summaryrefslogtreecommitdiff
path: root/test
diff options
context:
space:
mode:
authorValentin Rothberg <vrothberg@redhat.com>2022-09-30 13:50:08 +0200
committerValentin Rothberg <vrothberg@redhat.com>2022-09-30 14:10:21 +0200
commit02b0f9fc393ab7bcbc1d555ac4386899daad59fd (patch)
treea38708b170e3f3376339eaa4ccb4b68d34103117 /test
parentd88acd83a1bdd260fc69e0ff115ff99d55bb7760 (diff)
downloadpodman-02b0f9fc393ab7bcbc1d555ac4386899daad59fd.tar.gz
podman-02b0f9fc393ab7bcbc1d555ac4386899daad59fd.tar.bz2
podman-02b0f9fc393ab7bcbc1d555ac4386899daad59fd.zip
container inspect: include image digest
Include the digest of the image in `podman container inspect`. The image digest is a key information for auditing as it defines the identify of an image. This way, it can be determined whether a container used an image with a given CVE etc. Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Diffstat (limited to 'test')
-rw-r--r--test/system/030-run.bats21
1 files changed, 19 insertions, 2 deletions
diff --git a/test/system/030-run.bats b/test/system/030-run.bats
index 6847880ab..8de1625b5 100644
--- a/test/system/030-run.bats
+++ b/test/system/030-run.bats
@@ -548,11 +548,23 @@ json-file | f
# prior to #8623 `podman run` would error out on untagged images with:
# Error: both RootfsImageName and RootfsImageID must be set if either is set: invalid argument
run_podman untag $IMAGE
- run_podman run --rm $imageID ls
+ run_podman run --rm $randomname $imageID true
run_podman tag $imageID $IMAGE
}
+@test "podman inspect includes image data" {
+ randomname=$(random_string 30)
+
+ run_podman inspect $IMAGE --format "{{.ID}} {{.Digest}}"
+ expected="$IMAGE $output"
+
+ run_podman run --name $randomname $IMAGE true
+ run_podman container inspect $randomname --format "{{.ImageName}} {{.Image}} {{.ImageDigest}}"
+ is "$output" "$expected"
+ run_podman rm -f -t0 $randomname
+}
+
@test "Verify /run/.containerenv exist" {
# Nonprivileged container: file exists, but must be empty
run_podman run --rm $IMAGE stat -c '%s' /run/.containerenv
@@ -620,10 +632,15 @@ json-file | f
run_podman image mount $IMAGE
romount="$output"
+ randomname=$(random_string 30)
# FIXME FIXME FIXME: Remove :O once (if) #14504 is fixed!
- run_podman run --rm --rootfs $romount:O echo "Hello world"
+ run_podman run --name=$randomname --rootfs $romount:O echo "Hello world"
is "$output" "Hello world"
+ run_podman container inspect $randomname --format "{{.ImageDigest}}"
+ is "$output" "" "Empty image digest for --rootfs container"
+
+ run_podman rm -f -t0 $randomname
run_podman image unmount $IMAGE
fi
}