diff options
author | Daniel J Walsh <dwalsh@redhat.com> | 2020-12-04 20:56:49 -0500 |
---|---|---|
committer | Daniel J Walsh <dwalsh@redhat.com> | 2020-12-22 10:41:39 -0500 |
commit | e577ddf3bdf8bb594d1b3287053d6aa61aeae784 (patch) | |
tree | 3e0141ac965bb9b97fd3be2c764ff93054b27ec9 /libpod | |
parent | cfdb8fb29b34010206ea26f38e130d3e24403abf (diff) | |
download | podman-e577ddf3bdf8bb594d1b3287053d6aa61aeae784.tar.gz podman-e577ddf3bdf8bb594d1b3287053d6aa61aeae784.tar.bz2 podman-e577ddf3bdf8bb594d1b3287053d6aa61aeae784.zip |
Prefer read/write images over read/only images
With additional stores there is a risk that you could have
multiple images with the same name. IE An older image in a
read/only store versus a newer version in the read/write store.
This patch will ignore multiple images with the same name iff
one is read/write and all of the others are read/only.
Fixes: https://github.com/containers/podman/issues/8176
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Diffstat (limited to 'libpod')
-rw-r--r-- | libpod/image/utils.go | 57 |
1 files changed, 45 insertions, 12 deletions
diff --git a/libpod/image/utils.go b/libpod/image/utils.go index 7429a7f10..727c73a71 100644 --- a/libpod/image/utils.go +++ b/libpod/image/utils.go @@ -20,7 +20,11 @@ import ( // a match on name:tag func findImageInRepotags(search imageParts, images []*Image) (*storage.Image, error) { _, searchName, searchSuspiciousTagValueForSearch := search.suspiciousRefNameTagValuesForSearch() - var results []*storage.Image + type Candidate struct { + name string + image *Image + } + var candidates []Candidate for _, image := range images { for _, name := range image.Names() { d, err := decompose(name) @@ -29,23 +33,52 @@ func findImageInRepotags(search imageParts, images []*Image) (*storage.Image, er continue } _, dName, dSuspiciousTagValueForSearch := d.suspiciousRefNameTagValuesForSearch() - if dName == searchName && dSuspiciousTagValueForSearch == searchSuspiciousTagValueForSearch { - results = append(results, image.image) + if dSuspiciousTagValueForSearch != searchSuspiciousTagValueForSearch { continue } - // account for registry:/somedir/image - if strings.HasSuffix(dName, "/"+searchName) && dSuspiciousTagValueForSearch == searchSuspiciousTagValueForSearch { - results = append(results, image.image) - continue + if dName == searchName || strings.HasSuffix(dName, "/"+searchName) { + candidates = append(candidates, Candidate{ + name: name, + image: image, + }) } } } - if len(results) == 0 { - return &storage.Image{}, errors.Errorf("unable to find a name and tag match for %s in repotags", searchName) - } else if len(results) > 1 { - return &storage.Image{}, errors.Wrapf(define.ErrMultipleImages, searchName) + if len(candidates) == 0 { + return nil, errors.Errorf("unable to find a name and tag match for %s in repotags", searchName) + } + + // If more then one candidate and the candidates all have same name + // and only one is read/write return it. + // Othewise return error with the list of candidates + if len(candidates) > 1 { + var ( + rwImage *Image + rwImageCnt int + ) + names := make(map[string]bool) + for _, c := range candidates { + names[c.name] = true + if !c.image.IsReadOnly() { + rwImageCnt++ + rwImage = c.image + } + } + // If only one name used and have read/write image return it + if len(names) == 1 && rwImageCnt == 1 { + return rwImage.image, nil + } + keys := []string{} + for k := range names { + keys = append(keys, k) + } + if rwImageCnt > 1 { + return nil, errors.Wrapf(define.ErrMultipleImages, "found multiple read/write images %s", strings.Join(keys, ",")) + } else { + return nil, errors.Wrapf(define.ErrMultipleImages, "found multiple read/only images %s", strings.Join(keys, ",")) + } } - return results[0], nil + return candidates[0].image.image, nil } // getCopyOptions constructs a new containers/image/copy.Options{} struct from the given parameters, inheriting some from sc. |