diff options
26 files changed, 359 insertions, 52 deletions
diff --git a/cmd/podman/common/volumes.go b/cmd/podman/common/volumes.go index 2a82451e4..71f897264 100644 --- a/cmd/podman/common/volumes.go +++ b/cmd/podman/common/volumes.go @@ -238,7 +238,7 @@ func getBindMount(args []string) (spec.Mount, error) { var setSource, setDest, setRORW, setSuid, setDev, setExec, setRelabel bool for _, val := range args { - kv := strings.Split(val, "=") + kv := strings.SplitN(val, "=", 2) switch kv[0] { case "bind-nonrecursive": newMount.Options = append(newMount.Options, "bind") @@ -366,7 +366,7 @@ func getTmpfsMount(args []string) (spec.Mount, error) { var setDest, setRORW, setSuid, setDev, setExec, setTmpcopyup bool for _, val := range args { - kv := strings.Split(val, "=") + kv := strings.SplitN(val, "=", 2) switch kv[0] { case "tmpcopyup", "notmpcopyup": if setTmpcopyup { @@ -441,7 +441,7 @@ func getDevptsMount(args []string) (spec.Mount, error) { var setDest bool for _, val := range args { - kv := strings.Split(val, "=") + kv := strings.SplitN(val, "=", 2) switch kv[0] { case "target", "dst", "destination": if len(kv) == 1 { @@ -473,7 +473,7 @@ func getNamedVolume(args []string) (*specgen.NamedVolume, error) { var setSource, setDest, setRORW, setSuid, setDev, setExec bool for _, val := range args { - kv := strings.Split(val, "=") + kv := strings.SplitN(val, "=", 2) switch kv[0] { case "ro", "rw": if setRORW { diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go index ffb2f5b73..2efe0d086 100644 --- a/libpod/container_internal_linux.go +++ b/libpod/container_internal_linux.go @@ -1550,9 +1550,13 @@ func (c *Container) getHosts() string { hosts += fmt.Sprintf("# used by slirp4netns\n%s\t%s %s\n", "10.0.2.100", c.Hostname(), c.config.Name) } else { hasNetNS := false + netNone := false for _, ns := range c.config.Spec.Linux.Namespaces { if ns.Type == spec.NetworkNamespace { hasNetNS = true + if ns.Path == "" && !c.config.CreateNetNS { + netNone = true + } break } } @@ -1564,6 +1568,9 @@ func (c *Container) getHosts() string { } hosts += fmt.Sprintf("127.0.1.1 %s\n", osHostname) } + if netNone { + hosts += fmt.Sprintf("127.0.1.1 %s\n", c.Hostname()) + } } } return hosts diff --git a/libpod/events/filters.go b/libpod/events/filters.go index c50474007..171e2237f 100644 --- a/libpod/events/filters.go +++ b/libpod/events/filters.go @@ -73,8 +73,8 @@ func generateEventUntilOption(timeUntil time.Time) func(e *Event) bool { } func parseFilter(filter string) (string, string, error) { - filterSplit := strings.Split(filter, "=") - if len(filterSplit) != 2 { + filterSplit := strings.SplitN(filter, "=", 2) + if len(filterSplit) == 1 { return "", "", errors.Errorf("%s is an invalid filter", filter) } return filterSplit[0], filterSplit[1], nil diff --git a/libpod/image/filters.go b/libpod/image/filters.go index db647954f..4aff0a7b5 100644 --- a/libpod/image/filters.go +++ b/libpod/image/filters.go @@ -82,7 +82,7 @@ func LabelFilter(ctx context.Context, labelfilter string) ResultFilter { // We need to handle both label=key and label=key=value return func(i *Image) bool { var value string - splitFilter := strings.Split(labelfilter, "=") + splitFilter := strings.SplitN(labelfilter, "=", 2) key := splitFilter[0] if len(splitFilter) > 1 { value = splitFilter[1] @@ -157,7 +157,7 @@ func (ir *Runtime) createFilterFuncs(filters []string, img *Image) ([]ResultFilt var filterFuncs []ResultFilter ctx := context.Background() for _, filter := range filters { - splitFilter := strings.Split(filter, "=") + splitFilter := strings.SplitN(filter, "=", 2) if len(splitFilter) < 2 { return nil, errors.Errorf("invalid filter syntax %s", filter) } diff --git a/libpod/image/image.go b/libpod/image/image.go index 0900944eb..301954703 100644 --- a/libpod/image/image.go +++ b/libpod/image/image.go @@ -177,7 +177,7 @@ func (ir *Runtime) New(ctx context.Context, name, signaturePolicyPath, authfile // SaveImages stores one more images in a multi-image archive. // Note that only `docker-archive` supports storing multiple // image. -func (ir *Runtime) SaveImages(ctx context.Context, namesOrIDs []string, format string, outputFile string, quiet bool) (finalErr error) { +func (ir *Runtime) SaveImages(ctx context.Context, namesOrIDs []string, format string, outputFile string, quiet, removeSignatures bool) (finalErr error) { if format != DockerArchive { return errors.Errorf("multi-image archives are only supported in in the %q format", DockerArchive) } @@ -264,7 +264,7 @@ func (ir *Runtime) SaveImages(ctx context.Context, namesOrIDs []string, format s } img := imageMap[id] - copyOptions := getCopyOptions(sys, writer, nil, nil, SigningOptions{}, "", img.tags) + copyOptions := getCopyOptions(sys, writer, nil, nil, SigningOptions{RemoveSignatures: removeSignatures}, "", img.tags) copyOptions.DestinationCtx.SystemRegistriesConfPath = registries.SystemRegistriesConfPath() // For copying, we need a source reference that we can create @@ -469,7 +469,7 @@ func (ir *Runtime) getLocalImage(inputName string) (string, *storage.Image, erro if err != nil { return "", nil, err } - img, err := ir.store.Image(ref.String()) + img, err := ir.store.Image(reference.TagNameOnly(ref).String()) if err == nil { return ref.String(), img, nil } @@ -1584,7 +1584,7 @@ func (i *Image) Comment(ctx context.Context, manifestType string) (string, error } // Save writes a container image to the filesystem -func (i *Image) Save(ctx context.Context, source, format, output string, moreTags []string, quiet, compress bool) error { +func (i *Image) Save(ctx context.Context, source, format, output string, moreTags []string, quiet, compress, removeSignatures bool) error { var ( writer io.Writer destRef types.ImageReference @@ -1636,7 +1636,7 @@ func (i *Image) Save(ctx context.Context, source, format, output string, moreTag return err } } - if err := i.PushImageToReference(ctx, destRef, manifestType, "", "", "", writer, compress, SigningOptions{}, &DockerRegistryOptions{}, additionaltags); err != nil { + if err := i.PushImageToReference(ctx, destRef, manifestType, "", "", "", writer, compress, SigningOptions{RemoveSignatures: removeSignatures}, &DockerRegistryOptions{}, additionaltags); err != nil { return errors.Wrapf(err, "unable to save %q", source) } i.newImageEvent(events.Save) diff --git a/libpod/image/search.go b/libpod/image/search.go index 5f5845989..b9acf4a20 100644 --- a/libpod/image/search.go +++ b/libpod/image/search.go @@ -263,7 +263,7 @@ func searchRepositoryTags(registry, term string, sc *types.SystemContext, option func ParseSearchFilter(filter []string) (*SearchFilter, error) { sFilter := new(SearchFilter) for _, f := range filter { - arr := strings.Split(f, "=") + arr := strings.SplitN(f, "=", 2) switch arr[0] { case "stars": if len(arr) < 2 { diff --git a/libpod/networking_linux.go b/libpod/networking_linux.go index df0ff6c32..9ff6e40b7 100644 --- a/libpod/networking_linux.go +++ b/libpod/networking_linux.go @@ -254,9 +254,11 @@ func (r *Runtime) setupSlirp4netns(ctr *Container) error { if ctr.config.NetworkOptions != nil { slirpOptions := ctr.config.NetworkOptions["slirp4netns"] for _, o := range slirpOptions { - parts := strings.Split(o, "=") + parts := strings.SplitN(o, "=", 2) + if len(parts) < 2 { + return errors.Errorf("unknown option for slirp4netns: %q", o) + } option, value := parts[0], parts[1] - switch option { case "cidr": ipv4, _, err := net.ParseCIDR(value) diff --git a/pkg/api/handlers/compat/containers.go b/pkg/api/handlers/compat/containers.go index cae8f88fd..00be8e845 100644 --- a/pkg/api/handlers/compat/containers.go +++ b/pkg/api/handlers/compat/containers.go @@ -410,25 +410,14 @@ func LibpodToContainerJSON(l *libpod.Container, sz bool) (*types.ContainerJSON, return nil, err } - networkSettingsDefault := types.DefaultNetworkSettings{ - EndpointID: "", - Gateway: "", - GlobalIPv6Address: "", - GlobalIPv6PrefixLen: 0, - IPAddress: "", - IPPrefixLen: 0, - IPv6Gateway: "", - MacAddress: l.Config().StaticMAC.String(), - } - - networkSettingsBase := types.NetworkSettingsBase{ - Ports: ports, + n, err := json.Marshal(inspect.NetworkSettings) + if err != nil { + return nil, err } - networkSettings := types.NetworkSettings{ - NetworkSettingsBase: networkSettingsBase, - DefaultNetworkSettings: networkSettingsDefault, - Networks: nil, + networkSettings := types.NetworkSettings{} + if err := json.Unmarshal(n, &networkSettings); err != nil { + return nil, err } c := types.ContainerJSON{ diff --git a/pkg/api/handlers/compat/images.go b/pkg/api/handlers/compat/images.go index 3431823bd..d177b2335 100644 --- a/pkg/api/handlers/compat/images.go +++ b/pkg/api/handlers/compat/images.go @@ -60,7 +60,7 @@ func ExportImage(w http.ResponseWriter, r *http.Request) { utils.Error(w, "Something went wrong.", http.StatusInternalServerError, errors.Wrap(err, "unable to close tempfile")) return } - if err := newImage.Save(r.Context(), name, "docker-archive", tmpfile.Name(), []string{}, false, false); err != nil { + if err := newImage.Save(r.Context(), name, "docker-archive", tmpfile.Name(), []string{}, false, false, true); err != nil { utils.Error(w, "Something went wrong.", http.StatusInternalServerError, errors.Wrap(err, "failed to save image")) return } @@ -429,7 +429,7 @@ func ExportImages(w http.ResponseWriter, r *http.Request) { utils.Error(w, "Something went wrong.", http.StatusInternalServerError, errors.Wrap(err, "unable to close tempfile")) return } - if err := runtime.ImageRuntime().SaveImages(r.Context(), images, "docker-archive", tmpfile.Name(), false); err != nil { + if err := runtime.ImageRuntime().SaveImages(r.Context(), images, "docker-archive", tmpfile.Name(), false, true); err != nil { utils.InternalServerError(w, err) return } diff --git a/pkg/api/handlers/compat/networks.go b/pkg/api/handlers/compat/networks.go index a46784a6c..8011c0a04 100644 --- a/pkg/api/handlers/compat/networks.go +++ b/pkg/api/handlers/compat/networks.go @@ -20,6 +20,7 @@ import ( dockerNetwork "github.com/docker/docker/api/types/network" "github.com/gorilla/schema" "github.com/pkg/errors" + "github.com/sirupsen/logrus" ) func InspectNetwork(w http.ResponseWriter, r *http.Request) { @@ -231,6 +232,9 @@ func CreateNetwork(w http.ResponseWriter, r *http.Request) { if len(networkCreate.Name) > 0 { name = networkCreate.Name } + if len(networkCreate.Driver) < 1 { + networkCreate.Driver = network.DefaultNetworkDriver + } // At present I think we should just support the bridge driver // and allow demand to make us consider