- The build-time variables are passed as environment-context for command(s)
run as part of the RUN primitve. These variables are not persisted in environment of
intermediate and final images when passed as context for RUN. The build environment
is prepended to the intermediate continer's command string for aiding cache lookups.
It also helps with build traceability. But this also makes the feature less secure from
point of view of passing build time secrets.
- The build-time variables also get used to expand the symbols used in certain
Dockerfile primitves like ADD, COPY, USER etc, without an explicit prior definiton using a
ENV primitive. These variables get persisted in the intermediate and final images
whenever they are expanded.
- The build-time variables are only expanded or passed to the RUN primtive if they
are defined in Dockerfile using the ARG primitive or belong to list of built-in variables.
HTTP_PROXY, HTTPS_PROXY, http_proxy, https_proxy, FTP_PROXY and NO_PROXY are built-in
variables that needn't be explicitly defined in Dockerfile to use this feature.
Signed-off-by: Madhav Puri <madhav.puri@gmail.com>
Upstream-commit: 54240f8da9992880e20a1508e9a6f0e59f2adef1
Component: engine
This way, images creators can set the exit signal their programs use.
Signed-off-by: David Calavera <david.calavera@gmail.com>
Upstream-commit: 3781cde61ff10b1d9114ae5b4c5c1d1b2c20a1ee
Component: engine
This adds support for Dockerfile commands to have options - e.g:
COPY --user=john foo /tmp/
COPY --ignore-mtime foo /tmp/
Supports both booleans and strings.
Signed-off-by: Doug Davis <dug@us.ibm.com>
Upstream-commit: a8e871b0bbbb63310f372332176875ffcc01aaf6
Component: engine
Save "LABEL" field in Dockerfile into image content.
This will allow a user to save user data into an image, which
can later be retrieved using:
docker inspect IMAGEID
I have copied this from the "Comment" handling in docker images.
We want to be able to add Name/Value data to an image to describe the image,
and then be able to use other tools to look at this data, to be able to do
security checks based on this data.
We are thinking about adding version names,
Perhaps listing the content of the dockerfile.
Descriptions of where the code came from etc.
This LABEL field should also be allowed to be specified in the
docker import --change LABEL:Name=Value
docker commit --change LABEL:Name=Value
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
Upstream-commit: cdfdfbfb6223fdd5b319942d412caac6bc09cdeb
Component: engine
We're hoping to add some new commands that don't have any args so this
PR will enable that by removing all of the hard-coded checks that require
commands to have at least one arg. It also adds some checks to each
command so we're consistent in the error message we get. Added a test
for this too.
We actually had this check in at least 3 different places (twice in the
parser and once in most cmds), this removes 2 of them (the parser ones).
Had to remove/modify some testcases because its now legal to have certain
commands w/o args - e.g. RUN. This was actually inconsistent because
we used to allow "RUN []" but not "RUN" even though they would generate
(almost) the same net result. Now we're consistent.
Signed-off-by: Doug Davis <dug@us.ibm.com>
Upstream-commit: e4f02abb51534e560311b0afcfb7b586d9587e67
Component: engine
Adjust builder to validate that JSON in Dockerfiles are arrays of strings and nothing else to match how we describe them to people (and what all our existing tests already assumed)
Upstream-commit: 640e0fc578e5acdaa71216a300396dfa9af8054f
Component: engine
This also adds more tests to help verify this, including unicode and nonprintable characters (hence the earlier commit switching to strconv.Quote).
As a bonus, this fixes a subtle bug where [] was turned into [""] and then turned back into [] (and thus [""] was impossible to actually round-trip correctly in a Dockerfile).
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
Upstream-commit: 05c2d2db9a95266217a639e2109be6fc6482a716
Component: engine
still supports the old form: ENV name value
Also, fixed an issue with the parser where it would ignore lines
at the end of the Dockerfile that ended with \
Closes#2333
Signed-off-by: Doug Davis <dug@us.ibm.com>
Upstream-commit: 1314e1586f8cd6201c16161eb960a743c727946b
Component: engine
If previous line ends with whitespace, or next line starts with whitepsace
we need to preserve a space otherwise things line:
RUN echo\
hello
will appear as: RUN echohello
Noticed this while looking at #5744 because he had lines ending in &&\
Signed-off-by: Doug Davis <dug@us.ibm.com>
Upstream-commit: f440c6b2246cc4cfac4c5d351172e209dca2c765
Component: engine
specified in a space delimited list.
Docker-DCO-1.1-Signed-off-by: Erik Hollensbe <github@hollensbe.org> (github: erikh)
Upstream-commit: a5ca549a18fb5c1006005cc220ab330eec3018de
Component: engine
