aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorOpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com>2021-09-02 10:27:16 -0400
committerGitHub <noreply@github.com>2021-09-02 10:27:16 -0400
commit469900406ac51332785455bc8668bd1c053badd6 (patch)
tree7eb39b91c2b9e235cda5298d604c517244c0836e
parentafa9987f876b08647e419e798a738f0f98e47600 (diff)
parentcba114dd3617b7f793fa43817058d40505f4d454 (diff)
downloadpodman-469900406ac51332785455bc8668bd1c053badd6.tar.gz
podman-469900406ac51332785455bc8668bd1c053badd6.tar.bz2
podman-469900406ac51332785455bc8668bd1c053badd6.zip
Merge pull request #11406 from flouthoc/manifest-rm-only-manifest
manifest: `rm` should not remove referenced images.
-rw-r--r--go.mod2
-rw-r--r--go.sum10
-rw-r--r--pkg/domain/entities/images.go2
-rw-r--r--pkg/domain/infra/abi/images.go1
-rw-r--r--pkg/domain/infra/abi/manifest.go2
-rw-r--r--pkg/domain/infra/tunnel/manifest.go2
-rw-r--r--test/e2e/manifest_test.go28
-rw-r--r--vendor/github.com/containers/common/libimage/disk_usage.go4
-rw-r--r--vendor/github.com/containers/common/libimage/image.go5
-rw-r--r--vendor/github.com/containers/common/libimage/runtime.go29
-rw-r--r--vendor/github.com/containers/common/pkg/config/config.go2
-rw-r--r--vendor/github.com/containers/common/pkg/config/containers.conf8
-rw-r--r--vendor/github.com/containers/common/pkg/config/default.go8
-rw-r--r--vendor/github.com/containers/common/pkg/seccomp/default_linux.go1
-rw-r--r--vendor/github.com/containers/common/pkg/seccomp/seccomp.json1
-rw-r--r--vendor/github.com/containers/common/version/version.go2
-rw-r--r--vendor/modules.txt2
17 files changed, 87 insertions, 22 deletions
diff --git a/go.mod b/go.mod
index 47ee24112..6030ceb9b 100644
--- a/go.mod
+++ b/go.mod
@@ -12,7 +12,7 @@ require (
github.com/containernetworking/cni v0.8.1
github.com/containernetworking/plugins v0.9.1
github.com/containers/buildah v1.22.3
- github.com/containers/common v0.43.2
+ github.com/containers/common v0.43.3-0.20210902095222-a7acc160fb25
github.com/containers/conmon v2.0.20+incompatible
github.com/containers/image/v5 v5.16.0
github.com/containers/ocicrypt v1.1.2
diff --git a/go.sum b/go.sum
index 3b17c08ee..19d2f8232 100644
--- a/go.sum
+++ b/go.sum
@@ -241,12 +241,11 @@ github.com/containernetworking/plugins v0.9.1/go.mod h1:xP/idU2ldlzN6m4p5LmGiwRD
github.com/containers/buildah v1.22.3 h1:RomxwUa24jMcqzXQetpw4wGMfNlNZLhc9qwyoWHblwc=
github.com/containers/buildah v1.22.3/go.mod h1:JVXRyx5Rkp5w5jwvaXe45kuHtyoxpERMjXrR45+3Wfg=
github.com/containers/common v0.42.1/go.mod h1:AaF3ipZfgezsctDuhzLkq4Vl+LkEy7J74ikh2HSXDsg=
-github.com/containers/common v0.43.2 h1:oSP5d5sDrq7OkoqLPVrLpi1LZOAwpTwOZXgPDHfmD0E=
-github.com/containers/common v0.43.2/go.mod h1:BAoVyRYlxKZKAYpHcFMdrXlIZyzbJp9NwKTgadTd/Dg=
+github.com/containers/common v0.43.3-0.20210902095222-a7acc160fb25 h1:zcFtn+MuCwpywchrRtZjFQxTJIcNb9vjlIeZktYgSzQ=
+github.com/containers/common v0.43.3-0.20210902095222-a7acc160fb25/go.mod h1:NIymxA8e3mUVnLoeGFoDgIrJeUmVA/djOqgMmO112Qw=
github.com/containers/conmon v2.0.20+incompatible h1:YbCVSFSCqFjjVwHTPINGdMX1F6JXHGTUje2ZYobNrkg=
