aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorValentin Rothberg <rothberg@redhat.com>2021-06-24 14:35:10 +0200
committerValentin Rothberg <rothberg@redhat.com>2021-06-25 09:56:21 +0200
commitf95b0995e521e252af52edaf57a31241d364e3d8 (patch)
tree438f53d11703722c6712cf1b84c9fe1efdc884d0
parentd1f57a07c24a0defc0b0027206fc4454307f64fa (diff)
downloadpodman-f95b0995e521e252af52edaf57a31241d364e3d8.tar.gz
podman-f95b0995e521e252af52edaf57a31241d364e3d8.tar.bz2
podman-f95b0995e521e252af52edaf57a31241d364e3d8.zip
remove `pkg/registries`
Pull the trigger on the `pkg/registries` package which acted as a proxy for `c/image/pkg/sysregistriesv2`. Callers should be using the packages from c/image directly, if needed at all. Also make use of libimage's SystemContext() method which returns a copy of a system context, further reducing the risk of unintentionally altering global data. [NO TESTS NEEDED] Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
-rw-r--r--cmd/podman/common/completion.go4
-rw-r--r--cmd/podman/login.go24
-rw-r--r--cmd/podman/logout.go9
-rw-r--r--go.mod2
-rw-r--r--go.sum4
-rw-r--r--libpod/info.go8
-rw-r--r--libpod/runtime.go22
-rw-r--r--libpod/runtime_img_test.go54
-rw-r--r--pkg/api/handlers/compat/auth.go14
-rw-r--r--pkg/registries/registries.go85
-rw-r--r--vendor/github.com/containers/common/libimage/runtime.go5
-rw-r--r--vendor/modules.txt2
12 files changed, 52 insertions, 181 deletions
diff --git a/cmd/podman/common/completion.go b/cmd/podman/common/completion.go
index c93f2017c..177d094aa 100644
--- a/cmd/podman/common/completion.go
+++ b/cmd/podman/common/completion.go
@@ -8,11 +8,11 @@ import (
"strings"
"github.com/containers/common/pkg/config"
+ "github.com/containers/image/v5/pkg/sysregistriesv2"
"github.com/containers/podman/v3/cmd/podman/registry"
"github.com/containers/podman/v3/libpod/define"
"github.com/containers/podman/v3/pkg/domain/entities"
"github.com/containers/podman/v3/pkg/network"
- "github.com/containers/podman/v3/pkg/registries"
"github.com/containers/podman/v3/pkg/rootless"
systemdDefine "github.com/containers/podman/v3/pkg/systemd/define"
"github.com/containers/podman/v3/pkg/util"
@@ -236,7 +236,7 @@ func getSecrets(cmd *cobra.Command, toComplete string) ([]string, cobra.ShellCom
}
func getRegistries() ([]string, cobra.ShellCompDirective) {
- regs, err := registries.GetRegistries()
+ regs, err := sysregistriesv2.UnqualifiedSearchRegistries(nil)
if err != nil {
cobra.CompErrorln(err.Error())
return nil, cobra.ShellCompDirectiveNoFileComp
diff --git a/cmd/podman/login.go b/cmd/podman/login.go
index 2101e32e2..a8dadf5cd 100644
--- a/cmd/podman/login.go
+++ b/cmd/podman/login.go
@@ -9,7 +9,6 @@ import (
"github.com/containers/image/v5/types"
"github.com/containers/podman/v3/cmd/podman/common"
"github.com/containers/podman/v3/cmd/podman/registry"
- "github.com/containers/podman/v3/pkg/registries"
"github.com/spf13/cobra"
)
@@ -63,12 +62,29 @@ func login(cmd *cobra.Command, args []string) error {
skipTLS = types.NewOptionalBool(!loginOptions.tlsVerify)
}
- sysCtx := types.SystemContext{
+ sysCtx := &types.SystemContext{
AuthFilePath: loginOptions.AuthFile,
DockerCertPath: loginOptions.CertDir,
DockerInsecureSkipTLSVerify: skipTLS,
- SystemRegistriesConfPath: registries.SystemRegistriesConfPath(),
}
+ setRegistriesConfPath(sysCtx)
loginOptions.GetLoginSet = cmd.Flag("get-login").Changed
- return auth.Login(context.Background(), &sysCtx, &loginOptions.LoginOptions, args)
+ return auth.Login(context.Background(), sysCtx, &loginOptions.LoginOptions, args)
+}
+
+// setRegistriesConfPath sets the registries.conf path for the specified context.
