aboutsummaryrefslogtreecommitdiff
path: root/libpod/common
diff options
context:
space:
mode:
authorMatthew Heon <matthew.heon@gmail.com>2017-11-01 11:24:59 -0400
committerMatthew Heon <matthew.heon@gmail.com>2017-11-01 11:24:59 -0400
commita031b83a09a8628435317a03f199cdc18b78262f (patch)
treebc017a96769ce6de33745b8b0b1304ccf38e9df0 /libpod/common
parent2b74391cd5281f6fdf391ff8ad50fd1490f6bf89 (diff)
downloadpodman-a031b83a09a8628435317a03f199cdc18b78262f.tar.gz
podman-a031b83a09a8628435317a03f199cdc18b78262f.tar.bz2
podman-a031b83a09a8628435317a03f199cdc18b78262f.zip
Initial checkin from CRI-O repo
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Diffstat (limited to 'libpod/common')
-rw-r--r--libpod/common/common.go99
-rw-r--r--libpod/common/docker_registry_options.go34
-rw-r--r--libpod/common/output_interfaces.go1
-rw-r--r--libpod/common/signing_options.go10
4 files changed, 144 insertions, 0 deletions
diff --git a/libpod/common/common.go b/libpod/common/common.go
new file mode 100644
index 000000000..775d391da
--- /dev/null
+++ b/libpod/common/common.go
@@ -0,0 +1,99 @@
+package common
+
+import (
+ "io"
+ "strings"
+ "syscall"
+
+ cp "github.com/containers/image/copy"
+ "github.com/containers/image/signature"
+ "github.com/containers/image/types"
+ "github.com/pkg/errors"
+)
+
+var (
+ // ErrNoPassword is returned if the user did not supply a password
+ ErrNoPassword = errors.Wrapf(syscall.EINVAL, "password was not supplied")
+)
+
+// GetCopyOptions constructs a new containers/image/copy.Options{} struct from the given parameters
+func GetCopyOptions(reportWriter io.Writer, signaturePolicyPath string, srcDockerRegistry, destDockerRegistry *DockerRegistryOptions, signing SigningOptions, authFile string) *cp.Options {
+ if srcDockerRegistry == nil {
+ srcDockerRegistry = &DockerRegistryOptions{}
+ }
+ if destDockerRegistry == nil {
+ destDockerRegistry = &DockerRegistryOptions{}
+ }
+ srcContext := srcDockerRegistry.GetSystemContext(signaturePolicyPath, authFile)
+ destContext := destDockerRegistry.GetSystemContext(signaturePolicyPath, authFile)
+ return &cp.Options{
+ RemoveSignatures: signing.RemoveSignatures,
+ SignBy: signing.SignBy,
+ ReportWriter: reportWriter,
+ SourceCtx: srcContext,
+ DestinationCtx: destContext,
+ }
+}
+
+// GetSystemContext Constructs a new containers/image/types.SystemContext{} struct from the given signaturePolicy path
+func GetSystemContext(signaturePolicyPath, authFilePath string) *types.SystemContext {
+ sc := &types.SystemContext{}
+ if signaturePolicyPath != "" {
+ sc.SignaturePolicyPath = signaturePolicyPath
+ }
+ sc.AuthFilePath = authFilePath
+ return sc
+}
+
+// CopyStringStringMap deep copies a map[string]string and returns the result
+func CopyStringStringMap(m map[string]string) map[string]string {
+ n := map[string]string{}
+ for k, v := range m {
+ n[k] = v
+ }
+ return n
+}
+
+// IsTrue determines whether the given string equals "true"
+func IsTrue(str string) bool {
+ return str == "true"
+}
+
+// IsFalse determines whether the given string equals "false"
+func IsFalse(str string) bool {
+ return str == "false"
+}
+
+// IsValidBool determines whether the given string equals "true" or "false"
+func IsValidBool(str string) bool {
+ return IsTrue(str) || IsFalse(str)
+}
+
+// GetPolicyContext creates a signature policy context for the given signature policy path
+func GetPolicyContext(path string) (*signature.PolicyContext, error) {
+ policy, err := signature.DefaultPolicy(&types.SystemContext{SignaturePolicyPath: path})
+ if err != nil {
+ return nil, err
+ }
+ return signature.NewPolicyContext(policy)
+}
+
+// ParseRegistryCreds takes a credentials string in the form USERNAME:PASSWORD
+// and returns a DockerAuthConfig
+func ParseRegistryCreds(creds string) (*types.DockerAuthConfig, error) {
+ if creds == "" {
+ return nil, errors.New("no credentials supplied")
+ }
+ if !strings.Contains(creds, ":") {
+ return &types.DockerAuthConfig{
+ Username: creds,
+ Password: "",
+ }, ErrNoPassword
+ }
+ v := strings.SplitN(creds, ":", 2)
+ cfg := &types.DockerAuthConfig{
+ Username: v[0],
+ Password: v[1],
+ }
+ return cfg, nil
+}
diff --git a/libpod/common/docker_registry_options.go b/libpod/common/docker_registry_options.go
new file mode 100644
index 000000000..24fa5c03e
--- /dev/null
+++ b/libpod/common/docker_registry_options.go
@@ -0,0 +1,34 @@
+package common
+
+import "github.com/containers/image/types"
+
+// DockerRegistryOptions encapsulates settings that affect how we connect or
+// authenticate to a remote registry.
+type DockerRegistryOptions struct {
+ // DockerRegistryCreds is the user name and password to supply in case
+ // we need to pull an image from a registry, and it requires us to
+ // authenticate.
+ DockerRegistryCreds *types.DockerAuthConfig
+ // DockerCertPath is the location of a directory containing CA
+ // certificates which will be used to verify the registry's certificate
+ // (all files with names ending in ".crt"), and possibly client
+ // certificates and private keys (pairs of files with the same name,
+ // except for ".cert" and ".key" suffixes).
+ DockerCertPath string
+ // DockerInsecureSkipTLSVerify turns off verification of TLS
+ // certificates and allows connecting to registries without encryption.
+ DockerInsecureSkipTLSVerify bool
+}
+
+// GetSystemContext constructs a new system context from the given signaturePolicy path and the
+// values in the DockerRegistryOptions
+func (o DockerRegistryOptions) GetSystemContext(signaturePolicyPath, authFile string) *types.SystemContext {
+ sc := &types.SystemContext{
+ SignaturePolicyPath: signaturePolicyPath,
+ DockerAuthConfig: o.DockerRegistryCreds,
+ DockerCertPath: o.DockerCertPath,
+ DockerInsecureSkipTLSVerify: o.DockerInsecureSkipTLSVerify,
+ AuthFilePath: authFile,
+ }
+ return sc
+}
diff --git a/libpod/common/output_interfaces.go b/libpod/common/output_interfaces.go
new file mode 100644
index 000000000..805d0c79a
--- /dev/null
+++ b/libpod/common/output_interfaces.go
@@ -0,0 +1 @@
+package common
diff --git a/libpod/common/signing_options.go b/libpod/common/signing_options.go
new file mode 100644
index 000000000..b7e14be82
--- /dev/null
+++ b/libpod/common/signing_options.go
@@ -0,0 +1,10 @@
+package common
+
+// SigningOptions encapsulates settings that control whether or not we strip or
+// add signatures to images when writing them.
+type SigningOptions struct {
+ // RemoveSignatures directs us to remove any signatures which are already present.
+ RemoveSignatures bool
+ // SignBy is a key identifier of some kind, indicating that a signature should be generated using the specified private key and stored with the image.
+ SignBy string
+}