github.com/containers/conmon v2.0.20+incompatible/go.mod h1:hgwZ2mtuDrppv78a/cOBNiCm6O0UMWGx1mu7P00nu5I=
github.com/containers/image/v5 v5.14.0/go.mod h1:SxiBKOcKuT+4yTjD0AskjO+UwFvNcVOJ9qlAw1HNSPU=
-github.com/containers/image/v5 v5.15.0/go.mod h1:gzdBcooi6AFdiqfzirUqv90hUyHyI0MMdaqKzACKr2s=
github.com/containers/image/v5 v5.15.2/go.mod h1:8jejVSzTDfyPwr/HXp9rri34n/vbdavYk6IzTiB3TBw=
github.com/containers/image/v5 v5.16.0 h1:WQcNSzb7+ngS2cfynx0vUwhk+scpgiKlldVcsF8GPbI=
github.com/containers/image/v5 v5.16.0/go.mod h1:XgTpfAPLRGOd1XYyCU5cISFr777bLmOerCSpt/v7+Q4=
@@ -261,9 +260,7 @@ github.com/containers/psgo v1.5.2 h1:3aoozst/GIwsrr/5jnFy3FrJay98uujPCu9lTuSZ/Cw
github.com/containers/psgo v1.5.2/go.mod h1:2ubh0SsreMZjSXW1Hif58JrEcFudQyIy9EzPUWfawVU=
github.com/containers/storage v1.23.5/go.mod h1:ha26Q6ngehFNhf3AWoXldvAvwI4jFe3ETQAf/CeZPyM=
github.com/containers/storage v1.32.6/go.mod h1:mdB+b89p+jU8zpzLTVXA0gWMmIo0WrkfGMh1R8O2IQw=
-github.com/containers/storage v1.33.0/go.mod h1:FUZPF4nJijX8ixdhByZJXf02cvbyLi6dyDwXdIe8QVY=
github.com/containers/storage v1.33.1/go.mod h1:FUZPF4nJijX8ixdhByZJXf02cvbyLi6dyDwXdIe8QVY=
-github.com/containers/storage v1.34.0/go.mod h1:t6I+hTgPU0/tVxQ75vw406wDi/TXwYBqZp4QZV9N7b8=
github.com/containers/storage v1.34.1/go.mod h1:FY2TcbfgCLMU4lYoKnlZeZXeH353TOTbpDEA+sAcqAY=
github.com/containers/storage v1.35.0 h1:bNduWshYm1tq4IPJRC+zLs3VQ+1tbauU0CZBaqzPxw4=
github.com/containers/storage v1.35.0/go.mod h1:qzYhasQP2/V9D9XdO+vRwkHBhsBO0oznMLzzRDQ8s20=
@@ -589,7 +586,6 @@ github.com/klauspost/compress v1.11.0/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYs
github.com/klauspost/compress v1.11.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
github.com/klauspost/compress v1.11.13/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
github.com/klauspost/compress v1.13.1/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg=
-github.com/klauspost/compress v1.13.3/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg=
github.com/klauspost/compress v1.13.4 h1:0zhec2I8zGnjWcKyLl6i3gPqKANCCn5e9xmviEEeX6s=
github.com/klauspost/compress v1.13.4/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg=
github.com/klauspost/pgzip v1.2.5 h1:qnWYvvKqedOF2ulHpMG72XQol4ILEJ8k2wwRl/Km8oE=
@@ -723,7 +719,6 @@ github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1y
github.com/onsi/gomega v1.10.3/go.mod h1:V9xEwhxec5O8UDM77eCW8vLymOMltsqPVYWrpDsH8xc=
github.com/onsi/gomega v1.10.5/go.mod h1:gza4q3jKQJijlu05nKWRCW/GavJumGt8aNRxWg7mt48=
github.com/onsi/gomega v1.14.0/go.mod h1:cIuvLEne0aoVhAgh/O6ac0Op8WWw9H6eYCriF+tEHG0=
-github.com/onsi/gomega v1.15.0/go.mod h1:cIuvLEne0aoVhAgh/O6ac0Op8WWw9H6eYCriF+tEHG0=
github.com/onsi/gomega v1.16.0 h1:6gjqkI8iiRHMvdccRJM8rVKjCWk6ZIm6FTm3ddIe4/c=
github.com/onsi/gomega v1.16.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY=
github.com/opencontainers/go-digest v0.0.0-20170106003457-a6d0ee40d420/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
@@ -763,7 +758,6 @@ github.com/opencontainers/selinux v1.5.1/go.mod h1:yTcKuYAh6R95iDpefGLQaPaRwJFwy
github.com/opencontainers/selinux v1.6.0/go.mod h1:VVGKuOLlE7v4PJyT6h7mNWvq1rzqiriPsEqVhc+svHE=