+// NOTE: this is a verbatim copy from c/common/libimage which we're not using
+// to prevent leaking c/storage into this file. Maybe this should go into c/image?
+func setRegistriesConfPath(systemContext *types.SystemContext) {
+ if systemContext.SystemRegistriesConfPath != "" {
+ return
+ }
+ if envOverride, ok := os.LookupEnv("CONTAINERS_REGISTRIES_CONF"); ok {
+ systemContext.SystemRegistriesConfPath = envOverride
+ return
+ }
+ if envOverride, ok := os.LookupEnv("REGISTRIES_CONFIG_PATH"); ok {
+ systemContext.SystemRegistriesConfPath = envOverride
+ return
+ }
}
diff --git a/cmd/podman/logout.go b/cmd/podman/logout.go
index 092ad2610..0ee134635 100644
--- a/cmd/podman/logout.go
+++ b/cmd/podman/logout.go
@@ -8,7 +8,6 @@ import (
"github.com/containers/image/v5/types"
"github.com/containers/podman/v3/cmd/podman/common"
"github.com/containers/podman/v3/cmd/podman/registry"
- "github.com/containers/podman/v3/pkg/registries"
"github.com/spf13/cobra"
)
@@ -48,9 +47,9 @@ func init() {
// Implementation of podman-logout.
func logout(cmd *cobra.Command, args []string) error {
- sysCtx := types.SystemContext{
- AuthFilePath: logoutOptions.AuthFile,
- SystemRegistriesConfPath: registries.SystemRegistriesConfPath(),
+ sysCtx := &types.SystemContext{
+ AuthFilePath: logoutOptions.AuthFile,
}
- return auth.Logout(&sysCtx, &logoutOptions, args)
+ setRegistriesConfPath(sysCtx)
+ return auth.Logout(sysCtx, &logoutOptions, args)
}
diff --git a/go.mod b/go.mod
index e8ebb88fe..f2be04a9d 100644
--- a/go.mod
+++ b/go.mod
@@ -12,7 +12,7 @@ require (
github.com/containernetworking/cni v0.8.1
github.com/containernetworking/plugins v0.9.1
github.com/containers/buildah v1.21.1
- github.com/containers/common v0.40.2-0.20210623133759-d13a31743aec
+ github.com/containers/common v0.40.2-0.20210624120009-b1d3c4dc2515
github.com/containers/conmon v2.0.20+incompatible
github.com/containers/image/v5 v5.13.2
github.com/containers/ocicrypt v1.1.1
diff --git a/go.sum b/go.sum
index e2a83a95f..6e4c84ba6 100644
--- a/go.sum
+++ b/go.sum
@@ -221,8 +221,8 @@ github.com/containernetworking/plugins v0.9.1/go.mod h1:xP/idU2ldlzN6m4p5LmGiwRD
github.com/containers/buildah v1.21.1 h1:e9LmTCUKUBLg72v5DnIOT/wc8ffkfB7LbpQBywLZo20=
github.com/containers/buildah v1.21.1/go.mod h1:yPdlpVd93T+i91yGxrJbW1YOWrqN64j5ZhHOZmHUejs=
github.com/containers/common v0.38.4/go.mod h1:egfpX/Y3+19Dz4Wa1eRZDdgzoEOeneieF9CQppKzLBg=
-github.com/containers/common v0.40.2-0.20210623133759-d13a31743aec h1:ZcteA2klZSZAZgVonwJAqezF6hdO9SMKUy49ZHXZd38=
-github.com/containers/common v0.40.2-0.20210623133759-d13a31743aec/go.mod h1:J23CfuhN1fAg85q5HxS6SKYhKbGqmqieKQqoHaQbEI8=
+github.com/containers/common v0.40.2-0.20210624120009-b1d3c4dc2515 h1:ih6akqzrwgKFRxLzdoRBFRUlIGbDWPoDYxhn5GihfXM=
