Initial checkin from CRI-O repo

Signed-off-by: Matthew Heon <matthew.heon@gmail.com>

4 files changed, 144 insertions, 0 deletions

diff --git a/libpod/common/common.go b/libpod/common/common.go
new file mode 100644
index 000000000..775d391da
--- /dev/null
+++ b/libpod/common/common.go
@@ -0,0 +1,99 @@
+package common
+
+import (
+	"io"
+	"strings"
+	"syscall"
+
+	cp "github.com/containers/image/copy"
+	"github.com/containers/image/signature"
+	"github.com/containers/image/types"
+	"github.com/pkg/errors"
+)
+
+var (
+	// ErrNoPassword is returned if the user did not supply a password
+	ErrNoPassword = errors.Wrapf(syscall.EINVAL, "password was not supplied")
+)
+
+// GetCopyOptions constructs a new containers/image/copy.Options{} struct from the given parameters
+func GetCopyOptions(reportWriter io.Writer, signaturePolicyPath string, srcDockerRegistry, destDockerRegistry *DockerRegistryOptions, signing SigningOptions, authFile string) *cp.Options {
+	if srcDockerRegistry == nil {
+		srcDockerRegistry = &DockerRegistryOptions{}
+	}
+	if destDockerRegistry == nil {
+		destDockerRegistry = &DockerRegistryOptions{}
+	}
+	srcContext := srcDockerRegistry.GetSystemContext(signaturePolicyPath, authFile)
+	destContext := destDockerRegistry.GetSystemContext(signaturePolicyPath, authFile)
+	return &cp.Options{
+		RemoveSignatures: signing.RemoveSignatures,
+		SignBy:           signing.SignBy,
+		ReportWriter:     reportWriter,
+		SourceCtx:        srcContext,
+		DestinationCtx:   destContext,
+	}
+}
+
+// GetSystemContext Constructs a new containers/image/types.SystemContext{} struct from the given signaturePolicy path
+func GetSystemContext(signaturePolicyPath, authFilePath string) *types.SystemContext {
+	sc := &types.SystemContext{}
+	if signaturePolicyPath != "" {
+		sc.SignaturePolicyPath = signaturePolicyPath
+	}
+	sc.AuthFilePath = authFilePath
+	return sc
+}
+
+// CopyStringStringMap deep copies a map[string]string and returns the result
+func CopyStringStringMap(m map[string]string) map[string]string {
+	n := map[string]string{}
+	for k, v := range m {
+		n[k] = v
+	}
+	return n
+}
+
+// IsTrue determines whether the given string equals "true"
+func IsTrue(str string) bool {
+	return str == "true"
+}
+
+// IsFalse determines whether the given string equals "false"
+func IsFalse(str string) bool {
+	return str == "false"
+}
+
+// IsValidBool determines whether the given string equals "true" or "false"
+func IsValidBool(str string) bool {
+	return IsTrue(str) || IsFalse(str)
+}
+
+// GetPolicyContext creates a signature policy context for the given signature policy path
+func GetPolicyContext(path string) (*signature.PolicyContext, error) {
+	policy, err := signature.DefaultPolicy(&types.SystemContext{SignaturePolicyPath: path})
+	if err != nil {
+		return nil, err
+	}
+	return signature.NewPolicyContext(policy)
+}
+
+// ParseRegistryCreds takes a credentials string in the form USERNAME:PASSWORD
+// and returns a DockerAuthConfig
+func ParseRegistryCreds(creds string) (*types.DockerAuthConfig, error) {
+	if creds == "" {
+		return nil, errors.New("no credentials supplied")
+	}
+	if !strings.Contains(creds, ":") {
+		return &types.DockerAuthConfig{
+			Username: creds,
+			Password: "",
+		}, ErrNoPassword
+	}
+	v := strings.SplitN(creds, ":", 2)
+	cfg := &types.DockerAuthConfig{
+		Username: v[0],
+		Password: v[1],
+	}
+	return cfg, nil
+}
diff --git a/libpod/common/docker_registry_options.go b/libpod/common/docker_registry_options.go
new file mode 100644
index 000000000..24fa5c03e
--- /dev/null
+++ b/libpod/common/docker_registry_options.go
@@ -0,0 +1,34 @@
+package common
+
+import "github.com/containers/image/types"
+
+// DockerRegistryOptions encapsulates settings that affect how we connect or
+// authenticate to a remote registry.
+type DockerRegistryOptions struct {
+	// DockerRegistryCreds is the user name and password to supply in case
+	// we need to pull an image from a registry, and it requires us to
+	// authenticate.
+	DockerRegistryCreds *types.DockerAuthConfig
+	// DockerCertPath is the location of a directory containing CA
+	// certificates which will be used to verify the registry's certificate
+	// (all files with names ending in ".crt"), and possibly client
+	// certificates and private keys (pairs of files with the same name,
+	// except for ".cert" and ".key" suffixes).
+	DockerCertPath string
+	// DockerInsecureSkipTLSVerify turns off verification of TLS
+	// certificates and allows connecting to registries without encryption.
+	DockerInsecureSkipTLSVerify bool
+}
+
+// GetSystemContext constructs a new system context from the given signaturePolicy path and the
+// values in the DockerRegistryOptions
+func (o DockerRegistryOptions) GetSystemContext(signaturePolicyPath, authFile string) *types.SystemContext {
+	sc := &types.SystemContext{
+		SignaturePolicyPath:         signaturePolicyPath,
+		DockerAuthConfig:            o.DockerRegistryCreds,
+		DockerCertPath:              o.DockerCertPath,
+		DockerInsecureSkipTLSVerify: o.DockerInsecureSkipTLSVerify,
+		AuthFilePath:                authFile,
+	}
+	return sc
+}
diff --git a/libpod/common/output_interfaces.go b/libpod/common/output_interfaces.go
new file mode 100644
index 000000000..805d0c79a
--- /dev/null
+++ b/libpod/common/output_interfaces.go
@@ -0,0 +1 @@
+package common
diff --git a/libpod/common/signing_options.go b/libpod/common/signing_options.go
new file mode 100644
index 000000000..b7e14be82
--- /dev/null
+++ b/libpod/common/signing_options.go
@@ -0,0 +1,10 @@
+package common
+
+// SigningOptions encapsulates settings that control whether or not we strip or
+// add signatures to images when writing them.
+type SigningOptions struct {
+	// RemoveSignatures directs us to remove any signatures which are already present.
+	RemoveSignatures bool
+	// SignBy is a key identifier of some kind, indicating that a signature should be generated using the specified private key and stored with the image.
+	SignBy string
+}