github.com/opencontainers/selinux v1.8.0/go.mod h1:RScLhm78qiWa2gbVCcGkC7tCGdgk3ogry1nUQF8Evvo=
github.com/opencontainers/selinux v1.8.2/go.mod h1:MUIHuUEvKB1wtJjQdOyYRgOnLD2xAPP8dBsCoU0KuF8=
-github.com/opencontainers/selinux v1.8.3/go.mod h1:HTvjPFoGMbpQsG886e3lQwnsRWtE4TC1OF3OUvG9FAo=
github.com/opencontainers/selinux v1.8.4 h1:krlgQ6/j9CkCXT5oW0yVXdQFOME3NjKuuAZXuR6O7P4=
github.com/opencontainers/selinux v1.8.4/go.mod h1:HTvjPFoGMbpQsG886e3lQwnsRWtE4TC1OF3OUvG9FAo=
github.com/openshift/imagebuilder v1.2.2-0.20210415181909-87f3e48c2656 h1:WaxyNFpmIDu4i6so9r6LVFIbSaXqsj8oitMitt86ae4=
diff --git a/pkg/domain/entities/images.go b/pkg/domain/entities/images.go
index 262b09cad..c575212b1 100644
--- a/pkg/domain/entities/images.go
+++ b/pkg/domain/entities/images.go
@@ -89,6 +89,8 @@ type ImageRemoveOptions struct {
All bool
// Foce will force image removal including containers using the images.
Force bool
+ // Confirms if given name is a manifest list and removes it, otherwise returns error.
+ LookupManifest bool
}
// ImageRemoveResponse is the response for removing one or more image(s) from storage
diff --git a/pkg/domain/infra/abi/images.go b/pkg/domain/infra/abi/images.go
index e8739615d..a88d38a10 100644
--- a/pkg/domain/infra/abi/images.go
+++ b/pkg/domain/infra/abi/images.go
@@ -521,6 +521,7 @@ func (ir *ImageEngine) Remove(ctx context.Context, images []string, opts entitie
libimageOptions := &libimage.RemoveImagesOptions{}
libimageOptions.Filters = []string{"readonly=false"}
libimageOptions.Force = opts.Force
+ libimageOptions.LookupManifest = opts.LookupManifest
if !opts.All {
libimageOptions.Filters = append(libimageOptions.Filters, "intermediate=false")
}
diff --git a/pkg/domain/infra/abi/manifest.go b/pkg/domain/infra/abi/manifest.go
index 666bc997d..1dd0686ac 100644
--- a/pkg/domain/infra/abi/manifest.go
+++ b/pkg/domain/infra/abi/manifest.go
@@ -306,7 +306,7 @@ func (ir *ImageEngine) ManifestRemove(ctx context.Context, names []string) (stri
// ManifestRm removes the specified manifest list from storage
func (ir *ImageEngine) ManifestRm(ctx context.Context, names []string) (report *entities.ImageRemoveReport, rmErrors []error) {
- return ir.Remove(ctx, names, entities.ImageRemoveOptions{})
+ return ir.Remove(ctx, names, entities.ImageRemoveOptions{LookupManifest: true})
}
// ManifestPush pushes a manifest list or image index to the destination
diff --git a/pkg/domain/infra/tunnel/manifest.go b/pkg/domain/infra/tunnel/manifest.go
index b8069405a..62634f561 100644
--- a/pkg/domain/infra/tunnel/manifest.go
+++ b/pkg/domain/infra/tunnel/manifest.go
@@ -85,7 +85,7 @@ func (ir *ImageEngine) ManifestRemove(ctx context.Context, names []string) (stri
// ManifestRm removes the specified manifest list from storage
func (ir *ImageEngine) ManifestRm(ctx context.Context, names []string) (*entities.ImageRemoveReport, []error) {
- return ir.Remove(ctx, names, entities.ImageRemoveOptions{})
+ return ir.Remove(ctx, names, entities.ImageRemoveOptions{LookupManifest: true})
}
// ManifestPush pushes a manifest list or image index to the destination