more if networkCreate.Driver != network.DefaultNetworkDriver { @@ -312,3 +316,81 @@ func RemoveNetwork(w http.ResponseWriter, r *http.Request) { } utils.WriteResponse(w, http.StatusNoContent, "") } + +// Connect adds a container to a network +// TODO: For now this func is a no-op that checks the container name, network name, and +// responds with a 200. This allows the call to remain intact. We need to decide how +// we make this work with CNI networking and setup/teardown. +func Connect(w http.ResponseWriter, r *http.Request) { + runtime := r.Context().Value("runtime").(*libpod.Runtime) + + var netConnect types.NetworkConnect + if err := json.NewDecoder(r.Body).Decode(&netConnect); err != nil { + utils.Error(w, "Something went wrong.", http.StatusInternalServerError, errors.Wrap(err, "Decode()")) + return + } + config, err := runtime.GetConfig() + if err != nil { + utils.InternalServerError(w, err) + return + } + name := utils.GetName(r) + exists, err := network.Exists(config, name) + if err != nil { + utils.InternalServerError(w, err) + return + } + if !exists { + utils.Error(w, "network not found", http.StatusNotFound, define.ErrNoSuchNetwork) + return + } + if _, err = runtime.LookupContainer(netConnect.Container); err != nil { + if errors.Cause(err) == define.ErrNoSuchCtr { + utils.ContainerNotFound(w, netConnect.Container, err) + return + } + utils.Error(w, "unable to lookup container", http.StatusInternalServerError, err) + return + } + logrus.Warnf("network connect endpoint is not fully implemented - tried to connect container %s to network %s", netConnect.Container, name) + utils.WriteResponse(w, http.StatusOK, "OK") +} + +// Disconnect removes a container from a network +// TODO: For now this func is a no-op that checks the container name, network name, and +// responds with a 200. This allows the call to remain intact. We need to decide how +// we make this work with CNI networking and setup/teardown. +func Disconnect(w http.ResponseWriter, r *http.Request) { + runtime := r.Context().Value("runtime").(*libpod.Runtime) + + var netDisconnect types.NetworkDisconnect + if err := json.NewDecoder(r.Body).Decode(&netDisconnect); err != nil { + utils.Error(w, "Something went wrong.", http.StatusInternalServerError, errors.Wrap(err, "Decode()")) + return + } + config, err := runtime.GetConfig() + if err != nil { + utils.InternalServerError(w, err) + return + } + name := utils.GetName(r) + exists, err := network.Exists(config, name) + if err != nil { + utils.InternalServerError(w, err) + return + } + if !exists { + utils.Error(w, "network not found", http.StatusNotFound, define.ErrNoSuchNetwork) + return + } + if _, err = runtime.LookupContainer(netDisconnect.Container); err != nil { + if errors.Cause(err) == define.ErrNoSuchCtr { + utils.ContainerNotFound(w, netDisconnect.Container, err) + return + } + utils.Error(w, "unable to lookup container", http.StatusInternalServerError, err) + return + } + logrus.Warnf("network disconnect endpoint is not fully implemented - tried to connect container %s to network %s", netDisconnect.Container, name) + utils.WriteResponse(w, http.StatusOK, "OK") +} diff --git a/pkg/api/handlers/compat/swagger.go b/pkg/api/handlers/compat/swagger.go index 371d02388..0a514822b 100644 --- a/pkg/api/handlers/compat/swagger.go +++ b/pkg/api/handlers/compat/swagger.go @@ -63,3 +63,17 @@ type swagCompatNetworkCreateResponse struct { // in:body Body struct{ types.NetworkCreate } } + +// Network disconnect +// swagger:model