Buildah - a tool that facilitates building Open Container Initiative (OCI) container images

The Buildah package provides a command line tool that can be used to

create a working container, either from scratch or using an image as a starting point
create an image, either from a working container or via the instructions in a Dockerfile
images can be built in either the OCI image format or the traditional upstream docker image format
mount a working container's root filesystem for manipulation
unmount a working container's root filesystem
use the updated contents of a container's root filesystem as a filesystem layer to create a new image
delete a working container or an image
rename a local container

Buildah Information for Developers

For blogs, release announcements and more, please checkout the buildah.io website!

Buildah Demos

Changelog

Contributing

Development Plan

Installation notes

Troubleshooting Guide

Tutorials

Buildah and Podman relationship

Buildah and Podman are two complementary open-source projects that are available on most Linux platforms and both projects reside at GitHub.com with Buildah here and Podman here. Both, Buildah and Podman are command line tools that work on Open Container Initiative (OCI) images and containers. The two projects differentiate in their specialization.

Buildah specializes in building OCI images. Buildah's commands replicate all of the commands that are found in a Dockerfile. This allows building images with and without Dockerfiles while not requiring any root privileges. Buildah’s ultimate goal is to provide a lower-level coreutils interface to build images. The flexibility of building images without Dockerfiles allows for the integration of other scripting languages into the build process. Buildah follows a simple fork-exec model and does not run as a daemon but it is based on a comprehensive API in golang, which can be vendored into other tools.

Podman specializes in all of the commands and functions that help you to maintain and modify OCI images, such as pulling and tagging. It also allows you to create, run, and maintain those containers created from those images. For building container images via Dockerfiles, Podman uses Buildah's golang API and can be installed independently from Buildah.

A major difference between Podman and Buildah is their concept of a container. Podman allows users to create "traditional containers" where the intent of these containers is to be long lived. While Buildah containers are really just created to allow content to be added back to the container image. An easy way to think of it is the buildah run command emulates the RUN command in a Dockerfile while the podman run command emulates the docker run command in functionality. Because of this and their underlying storage differences, you can not see Podman containers from within Buildah or vice versa.

In short, Buildah is an efficient way to create OCI images while Podman allows you to manage and maintain those images and containers in a production environment using familiar container cli commands. For more details, see the Container Tools Guide.

Example

From ./examples/lighttpd.sh:

$ cat > lighttpd.sh <<"EOF"
#!/usr/bin/env bash -x

ctr1=$(buildah from "${1:-fedora}")

## Get all updates and install our minimal httpd server
buildah run "$ctr1" -- dnf update -y
buildah run "$ctr1" -- dnf install -y lighttpd

## Include some buildtime annotations
buildah config --annotation "com.example.build.host=$(uname -n)" "$ctr1"

## Run our server and expose the port
buildah config --cmd "/usr/sbin/lighttpd -D -f /etc/lighttpd/lighttpd.conf" "$ctr1"
buildah config --port 80 "$ctr1"

## Commit this container to an image name
buildah commit "$ctr1" "${2:-$USER/lighttpd}"
EOF

$ chmod +x lighttpd.sh
$ sudo ./lighttpd.sh

Commands

Command	Description
buildah-add(1)	Add the contents of a file, URL, or a directory to the container.
buildah-bud(1)	Build an image using instructions from Dockerfiles.
buildah-commit(1)	Create an image from a working container.
buildah-config(1)	Update image configuration settings.
buildah-containers(1)	List the working containers and their base images.
buildah-copy(1)	Copies the contents of a file, URL, or directory into a container's working directory.
buildah-from(1)	Creates a new working container, either from scratch or using a specified image as a starting point.
buildah-images(1)	List images in local storage.
buildah-info(1)	Display Buildah system information.
buildah-inspect(1)	Inspects the configuration of a container or image.
buildah-mount(1)	Mount the working container's root filesystem.
buildah-pull(1)	Pull an image from the specified location.
buildah-push(1)	Push an image from local storage to elsewhere.
buildah-rename(1)	Rename a local container.
buildah-rm(1)	Removes one or more working containers.
buildah-rmi(1)	Removes one or more images.
buildah-run(1)	Run a command inside of the container.
buildah-tag(1)	Add an additional name to a local image.
buildah-umount(1)	Unmount a working container's root file system.
buildah-unshare(1)	Launch a command in a user namespace with modified ID mappings.
buildah-version(1)	Display the Buildah Version Information

Future goals include:

more CI tests
additional CLI commands (?)