diff --git a/test/e2e/manifest_test.go b/test/e2e/manifest_test.go
index 95f90d4c1..27aaaba48 100644
--- a/test/e2e/manifest_test.go
+++ b/test/e2e/manifest_test.go
@@ -280,4 +280,32 @@ var _ = Describe("Podman manifest", func() {
session.WaitWithDefaultTimeout()
Expect(session).Should(Exit(1))
})
+
+ It("podman manifest rm should not remove referenced images", func() {
+ manifestList := "manifestlist"
+ imageName := "quay.io/libpod/busybox"
+
+ session := podmanTest.Podman([]string{"pull", imageName})
+ session.WaitWithDefaultTimeout()
+ Expect(session).Should(Exit(0))
+
+ session = podmanTest.Podman([]string{"manifest", "create", manifestList})
+ session.WaitWithDefaultTimeout()
+ Expect(session).Should(Exit(0))
+
+ session = podmanTest.Podman([]string{"manifest", "add", manifestList, imageName})
+ session.WaitWithDefaultTimeout()
+ Expect(session).Should(Exit(0))
+
+ session = podmanTest.Podman([]string{"manifest", "rm", manifestList})
+ session.WaitWithDefaultTimeout()
+ Expect(session).Should(Exit(0))
+
+ //image should still show up
+ session = podmanTest.Podman([]string{"images"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.OutputToString()).To(ContainSubstring(imageName))
+ Expect(session).Should(Exit(0))
+ })
+
})
diff --git a/vendor/github.com/containers/common/libimage/disk_usage.go b/vendor/github.com/containers/common/libimage/disk_usage.go
index edfd095a0..2cde09846 100644
--- a/vendor/github.com/containers/common/libimage/disk_usage.go
+++ b/vendor/github.com/containers/common/libimage/disk_usage.go
@@ -52,6 +52,10 @@ func (r *Runtime) DiskUsage(ctx context.Context) ([]ImageDiskUsage, error) {
// diskUsageForImage returns the disk-usage baseistics for the specified image.
func diskUsageForImage(ctx context.Context, image *Image, tree *layerTree) ([]ImageDiskUsage, error) {
+ if err := image.isCorrupted(""); err != nil {
+ return nil, err
+ }
+
base := ImageDiskUsage{
ID: image.ID(),
Created: image.Created(),
diff --git a/vendor/github.com/containers/common/libimage/image.go b/vendor/github.com/containers/common/libimage/image.go
index b4623a870..ff7d546e9 100644
--- a/vendor/github.com/containers/common/libimage/image.go
+++ b/vendor/github.com/containers/common/libimage/image.go
@@ -74,7 +74,10 @@ func (i *Image) isCorrupted(name string) error {
}
if _, err := ref.NewImage(context.Background(), nil); err != nil {
- return errors.Errorf("Image %s exists in local storage but may be corrupted: %v", name, err)
+ if name == "" {
+ name = i.ID()[:12]
+ }
+ return errors.Errorf("Image %s exists in local storage but may be corrupted (remove the image to resolve the issue): %v", name, err)
}
return nil
}
diff --git a/vendor/github.com/containers/common/libimage/runtime.go b/vendor/github.com/containers/common/libimage/runtime.go
index 26a04dad5..42461014d 100644
--- a/vendor/github.com/containers/common/libimage/runtime.go
+++ b/vendor/github.com/containers/common/libimage/runtime.go
@@ -161,8 +161,14 @@ type LookupImageOptions struct {
// If set, do not look for items/instances in the manifest list that
// match the current platform but return the manifest list as is.