NetworkConnectRequest +type swagCompatNetworkConnectRequest struct { + // in:body + Body struct{ types.NetworkConnect } +} + +// Network disconnect +// swagger:model NetworkDisconnectRequest +type swagCompatNetworkDisconnectRequest struct { + // in:body + Body struct{ types.NetworkDisconnect } +} diff --git a/pkg/api/handlers/libpod/images.go b/pkg/api/handlers/libpod/images.go index 3fb5d23c8..598a46abe 100644 --- a/pkg/api/handlers/libpod/images.go +++ b/pkg/api/handlers/libpod/images.go @@ -206,7 +206,7 @@ func ExportImage(w http.ResponseWriter, r *http.Request) { utils.Error(w, "unknown format", http.StatusInternalServerError, errors.Errorf("unknown format %q", query.Format)) return } - if err := newImage.Save(r.Context(), name, query.Format, output, []string{}, false, query.Compress); err != nil { + if err := newImage.Save(r.Context(), name, query.Format, output, []string{}, false, query.Compress, true); err != nil { utils.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest, err) return } @@ -284,6 +284,7 @@ func ExportImages(w http.ResponseWriter, r *http.Request) { Format: query.Format, MultiImageArchive: true, Output: output, + RemoveSignatures: true, } imageEngine := abi.ImageEngine{Libpod: runtime} diff --git a/pkg/api/server/register_networks.go b/pkg/api/server/register_networks.go index 61916eedf..6222006e5 100644 --- a/pkg/api/server/register_networks.go +++ b/pkg/api/server/register_networks.go @@ -98,6 +98,63 @@ func (s *APIServer) registerNetworkHandlers(r *mux.Router) error { // $ref: "#/responses/InternalError" r.HandleFunc(VersionedPath("/networks/create"), s.APIHandler(compat.CreateNetwork)).Methods(http.MethodPost) r.HandleFunc("/networks/create", s.APIHandler(compat.CreateNetwork)).Methods(http.MethodPost) + // swagger:operation POST /networks/{name}/connect compat compatConnectNetwork + // --- + // tags: + // - networks (compat) + // summary: Connect container to network + // description: Connect a container to a network. This endpoint is current a no-op + // produces: + // - application/json + // parameters: + // - in: path + // name: name + // type: string + // required: true + // description: the name of the network + // - in: body + // name: create + // description: attributes for connecting a container to a network + // schema: + // $ref: "#/definitions/NetworkConnectRequest" + // responses: + // 200: + // description: OK + // 400: + // $ref: "#/responses/BadParamError" + // 500: + // $ref: "#/responses/InternalError" + r.HandleFunc(VersionedPath("/networks/{name}/connect"), s.APIHandler(compat.Connect)).Methods(http.MethodPost) + r.HandleFunc("/networks/{name}/connect", s.APIHandler(compat.Connect)).Methods(http.MethodPost) + // swagger:operation POST /networks/{name}/disconnect compat compatDisconnectNetwork + // --- + // tags: + // - networks (compat) + // summary: Disconnect container from network + // description: Disconnect a container from a network. This endpoint is current a no-op + // produces: + // - application/json + // parameters: + // - in: path + // name: name + // type: string + // required: true + // description: the name of the network + // - in: body + // name: create + // description: attributes for disconnecting a container from a network + // schema: + // $ref: "#/definitions/NetworkDisconnectRequest" + // responses: + // 200: + // description: OK + // 400: + // $ref: "#/responses/BadParamError" + // 500: + // $ref: "#/responses/InternalError" + r.HandleFunc(VersionedPath("/networks/{name}/disconnect"), s.APIHandler(compat.Disconnect)).Methods(http.MethodPost) + r.HandleFunc("/networks/{name}/disconnect", s.APIHandler(compat.Disconnect)).Methods(http.MethodPost) + // swagger:operation DELETE /libpod/networks/{name} libpod libpodRemoveNetwork // --- // tags: diff --git a/pkg/domain/entities/images.go b/pkg/domain/entities/images.go index 982fa0cc0..101542a98 100644 --- a/pkg/domain/entities/images.go +++ b/pkg/domain/entities/images.go @@ -300,6 +300,8 @@ type ImageSaveOptions struct { MultiImageArchive bool // Output - write image to the specified path. Output string + // Do not save the signature from the source image + RemoveSignatures bool // Quiet - suppress output when copying images Quiet bool } diff --git a/pkg/domain/infra/abi/images.go b/pkg/domain/infra/abi/images.go index f9d733c63..25335cf11 100644 --- a/pkg/domain/infra/abi/images.go +++ b/pkg/domain/infra/abi/images.go @@ -482,13 +482,13 @@ func (ir *ImageEngine) Import(ctx context.Context, opts entities.ImageImportOpti func (ir *ImageEngine) Save(ctx context.Context, nameOrID string, tags []string, options entities.ImageSaveOptions) error { if options.MultiImageArchive { nameOrIDs := append([]string{nameOrID}, tags...) - return ir.Libpod.ImageRuntime().SaveImages(ctx, nameOrIDs, options.Format, options.Output, options.Quiet) + return ir.Libpod.ImageRuntime().SaveImages(ctx, nameOrIDs, options.Format, options.Output, options.Quiet, true) } newImage, err := ir.Libpod.ImageRuntime().NewFromLocal(nameOrID) if err != nil { return err } - return newImage.Save(ctx, nameOrID, options.Format, options.Output, tags, options.Quiet, options.Compress) + return newImage.Save(ctx, nameOrID, options.Format, options.Output, tags, options.Quiet, options.Compress, true) } func (ir *ImageEngine) Diff(_ context.Context, nameOrID string, _ entities.DiffOptions) (*entities.DiffReport, error) { diff --git a/pkg/spec/security.go b/pkg/spec/security.go index e152e3495..5f7db7edb 100644 --- a/pkg/spec/security.go +++ b/pkg/spec/security.go @@ -178,7 +178,7 @@ func (c *SecurityConfig) ConfigureGenerator(g *generate.Generator, user *UserCon for _, opt := range c.SecurityOpts { // Split on both : and = - splitOpt := strings.Split(opt, "=") + splitOpt := strings.SplitN(opt, "=", 2) if len(splitOpt) == 1 { splitOpt = strings.Split(opt, ":") } diff --git a/pkg/spec/storage.go b/pkg/spec/storage.go index 5e2f04e50..ebf5ec196 100644 --- a/pkg/spec/storage.go +++ b/pkg/spec/storage.go @@ -394,7 +394,7 @@ func getBindMount(args []string) (spec.Mount, error) { var setSource, setDest, setRORW, setSuid, setDev, setExec, setRelabel bool for _, val := range args { - kv := strings.Split(val, "=") + kv := strings.SplitN(val, "=", 2) switch kv[0] { case "bind-nonrecursive": newMount.Options = append(newMount.Options, "bind") @@ -517,7 +517,7 @@ func getTmpfsMount(args []string) (spec.Mount, error) { var setDest, setRORW, setSuid, setDev, setExec, setTmpcopyup bool for _, val := range args { - kv := strings.Split(val, "=") + kv := strings.SplitN(val, "=", 2) switch kv[0] { case "tmpcopyup", "notmpcopyup": if setTmpcopyup { @@ -591,7 +591,7 @@ func getNamedVolume(args []string) (*libpod.ContainerNamedVolume, error) { var setSource, setDest, setRORW, setSuid, setDev, setExec bool for _, val := range args { - kv := strings.Split(val, "=") + kv := strings.SplitN(val, "=", 2) switch kv[0] { case "ro", "rw": if setRORW { diff --git a/pkg/specgen/generate/container_create.go b/pkg/specgen/generate/container_create.go