| 16 | + |
| 17 | +platforms: |
| 18 | + - linux |
| 19 | + |
| 20 | +dependencies: |
| 21 | + gnupg.org/gpgme: '*' |
| 22 | + github.com/seccomp/libseccomp: '*' |
| 23 | + |
| 24 | +build: |
| 25 | + dependencies: |
| 26 | + go.dev: '*' |
| 27 | + env: |
| 28 | + BUILDTAGS: "seccomp exclude_graphdriver_btrfs exclude_graphdriver_devicemapper containers_image_openpgp" |
| 29 | + script: |
| 30 | + # Buildah's Makefile auto-detects optional storage backends |
| 31 | + # (btrfs, lvm/devmapper, ostree, libsubid) and adds build tags |
| 32 | + # accordingly. We don't ship those in pantry, so we explicitly |
| 33 | + # narrow the build to the minimum SECURITY + STORAGE set: |
| 34 | + # |
| 35 | + # - seccomp (always — required for kernel-level container security) |
| 36 | + # - exclude_graphdriver_btrfs (no btrfs) |
| 37 | + # - exclude_graphdriver_devicemapper (no lvm) |
| 38 | + # - no ostree, no libsubid |
| 39 | + # |
| 40 | + # This still produces a functional buildah for the overlayfs + |
| 41 | + # vfs storage backends, which is what most consumers want. |
| 42 | + # |
| 43 | + # Skip the hack/*.sh scripts that probe the host — they'd report |
| 44 | + # "not installed" anyway and we want predictable output. |
| 45 | + |
| 46 | + - make --jobs {{ hw.concurrency }} GO_BUILD="go build" buildah |
| 47 | + |
| 48 | + - install -Dm755 bin/buildah "{{prefix}}/bin/buildah" |
| 49 | + |
| 50 | +test: |
| 51 | + # `buildah --version` returns "buildah version X.Y.Z (...)" — pin |
| 52 | + # against the marketing version since the trailing parens contain |
| 53 | + # the git commit which we don't want to match against. |
| 54 | + - out=$(buildah --version 2>&1 | head -1) |
| 55 | + - 'echo "buildah --version: $out"' |
| 56 | + - | |
| 57 | + case "$out" in |
| 58 | + "buildah version {{version}}"*) echo PASS ;; |
| 59 | + *) echo "FAIL: expected v{{version}}, got $out"; exit 1 ;; |
| 60 | + esac |
| 61 | +
|
| 62 | +provides: |
| 63 | + - bin/buildah |
0 commit comments