+ // only check for manifest list, return ErrNotAManifestList if not found.
lookupManifest bool
+ // If matching images resolves to a manifest list, return manifest list
+ // instead of resolving to image instance, if manifest list is not found
+ // try resolving image.
+ ManifestList bool
+
// If the image resolves to a manifest list, we usually lookup a
// matching instance and error if none could be found. In this case,
// just return the manifest list. Required for image removal.
@@ -305,11 +311,14 @@ func (r *Runtime) lookupImageInLocalStorage(name, candidate string, options *Loo
}
return nil, err
}
- if options.lookupManifest {
+ if options.lookupManifest || options.ManifestList {
if isManifestList {
return image, nil
}
- return nil, errors.Wrapf(ErrNotAManifestList, candidate)
+ // return ErrNotAManifestList if lookupManifest is set otherwise try resolving image.
+ if options.lookupManifest {
+ return nil, errors.Wrapf(ErrNotAManifestList, candidate)
+ }
}
if isManifestList {
@@ -532,6 +541,11 @@ type RemoveImagesOptions struct {
// using a removed image. Use RemoveContainerFunc for a custom logic.
// If set, all child images will be removed as well.
Force bool
+ // LookupManifest will expect all specified names to be manifest lists (no instance look up).
+ // This allows for removing manifest lists.
+ // By default, RemoveImages will attempt to resolve to a manifest instance matching
+ // the local platform (i.e., os, architecture, variant).
+ LookupManifest bool
// RemoveContainerFunc allows for a custom logic for removing
// containers using a specific image. By default, all containers in
// the local containers storage will be removed (if Force is set).
@@ -591,13 +605,22 @@ func (r *Runtime) RemoveImages(ctx context.Context, names []string, options *Rem
toDelete := []string{}
// Look up images in the local containers storage and fill out
// toDelete and the deleteMap.
+
switch {
case len(names) > 0:
+ // prepare lookupOptions
+ var lookupOptions *LookupImageOptions
+ if options.LookupManifest {
+ // LookupManifest configured as true make sure we only remove manifests and no referenced images.
+ lookupOptions = &LookupImageOptions{lookupManifest: true}
+ } else {
+ lookupOptions = &LookupImageOptions{returnManifestIfNoInstance: true}
+ }
// Look up the images one-by-one. That allows for removing
// images that have been looked up successfully while reporting
// lookup errors at the end.
for _, name := range names {
- img, resolvedName, err := r.LookupImage(name, &LookupImageOptions{returnManifestIfNoInstance: true})
+ img, resolvedName, err := r.LookupImage(name, lookupOptions)
if err != nil {
appendError(err)
continue
diff --git a/vendor/github.com/containers/common/pkg/config/config.go b/vendor/github.com/containers/common/pkg/config/config.go
index e554bac70..f840472cc 100644
--- a/vendor/github.com/containers/common/pkg/config/config.go
+++ b/vendor/github.com/containers/common/pkg/config/config.go
@@ -778,7 +778,7 @@ func (c *NetworkConfig) Validate() error {
}
}
- if stringsEq(c.CNIPluginDirs, cniBinDir) {
+ if stringsEq(c.CNIPluginDirs, DefaultCNIPluginDirs) {
return nil
}
diff --git a/vendor/github.com/containers/common/pkg/config/containers.conf b/vendor/github.com/containers/common/pkg/config/containers.conf