+github.com/containers/common v0.40.2-0.20210624120009-b1d3c4dc2515/go.mod h1:J23CfuhN1fAg85q5HxS6SKYhKbGqmqieKQqoHaQbEI8=
github.com/containers/conmon v2.0.20+incompatible h1:YbCVSFSCqFjjVwHTPINGdMX1F6JXHGTUje2ZYobNrkg=
github.com/containers/conmon v2.0.20+incompatible/go.mod h1:hgwZ2mtuDrppv78a/cOBNiCm6O0UMWGx1mu7P00nu5I=
github.com/containers/image/v5 v5.12.0/go.mod h1:VasTuHmOw+uD0oHCfApQcMO2+36SfyncoSahU7513Xs=
diff --git a/libpod/info.go b/libpod/info.go
index 461e39a48..cdc73780f 100644
--- a/libpod/info.go
+++ b/libpod/info.go
@@ -15,10 +15,10 @@ import (
"github.com/containers/buildah"
"github.com/containers/common/pkg/apparmor"
"github.com/containers/common/pkg/seccomp"
+ "github.com/containers/image/v5/pkg/sysregistriesv2"
"github.com/containers/podman/v3/libpod/define"
"github.com/containers/podman/v3/libpod/linkmode"
"github.com/containers/podman/v3/pkg/cgroups"
- registries2 "github.com/containers/podman/v3/pkg/registries"
"github.com/containers/podman/v3/pkg/rootless"
"github.com/containers/storage"
"github.com/containers/storage/pkg/system"
@@ -49,14 +49,16 @@ func (r *Runtime) info() (*define.Info, error) {
}
info.Store = storeInfo
registries := make(map[string]interface{})
- data, err := registries2.GetRegistriesData()
+
+ sys := r.SystemContext()
+ data, err := sysregistriesv2.GetRegistries(sys)
if err != nil {
return nil, errors.Wrapf(err, "error getting registries")
}
for _, reg := range data {
registries[reg.Prefix] = reg
}
- regs, err := registries2.GetRegistries()
+ regs, err := sysregistriesv2.UnqualifiedSearchRegistries(sys)
if err != nil {
return nil, errors.Wrapf(err, "error getting registries")
}
diff --git a/libpod/runtime.go b/libpod/runtime.go
index f53789e89..d31d00ae4 100644
--- a/libpod/runtime.go
+++ b/libpod/runtime.go
@@ -29,7 +29,6 @@ import (
"github.com/containers/podman/v3/libpod/plugin"
"github.com/containers/podman/v3/libpod/shutdown"
"github.com/containers/podman/v3/pkg/cgroups"
- "github.com/containers/podman/v3/pkg/registries"
"github.com/containers/podman/v3/pkg/rootless"
"github.com/containers/podman/v3/pkg/util"
"github.com/containers/storage"
@@ -932,7 +931,9 @@ func (r *Runtime) LibimageRuntime() *libimage.Runtime {
// SystemContext returns the imagecontext
func (r *Runtime) SystemContext() *types.SystemContext {
- return r.imageContext
+ // Return the context from the libimage runtime. libimage is sensitive
+ // to a number of env vars.
+ return r.libimageRuntime.SystemContext()
}
// GetOCIRuntimePath retrieves the path of the default OCI runtime.
@@ -1042,9 +1043,9 @@ func (r *Runtime) Reload() error {
if err := r.reloadStorageConf(); err != nil {
return err
}
- if err := reloadRegistriesConf(); err != nil {
- return err
- }
+ // Invalidate the registries.conf cache. The next invocation will
+ // reload all data.
