<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux/meta-virtualization.git/recipes-containers/buildah, branch kirkstone</title>
<subtitle>Mirror of git.yoctoproject.org/meta-virtualization</subtitle>
<id>https://git.enea.com/cgit/linux/meta-virtualization.git/atom?h=kirkstone</id>
<link rel='self' href='https://git.enea.com/cgit/linux/meta-virtualization.git/atom?h=kirkstone'/>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-virtualization.git/'/>
<updated>2025-04-02T02:22:33+00:00</updated>
<entry>
<title>buildah: upgrade 1.26.8 -&gt; 1.26.9</title>
<updated>2025-04-02T02:22:33+00:00</updated>
<author>
<name>Praveen Kumar</name>
<email>praveen.kumar@windriver.com</email>
</author>
<published>2025-03-27T07:35:28+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-virtualization.git/commit/?id=426530794bfc0df686566beed50e245f40565d6c'/>
<id>urn:sha1:426530794bfc0df686566beed50e245f40565d6c</id>
<content type='text'>
This upgrade fixes:
CVE-2024-11218

Changes in this Upgrade:
=========================
This upgrade from Buildah 1.26.8 to 1.26.9 includes important security and stability fixes:
- Fixes CVE-2024-11218
- Resolves TOCTOU error when bind and cache mounts use "src" values
- Fixes cache locks with multiple mounts
- Enhances volume handling and mount label options

For full details, refer to:
https://github.com/containers/buildah/releases/tag/v1.26.9

Signed-off-by: Praveen Kumar &lt;praveen.kumar@windriver.com&gt;
Signed-off-by: Bruce Ashfield &lt;bruce.ashfield@gmail.com&gt;
</content>
</entry>
<entry>
<title>buildah: fix CVE-2024-9676</title>
<updated>2025-01-30T18:54:28+00:00</updated>
<author>
<name>Chen Qi</name>
<email>Qi.Chen@windriver.com</email>
</author>
<published>2025-01-22T08:28:45+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-virtualization.git/commit/?id=fedb45ecead2970b41baba651820498193fc4097'/>
<id>urn:sha1:fedb45ecead2970b41baba651820498193fc4097</id>
<content type='text'>
Backport patch to fix CVE-2024-9676.

Signed-off-by: Chen Qi &lt;Qi.Chen@windriver.com&gt;
Signed-off-by: Bruce Ashfield &lt;bruce.ashfield@gmail.com&gt;
</content>
</entry>
<entry>
<title>buildah: add seccomp and ipv6 to REQUIRED_DISTRO_FEATURES</title>
<updated>2025-01-30T18:54:28+00:00</updated>
<author>
<name>Martin Jansa</name>
<email>Martin.Jansa@gmail.com</email>
</author>
<published>2025-01-22T08:28:44+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-virtualization.git/commit/?id=80dc21e4c1ccda7ae277b2e4c3a06c325a6a0095'/>
<id>urn:sha1:80dc21e4c1ccda7ae277b2e4c3a06c325a6a0095</id>
<content type='text'>
* because it rdepends on podman with the same restriction

* BTW: .gitignore has:
  build*/
  which gets triggered for buildah as well:
  meta-virtualization $ git add ./recipes-containers/buildah/buildah_git.bb
  The following paths are ignored by one of your .gitignore files:
  recipes-containers/buildah

  I've adjusted it to /build*/ only.

Signed-off-by: Martin Jansa &lt;Martin.Jansa@gmail.com&gt;
Signed-off-by: Bruce Ashfield &lt;bruce.ashfield@gmail.com&gt;
Signed-off-by: Chen Qi &lt;Qi.Chen@windriver.com&gt;
Signed-off-by: Bruce Ashfield &lt;bruce.ashfield@gmail.com&gt;
</content>
</entry>
<entry>
<title>buildah: update to 1.26.8</title>
<updated>2025-01-30T18:54:28+00:00</updated>
<author>
<name>Chen Qi</name>
<email>Qi.Chen@windriver.com</email>
</author>
<published>2025-01-22T08:28:43+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-virtualization.git/commit/?id=f9171b61cadfe4dfe0c3e658df2b0c570e6e2235'/>
<id>urn:sha1:f9171b61cadfe4dfe0c3e658df2b0c570e6e2235</id>
<content type='text'>
Signed-off-by: Chen Qi &lt;Qi.Chen@windriver.com&gt;
Signed-off-by: Bruce Ashfield &lt;bruce.ashfield@gmail.com&gt;
</content>
</entry>
<entry>
<title>buildah: add recipe for buildah v1.26</title>
<updated>2022-09-19T14:31:08+00:00</updated>
<author>
<name>sakib.sajal@windriver.com</name>
<email>sakib.sajal@windriver.com</email>
</author>
<published>2022-05-25T23:43:47+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-virtualization.git/commit/?id=8c5f038cb92fa4b02246d2d1479a003eecf5fe93'/>
<id>urn:sha1:8c5f038cb92fa4b02246d2d1479a003eecf5fe93</id>
<content type='text'>
buildah is a command line tool, to be installed and run on target,
that can be used to:
   - create a working container, either from scratch or using an image
     as a starting point
   - create an image, either from a working container or via the
     instructions in a Dockerfile
   - images can be built in either the OCI image format or the
     traditional upstream docker image format
   - mount a working container's root filesystem for manipulation
   - unmount a working container's root filesystem
   - use the updated contents of a container's root filesystem as a
     filesystem layer to create a new image
   - delete a working container or an image
   - rename a local container

Testing:
Setup the build directory:
   $ . oe-init-build-env &lt;build_dir&gt;

Add to local.conf:
   IMAGE_INSTALL:append = " buildah kernel-modules"
   KERNEL_FEATURES += "features/overlayfs/overlayfs.cfgi \
                       features/netfilter/netfilter.scc  \
                       features/lxc/lxc-enable.scc"
   IMAGE_ROOTFS_EXTRA_SPACE = "5242880"

Build image:
   $ bitbake core-image-minimal

Run the image:
   $ runqemu nographic kvm qemuparams="-m 4096"

On target:
Pull an image:
   &gt; cnt=$(buildah from fedora)

Or build from Dockerfile
   &gt; buildah bud -t &lt;image_name&gt;:&lt;tag&gt; .

Mount the image:
   &gt; mnt=$(buildah mount ${cnt})

Install packages on the container rootfs:
   &gt; dnf install --installroot $mnt &lt;packages_to_install&gt; -y

Copy local files to the container:
   &gt; buildah copy $cnt &lt;local_file&gt; &lt;dest_on_container&gt;

Save the changes to an image
   &gt; buildah commit --format docker $cnt &lt;name&gt;:&lt;tag&gt;

Run the image using buildah:
   &gt; buildah run $cnt /bin/sh

Or using docker:
   &gt; docker run -it &lt;name&gt;:&lt;tag&gt;

Signed-off-by: Sakib Sajal &lt;sakib.sajal@windriver.com&gt;
Signed-off-by: Bruce Ashfield &lt;bruce.ashfield@gmail.com&gt;
</content>
</entry>
</feed>