index 0068a9a17..481405a1a 100644
--- a/vendor/github.com/containers/common/pkg/config/containers.conf
+++ b/vendor/github.com/containers/common/pkg/config/containers.conf
@@ -262,7 +262,13 @@ default_sysctls = [
# Path to directory where CNI plugin binaries are located.
#
-#cni_plugin_dirs = ["/usr/libexec/cni"]
+#cni_plugin_dirs = [
+# "/usr/local/libexec/cni",
+# "/usr/libexec/cni",
+# "/usr/local/lib/cni",
+# "/usr/lib/cni",
+# "/opt/cni/bin",
+#]
# The network name of the default CNI network to attach pods to.
#
diff --git a/vendor/github.com/containers/common/pkg/config/default.go b/vendor/github.com/containers/common/pkg/config/default.go
index 66531a2ba..b8dc21475 100644
--- a/vendor/github.com/containers/common/pkg/config/default.go
+++ b/vendor/github.com/containers/common/pkg/config/default.go
@@ -76,10 +76,12 @@ var (
"CAP_SYS_CHROOT",
}
- cniBinDir = []string{
+ // It may seem a bit unconventional, but it is necessary to do so
+ DefaultCNIPluginDirs = []string{
+ "/usr/local/libexec/cni",
"/usr/libexec/cni",
- "/usr/lib/cni",
"/usr/local/lib/cni",
+ "/usr/lib/cni",
"/opt/cni/bin",
}
@@ -207,7 +209,7 @@ func DefaultConfig() (*Config, error) {
DefaultNetwork: "podman",
DefaultSubnet: DefaultSubnet,
NetworkConfigDir: cniConfig,
- CNIPluginDirs: cniBinDir,
+ CNIPluginDirs: DefaultCNIPluginDirs,
},
Engine: *defaultEngineConfig,
Secrets: defaultSecretConfig(),
diff --git a/vendor/github.com/containers/common/pkg/seccomp/default_linux.go b/vendor/github.com/containers/common/pkg/seccomp/default_linux.go
index 725e0bfc7..cf333744c 100644
--- a/vendor/github.com/containers/common/pkg/seccomp/default_linux.go
+++ b/vendor/github.com/containers/common/pkg/seccomp/default_linux.go
@@ -236,6 +236,7 @@ func DefaultProfile() *Seccomp {
"madvise",
"mbind",
"memfd_create",
+ "memfd_secret",
"mincore",
"mkdir",
"mkdirat",
diff --git a/vendor/github.com/containers/common/pkg/seccomp/seccomp.json b/vendor/github.com/containers/common/pkg/seccomp/seccomp.json
index eeb41d5d8..c009134e3 100644
--- a/vendor/github.com/containers/common/pkg/seccomp/seccomp.json
+++ b/vendor/github.com/containers/common/pkg/seccomp/seccomp.json
@@ -242,6 +242,7 @@
"madvise",
"mbind",
"memfd_create",
+ "memfd_secret",
"mincore",
"mkdir",
"mkdirat",
diff --git a/vendor/github.com/containers/common/version/version.go b/vendor/github.com/containers/common/version/version.go
index 572fe9bbd..2e2d557e3 100644
--- a/vendor/github.com/containers/common/version/version.go
+++ b/vendor/github.com/containers/common/version/version.go
@@ -1,4 +1,4 @@
package version
// Version is the version of the build.
-const Version = "0.43.2"
+const Version = "0.43.3-dev"
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 3666ff40b..ab186c1e4 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -94,7 +94,7 @@ github.com/containers/buildah/pkg/overlay
github.com/containers/buildah/pkg/parse
github.com/containers/buildah/pkg/rusage
github.com/containers/buildah/util
-# github.com/containers/common v0.43.2
+# github.com/containers/common v0.43.3-0.20210902095222-a7acc160fb25
github.com/containers/common/libimage
github.com/containers/common/libimage/manifests
github.com/containers/common/pkg/apparmor