+ sysregistriesv2.InvalidateCache()
return nil
}
@@ -1059,17 +1060,6 @@ func (r *Runtime) reloadContainersConf() error {
return nil
}
-// reloadRegistries reloads the registries.conf
-func reloadRegistriesConf() error {
- sysregistriesv2.InvalidateCache()
- registries, err := sysregistriesv2.GetRegistries(&types.SystemContext{SystemRegistriesConfPath: registries.SystemRegistriesConfPath()})
- if err != nil {
- return err
- }
- logrus.Infof("applied new registry configuration: %+v", registries)
- return nil
-}
-
// reloadStorageConf reloads the storage.conf
func (r *Runtime) reloadStorageConf() error {
configFile, err := storage.DefaultConfigFile(rootless.IsRootless())
diff --git a/libpod/runtime_img_test.go b/libpod/runtime_img_test.go
deleted file mode 100644
index c25f3f08c..000000000
--- a/libpod/runtime_img_test.go
+++ /dev/null
@@ -1,54 +0,0 @@
-package libpod
-
-import (
- "io/ioutil"
- "os"
- "reflect"
- "testing"
-
- sysreg "github.com/containers/podman/v3/pkg/registries"
- "github.com/stretchr/testify/assert"
-)
-
-var (
- registry = `[registries.search]
-registries = ['one']
-
-[registries.insecure]
-registries = ['two']`
-)
-
-func createTmpFile(content []byte) (string, error) {
- tmpfile, err := ioutil.TempFile(os.TempDir(), "unittest")
- if err != nil {
- return "", err
- }
-
- if _, err := tmpfile.Write(content); err != nil {
- return "", err
- }
- if err := tmpfile.Close(); err != nil {
- return "", err
- }
- return tmpfile.Name(), nil
-}
-
-func TestGetRegistries(t *testing.T) {
- registryPath, err := createTmpFile([]byte(registry))
- assert.NoError(t, err)
- defer os.Remove(registryPath)
- os.Setenv("CONTAINERS_REGISTRIES_CONF", registryPath)
- registries, err := sysreg.GetRegistries()
- assert.NoError(t, err)
- assert.True(t, reflect.DeepEqual(registries, []string{"one"}))
-}
-
-func TestGetInsecureRegistries(t *testing.T) {
- registryPath, err := createTmpFile([]byte(registry))
- assert.NoError(t, err)
- os.Setenv("CONTAINERS_REGISTRIES_CONF", registryPath)
- defer os.Remove(registryPath)
- registries, err := sysreg.GetInsecureRegistries()
- assert.NoError(t, err)
- assert.True(t, reflect.DeepEqual(registries, []string{"two"}))
-}
diff --git a/pkg/api/handlers/compat/auth.go b/pkg/api/handlers/compat/auth.go
index 2c152fbc2..3594c9781 100644
--- a/pkg/api/handlers/compat/auth.go
+++ b/pkg/api/handlers/compat/auth.go
@@ -9,9 +9,9 @@ import (
DockerClient "github.com/containers/image/v5/docker"
"github.com/containers/image/v5/types"
+ "github.com/containers/podman/v3/libpod"
"github.com/containers/podman/v3/pkg/api/handlers/utils"
"github.com/containers/podman/v3/pkg/domain/entities"
- "github.com/containers/podman/v3/pkg/registries"
docker "github.com/docker/docker/api/types"
"github.com/pkg/errors"
)
@@ -37,15 +37,13 @@ func Auth(w http.ResponseWriter, r *http.Request) {
skipTLS = types.NewOptionalBool(true)
}
+ runtime := r.Context().Value("runtime").(*libpod.Runtime)
+ sysCtx := runtime.SystemContext()
+ sysCtx.DockerInsecureSkipTLSVerify = skipTLS
+
fmt.Println("Authenticating with existing credentials...")
- sysCtx := types.SystemContext{
- AuthFilePath: "",
- DockerCertPath: "",
- DockerInsecureSkipTLSVerify: skipTLS,
- SystemRegistriesConfPath: registries.SystemRegistriesConfPath(),
- }
registry := stripAddressOfScheme(authConfig.ServerAddress)
- if err := DockerClient.CheckAuth(context.Background(), &sysCtx, authConfig.Username, authConfig.Password, registry); err == nil {
+ if err := DockerClient.CheckAuth(context.Background(), sysCtx, authConfig.Username, authConfig.Password, registry); err == nil {
utils.WriteResponse(w, http.StatusOK, entities.AuthReport{
IdentityToken: "",
Status: "Login Succeeded",
diff --git a/pkg/registries/registries.go b/pkg/registries/registries.go
deleted file mode 100644
index 34c9138e3..000000000
--- a/pkg/registries/registries.go
+++ /dev/null
@@ -1,85 +0,0 @@
-package registries
-
-// TODO: this package should not exist anymore. Users should either use
-// c/image's `sysregistriesv2` package directly OR, even better, we cache a
-// config in libpod's image runtime so we don't need to parse the
-// registries.conf files redundantly.
