diff options
author | Valentin Rothberg <vrothberg@redhat.com> | 2022-09-30 13:50:08 +0200 |
---|---|---|
committer | Valentin Rothberg <vrothberg@redhat.com> | 2022-09-30 14:10:21 +0200 |
commit | 02b0f9fc393ab7bcbc1d555ac4386899daad59fd (patch) | |
tree | a38708b170e3f3376339eaa4ccb4b68d34103117 /test/system | |
parent | d88acd83a1bdd260fc69e0ff115ff99d55bb7760 (diff) | |
download | podman-02b0f9fc393ab7bcbc1d555ac4386899daad59fd.tar.gz podman-02b0f9fc393ab7bcbc1d555ac4386899daad59fd.tar.bz2 podman-02b0f9fc393ab7bcbc1d555ac4386899daad59fd.zip |
container inspect: include image digest
Include the digest of the image in `podman container inspect`. The image
digest is a key information for auditing as it defines the identify of
an image. This way, it can be determined whether a container used an
image with a given CVE etc.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Diffstat (limited to 'test/system')
-rw-r--r-- | test/system/030-run.bats | 21 |
1 files changed, 19 insertions, 2 deletions
diff --git a/test/system/030-run.bats b/test/system/030-run.bats index 6847880ab..8de1625b5 100644 --- a/test/system/030-run.bats +++ b/test/system/030-run.bats @@ -548,11 +548,23 @@ json-file | f # prior to #8623 `podman run` would error out on untagged images with: # Error: both RootfsImageName and RootfsImageID must be set if either is set: invalid argument run_podman untag $IMAGE - run_podman run --rm $imageID ls + run_podman run --rm $randomname $imageID true run_podman tag $imageID $IMAGE } +@test "podman inspect includes image data" { + randomname=$(random_string 30) + + run_podman inspect $IMAGE --format "{{.ID}} {{.Digest}}" + expected="$IMAGE $output" + + run_podman run --name $randomname $IMAGE true + run_podman container inspect $randomname --format "{{.ImageName}} {{.Image}} {{.ImageDigest}}" + is "$output" "$expected" + run_podman rm -f -t0 $randomname +} + @test "Verify /run/.containerenv exist" { # Nonprivileged container: file exists, but must be empty run_podman run --rm $IMAGE stat -c '%s' /run/.containerenv @@ -620,10 +632,15 @@ json-file | f run_podman image mount $IMAGE romount="$output" + randomname=$(random_string 30) # FIXME FIXME FIXME: Remove :O once (if) #14504 is fixed! - run_podman run --rm --rootfs $romount:O echo "Hello world" + run_podman run --name=$randomname --rootfs $romount:O echo "Hello world" is "$output" "Hello world" + run_podman container inspect $randomname --format "{{.ImageDigest}}" + is "$output" "" "Empty image digest for --rootfs container" + + run_podman rm -f -t0 $randomname run_podman image unmount $IMAGE fi } |