Name	Latest commit message	Commit time
Failed to load latest commit information.
.github	Add Pull Request Template	Mar 3, 2020
bind	bind: don't complain about missing mountpoints	Dec 6, 2019
chroot	vendor in latest containers/storage 1.18.0 and containers/common v0.7.0	Mar 31, 2020
cmd/buildah	Vendor in new go.etcd.io/bbolt	May 25, 2020
contrib	implementation of encrypt/decrypt push/pull/bud/from	May 18, 2020
demos	Ran buildah through codespell	Nov 20, 2019
docker	Move to containers/image v5.0.0	Oct 28, 2019
docs	Ammended docs	May 19, 2020
examples	fix lighttpd example	May 25, 2020
hack	Cirrus: Fixes from review feedback	May 4, 2020
imagebuildah	Warn on unset build arguments	May 21, 2020
logos	updating logo reference in README	Dec 13, 2017
manifests	manifest push --format: force an image type, not a list type	Feb 17, 2020
pkg	implementation of encrypt/decrypt push/pull/bud/from	May 18, 2020
tests	Warn on unset build arguments	May 21, 2020
util	fix resolve docker image name as transport	May 18, 2020
vendor	Bump github.com/containers/storage from 1.20.1 to 1.20.2	Jun 10, 2020
.cirrus.yml	Cirrus: Use pre-installed VM packages + F32	Apr 30, 2020
.gitignore	Update gitignore to exclude test Dockerfiles	Apr 13, 2020
.golangci.yml	Cirrus: Fixes from review feedback	May 4, 2020
CHANGELOG.md	Add CVE-2020-10696 to CHANGELOG.md and changelog.txt	Jun 2, 2020
CODE-OF-CONDUCT.md	Add Code of Conduct	Feb 8, 2020
CONTRIBUTING.md	Fix errors found by codespell	Mar 5, 2020
LICENSE	Initial commit	Jan 26, 2017
MAINTAINERS	Fix becoming a maintainer link	Jul 7, 2018
Makefile	Run (go mod tidy) before (go mod vendor) again	Apr 8, 2020
OWNERS	Add OWNERS File to Buildah	Oct 16, 2019
README.md	Bors-ng: Add documentation and status-icon	Feb 7, 2020
SECURITY.md	Add Security Policy	May 4, 2020
add.go	Do not skip the directory when the ignore pattern matches	Apr 7, 2020
bors.toml	Bors: Fix no. req. github reviews	Feb 7, 2020
btrfs_installed_tag.sh	Update shebangs to take env into consideration	Aug 20, 2019
btrfs_tag.sh	Update shebangs to take env into consideration	Aug 20, 2019
buildah.go	implementation of encrypt/decrypt push/pull/bud/from	May 18, 2020
changelog.txt	Add CVE-2020-10696 to CHANGELOG.md and changelog.txt	Jun 2, 2020
commit.go	remove dependency on openshift struct	May 22, 2020
common.go	implementation of encrypt/decrypt push/pull/bud/from	May 18, 2020
config.go	unmarshalConvertedConfig: avoid using the updated image's ref	Nov 5, 2019
delete.go	Allow container storage to manage the SELinux labels	Oct 21, 2018
developmentplan.md	Move buildah from projecatatomic/buildah to containers/buildah	Sep 18, 2018
digester.go	Use content digests in ADD/COPY history entries	Aug 16, 2019
go.mod	Bump github.com/containers/storage from 1.20.1 to 1.20.2	Jun 10, 2020
go.sum	Bump github.com/containers/storage from 1.20.1 to 1.20.2	Jun 10, 2020
image.go	fix error info about get signatures for containerImageSource	May 8, 2020
import.go	Handle configuration blobs for manifest lists	Nov 5, 2019
info.go	Fix errorf conventions	Apr 4, 2020
install.md	Bump imagebuilder for ARG fix	May 23, 2020
libdm_tag.sh	Update shebangs to take env into consideration	Aug 20, 2019
mount.go	Make sure we log or return every error	Oct 7, 2018
new.go	implementation of encrypt/decrypt push/pull/bud/from	May 18, 2020
new_test.go	Fix: setting the container name to the image	Jan 26, 2018
pull.go	implementation of encrypt/decrypt push/pull/bud/from	May 18, 2020
release.sh	Bump to v1.1	Jun 9, 2018
run.go	Add --devices flag to bud and from	Sep 7, 2019
run_linux.go	Fix errorf conventions	Apr 4, 2020
run_test.go	Fix errorf conventions	Apr 4, 2020
run_unsupported.go	allow podman to build a client for windows	Apr 26, 2019
seccomp.go	run: clear default seccomp filter if not enabled	Sep 5, 2018
seccomp_unsupported.go	run: clear default seccomp filter if not enabled	Sep 5, 2018
selinux.go	run: check if SELinux is enabled	Apr 25, 2019
selinux_tag.sh	Update shebangs to take env into consideration	Aug 20, 2019
selinux_unsupported.go	run: clear default seccomp filter if not enabled	Sep 5, 2018
troubleshooting.md	fix troubleshooting redirect instructions	Oct 28, 2019
unmount.go	Make sure we log or return every error	Oct 7, 2018
util.go	copyFileWithTar: close source files at the right time	Jan 9, 2020

containers / buildah

Join GitHub today

Clone with HTTPS

Downloading

Launching GitHub Desktop

Launching GitHub Desktop

Launching Xcode

Launching Visual Studio

Latest commit

Files

README.md

Buildah - a tool that facilitates building Open Container Initiative (OCI) container images

Buildah Information for Developers

Buildah and Podman relationship

Example

Commands