Merge pull request #12224 from cdoern/scp

Podman Image SCP transfer patch

3 files changed, 40 insertions, 8 deletions

diff --git a/cmd/podman/images/scp.go b/cmd/podman/images/scp.go
index 67a531e6b..5c9cadc7a 100644
--- a/cmd/podman/images/scp.go
+++ b/cmd/podman/images/scp.go
@@ -137,9 +137,15 @@ func scp(cmd *cobra.Command, args []string) (finalErr error) {
 		scpOpts.Save.Format = "oci-archive"
 		abiErr := abiEng.Save(context.Background(), scpOpts.SourceImageName, []string{}, scpOpts.Save) // save the image locally before loading it on remote, local, or ssh
 		if abiErr != nil {
-			errors.Wrapf(abiErr, "could not save image as specified")
+			return errors.Wrapf(abiErr, "could not save image as specified")
 		}
 		if !rootless.IsRootless() && scpOpts.Rootless {
+			if scpOpts.User == "" {
+				scpOpts.User = os.Getenv("SUDO_USER")
+				if scpOpts.User == "" {
+					return errors.New("could not obtain root user, make sure the environmental variable SUDO_USER is set, and that this command is being run as root")
+				}
+			}
 			err := abiEng.Transfer(context.Background(), scpOpts)
 			if err != nil {
 				return err
@@ -270,7 +276,13 @@ func parseArgs(args []string, cfg *config.Config) (map[string]config.Destination
 	cliConnections := []string{}
 	switch len(args) {
 	case 1:
-		if strings.Contains(args[0], "::") {
+		if strings.Contains(args[0], "localhost") {
+			if strings.Split(args[0], "@")[0] != "root" {
+				return nil, errors.Wrapf(define.ErrInvalidArg, "cannot transfer images from any user besides root using sudo")
+			}
+			scpOpts.Rootless = true
+			scpOpts.SourceImageName = strings.Split(args[0], "::")[1]
+		} else if strings.Contains(args[0], "::") {
 			scpOpts.FromRemote = true
 			cliConnections = append(cliConnections, args[0])
 		} else {
@@ -282,11 +294,15 @@ func parseArgs(args []string, cfg *config.Config) (map[string]config.Destination
 		}
 	case 2:
 		if strings.Contains(args[0], "localhost") || strings.Contains(args[1], "localhost") { // only supporting root to local using sudo at the moment
-			scpOpts.Rootless = true
-			scpOpts.User = strings.Split(args[1], "@")[0]
-			scpOpts.SourceImageName = strings.Split(args[0], "::")[1]
 			if strings.Split(args[0], "@")[0] != "root" {
-				return nil, errors.Wrapf(define.ErrInvalidArg, "cannot transfer images from any user besides root using sudo")
+				return nil, errors.Wrapf(define.ErrInvalidArg, "currently, transferring images to a user account is not supported")
+			}
+			if len(strings.Split(args[0], "::")) > 1 {
+				scpOpts.Rootless = true
+				scpOpts.User = strings.Split(args[1], "@")[0]
+				scpOpts.SourceImageName = strings.Split(args[0], "::")[1]
+			} else {
+				return nil, errors.Wrapf(define.ErrInvalidArg, "currently, you cannot rename images during the transfer or transfer them to a user account")
 			}
 		} else if strings.Contains(args[0], "::") {
 			if !(strings.Contains(args[1], "::")) && remoteArgLength(args[0], 1) == 0 { // if an image is specified, this mean we are loading to our client
diff --git a/docs/source/markdown/podman-image-scp.1.md b/docs/source/markdown/podman-image-scp.1.md
index b4caf353a..d39882417 100644
--- a/docs/source/markdown/podman-image-scp.1.md
+++ b/docs/source/markdown/podman-image-scp.1.md
@@ -68,8 +68,6 @@ Copying blob e2eb06d8af82 done
 Copying config 696d33ca15 done
 Writing manifest to image destination
 Storing signatures
-Run Directory Obtained: /run/user/1000/
-[Run Root: /var/tmp/containers-user-1000/containers Graph Root: /root/.local/share/containers/storage DB Path: /root/.local/share/containers/storage/libpod/bolt_state.db]
 Getting image source signatures
 Copying blob 5eb901baf107 skipped: already exists
 Copying config 696d33ca15 done
@@ -78,6 +76,20 @@ Storing signatures
 Loaded image(s): docker.io/library/alpine:latest
 ```
 
+```
+$ sudo podman image scp root@localhost::alpine
+Copying blob e2eb06d8af82 done
+Copying config 696d33ca15 done
+Writing manifest to image destination
+Storing signatures
+Getting image source signatures
+Copying blob 5eb901baf107
+Copying config 696d33ca15 done
+Writing manifest to image destination
+Storing signatures
+Loaded image(s): docker.io/library/alpine:latest
+```
+
 ## SEE ALSO
 **[podman(1)](podman.1.md)**, **[podman-load(1)](podman-load.1.md)**, **[podman-save(1)](podman-save.1.md)**, **[podman-remote(1)](podman-remote.1.md)**, **[podman-system-connection-add(1)](podman-system-connection-add.1.md)**, **[containers.conf(5)](https://github.com/containers/common/blob/main/docs/containers.conf.5.md)**, **[containers-transports(5)](https://github.com/containers/image/blob/main/docs/containers-transports.5.md)**
 
diff --git a/test/e2e/image_scp_test.go b/test/e2e/image_scp_test.go
index acea2993d..3e7e8da48 100644
--- a/test/e2e/image_scp_test.go
+++ b/test/e2e/image_scp_test.go
@@ -78,6 +78,10 @@ var _ = Describe("podman image scp", func() {
 		list.WaitWithDefaultTimeout()
 		Expect(list).To(Exit(0))
 		Expect(list.LineInOutputStartsWith("quay.io/libpod/alpine")).To(BeTrue())
+
+		scp = podmanTest.PodmanAsUser([]string{"image", "scp", "root@localhost::" + ALPINE}, 0, 0, "", env) //transfer from root to rootless (us)
+		scp.WaitWithDefaultTimeout()
+		Expect(scp).To(Exit(0))
 	})
 
 	It("podman image scp bogus image", func() {