From 3fdb6ee2df1c94e05a89311231ccb7479075073d Mon Sep 17 00:00:00 2001
From: Aleksei Kosyrev <albnnc@gmail.com>
Date: Fri, 6 Oct 2023 16:00:13 +0300
Subject: [PATCH 1/2] Don't ignore containerfiles outside of build context

[NO NEW TESTS NEEDED]

Signed-off-by: Aleksei Kosyrev <albnnc@gmail.com>
---
 pkg/bindings/images/build.go | 22 +++++++++++++---------
 1 file changed, 13 insertions(+), 9 deletions(-)

diff --git a/pkg/bindings/images/build.go b/pkg/bindings/images/build.go
index 668484b715..171c156bfa 100644
--- a/pkg/bindings/images/build.go
+++ b/pkg/bindings/images/build.go
@@ -695,15 +695,19 @@ func nTar(excludes []string, sources ...string) (io.ReadCloser, error) {
 					}
 					name = filepath.ToSlash(path)
 				}
-				excluded, err := pm.Matches(name) //nolint:staticcheck
-				if err != nil {
-					return fmt.Errorf("checking if %q is excluded: %w", name, err)
-				}
-				if excluded {
-					// Note: filepath.SkipDir is not possible to use given .dockerignore semantics.
-					// An exception to exclusions may include an excluded directory, therefore we
-					// are required to visit all files. :(
-					return nil
+				// If name is absolute path, then it has to be containerfile outside of build context.
+				// If not, we should check it for being excluded via pattern matcher.
+				if !filepath.IsAbs(name) {
+					excluded, err := pm.Matches(name) //nolint:staticcheck
+					if err != nil {
+						return fmt.Errorf("checking if %q is excluded: %w", name, err)
+					}
+					if excluded {
+						// Note: filepath.SkipDir is not possible to use given .dockerignore semantics.
+						// An exception to exclusions may include an excluded directory, therefore we
+						// are required to visit all files. :(
+						return nil
+					}
 				}
 				switch {
 				case dentry.Type().IsRegular(): // add file item

From 732cec794eadf45ffe57a0305571e5779dcefa4c Mon Sep 17 00:00:00 2001
From: Aleksei Kosyrev <albnnc@gmail.com>
Date: Sat, 7 Oct 2023 10:55:51 +0300
Subject: [PATCH 2/2] Add system test

Signed-off-by: Aleksei Kosyrev <albnnc@gmail.com>
---
 test/system/070-build.bats | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/test/system/070-build.bats b/test/system/070-build.bats
index 56da8ef32d..c85f42818e 100644
--- a/test/system/070-build.bats
+++ b/test/system/070-build.bats
@@ -668,6 +668,25 @@ EOF
     run_podman rmi -f build_test
 }
 
+# Regression test for #20259
+@test "podman build with ignore '*' and containerfile outside of build context" {
+    local tmpdir=$PODMAN_TMPDIR/build-test-$(random_string 10)
+    mkdir -p $tmpdir
+    mkdir -p $tmpdir/context
+
+    cat >$tmpdir/Containerfile <<EOF
+FROM scratch
+EOF
+
+    cat >$tmpdir/context/.containerignore <<EOF
+*
+EOF
+    run_podman build -t build_test -f $tmpdir/Containerfile $tmpdir/context
+
+    # Clean up
+    run_podman rmi -f build_test
+}
+
 @test "podman build - stdin test" {
     # Random workdir, and random string to verify build output
     workdir=/$(random_string 10)