-
-import (
- "os"
- "path/filepath"
-
- "github.com/containers/image/v5/pkg/sysregistriesv2"
- "github.com/containers/image/v5/types"
- "github.com/containers/podman/v3/pkg/rootless"
- "github.com/pkg/errors"
-)
-
-// userRegistriesFile is the path to the per user registry configuration file.
-var userRegistriesFile = filepath.Join(os.Getenv("HOME"), ".config/containers/registries.conf")
-
-// SystemRegistriesConfPath returns an appropriate value for types.SystemContext.SystemRegistriesConfPath
-// (possibly "", which is not an error), taking into account rootless mode and environment variable overrides.
-//
-// FIXME: This should be centralized in a global SystemContext initializer inherited throughout the code,
-// not haphazardly called throughout the way it is being called now.
-func SystemRegistriesConfPath() string {
- if envOverride, ok := os.LookupEnv("CONTAINERS_REGISTRIES_CONF"); ok {
- return envOverride
- }
- if envOverride, ok := os.LookupEnv("REGISTRIES_CONFIG_PATH"); ok {
- return envOverride
- }
-
- if rootless.IsRootless() {
- if _, err := os.Stat(userRegistriesFile); err == nil {
- return userRegistriesFile
- }
- }
-
- return ""
-}
-
-// GetRegistriesData obtains the list of registries
-func GetRegistriesData() ([]sysregistriesv2.Registry, error) {
- registries, err := sysregistriesv2.GetRegistries(&types.SystemContext{SystemRegistriesConfPath: SystemRegistriesConfPath()})
- if err != nil {
- return nil, errors.Wrapf(err, "unable to parse the registries.conf file")
- }
- return registries, nil
-}
-
-// GetRegistries obtains the list of search registries defined in the global registries file.
-func GetRegistries() ([]string, error) {
- return sysregistriesv2.UnqualifiedSearchRegistries(&types.SystemContext{SystemRegistriesConfPath: SystemRegistriesConfPath()})
-}
-
-// GetBlockedRegistries obtains the list of blocked registries defined in the global registries file.
-func GetBlockedRegistries() ([]string, error) {
- var blockedRegistries []string
- registries, err := GetRegistriesData()
- if err != nil {
- return nil, err
- }
- for _, reg := range registries {
- if reg.Blocked {
- blockedRegistries = append(blockedRegistries, reg.Prefix)
- }
- }
- return blockedRegistries, nil
-}
-
-// GetInsecureRegistries obtains the list of insecure registries from the global registration file.
-func GetInsecureRegistries() ([]string, error) {
- var insecureRegistries []string
- registries, err := GetRegistriesData()
- if err != nil {
- return nil, err
- }
- for _, reg := range registries {
- if reg.Insecure {
- insecureRegistries = append(insecureRegistries, reg.Prefix)
- }
- }
- return insecureRegistries, nil
-}
diff --git a/vendor/github.com/containers/common/libimage/runtime.go b/vendor/github.com/containers/common/libimage/runtime.go
index 3cbd3dcf4..d07d6a83a 100644
--- a/vendor/github.com/containers/common/libimage/runtime.go
+++ b/vendor/github.com/containers/common/libimage/runtime.go
@@ -54,6 +54,11 @@ type Runtime struct {
}
// Returns a copy of the runtime's system context.
+func (r *Runtime) SystemContext() *types.SystemContext {
+ return r.systemContextCopy()
+}
+
+// Returns a copy of the runtime's system context.
func (r *Runtime) systemContextCopy() *types.SystemContext {
var sys types.SystemContext
deepcopy.Copy(&sys, &r.systemContext)
diff --git a/vendor/modules.txt b/vendor/modules.txt
index c4cfc0d83..b749ff8e3 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -93,7 +93,7 @@ github.com/containers/buildah/pkg/overlay
github.com/containers/buildah/pkg/parse
github.com/containers/buildah/pkg/rusage
github.com/containers/buildah/util
-# github.com/containers/common v0.40.2-0.20210623133759-d13a31743aec
+# github.com/containers/common v0.40.2-0.20210624120009-b1d3c4dc2515
github.com/containers/common/libimage
github.com/containers/common/libimage/manifests
github.com/containers/common/pkg/apparmor