index 105e36bc6..f051537de 100644 --- a/pkg/specgen/generate/container_create.go +++ b/pkg/specgen/generate/container_create.go @@ -4,6 +4,7 @@ import ( "context" "os" "path/filepath" + "strings" "github.com/containers/common/pkg/config" "github.com/containers/podman/v2/libpod" @@ -91,11 +92,19 @@ func MakeContainer(ctx context.Context, rt *libpod.Runtime, s *specgen.SpecGener if err != nil { return nil, err } - imgName := s.Image - names := newImage.Names() - if len(names) > 0 { - imgName = names[0] + // If the input name changed, we could properly resolve the + // image. Otherwise, it must have been an ID where we're + // defaulting to the first name or an empty one if no names are + // present. + imgName := newImage.InputName + if s.Image == newImage.InputName && strings.HasPrefix(newImage.ID(), s.Image) { + imgName = "" + names := newImage.Names() + if len(names) > 0 { + imgName = names[0] + } } + options = append(options, libpod.WithRootFSFromImage(newImage.ID(), imgName, s.RawImageName)) } if err := s.Validate(); err != nil { diff --git a/pkg/util/utils.go b/pkg/util/utils.go index c3a70e2fb..91aba9fa7 100644 --- a/pkg/util/utils.go +++ b/pkg/util/utils.go @@ -474,8 +474,8 @@ func getTomlStorage(storeOptions *storage.StoreOptions) *tomlConfig { config.Storage.RunRoot = storeOptions.RunRoot config.Storage.GraphRoot = storeOptions.GraphRoot for _, i := range storeOptions.GraphDriverOptions { - s := strings.Split(i, "=") - if s[0] == "overlay.mount_program" { + s := strings.SplitN(i, "=", 2) + if s[0] == "overlay.mount_program" && len(s) == 2 { config.Storage.Options.MountProgram = s[1] } } diff --git a/pkg/varlinkapi/images.go b/pkg/varlinkapi/images.go index ef310d590..af6c43fec 100644 --- a/pkg/varlinkapi/images.go +++ b/pkg/varlinkapi/images.go @@ -843,7 +843,7 @@ func (i *VarlinkAPI) ImageSave(call iopodman.VarlinkCall, options iopodman.Image saveOutput := bytes.NewBuffer([]byte{}) c := make(chan error) go func() { - err := newImage.Save(getContext(), options.Name, options.Format, output, options.MoreTags, options.Quiet, options.Compress) + err := newImage.Save(getContext(), options.Name, options.Format, output, options.MoreTags, options.Quiet, options.Compress, true) c <- err close(c) }() diff --git a/test/e2e/run_networking_test.go b/test/e2e/run_networking_test.go index bd04e3090..9f6fd8602 100644 --- a/test/e2e/run_networking_test.go +++ b/test/e2e/run_networking_test.go @@ -584,6 +584,14 @@ var _ = Describe("Podman run networking", func() { run := podmanTest.Podman([]string{"run", "--net=host", "--hostname", hostname, ALPINE, "hostname"}) run.WaitWithDefaultTimeout() Expect(run.ExitCode()).To(BeZero()) - Expect(strings.Contains(run.OutputToString(), "testctr")).To(BeTrue()) + Expect(strings.Contains(run.OutputToString(), hostname)).To(BeTrue()) + }) + + It("podman run with --net=none adds hostname to /etc/hosts", func() { + hostname := "testctr" + run := podmanTest.Podman([]string{"run", "--net=none", "--hostname", hostname, ALPINE, "hostname"}) + run.WaitWithDefaultTimeout() + Expect(run.ExitCode()).To(BeZero()) + Expect(strings.Contains(run.OutputToString(), hostname)).To(BeTrue()) }) }) diff --git a/test/e2e/run_security_labels.go b/test/e2e/run_security_labels.go index 2a0b0467d..0c5621e3f 100644 --- a/test/e2e/run_security_labels.go +++ b/test/e2e/run_security_labels.go @@ -94,7 +94,7 @@ var _ = Describe("Podman generate kube", func() { test1.WaitWithDefaultTimeout() Expect(test1.ExitCode()).To(BeZero()) - commit := podmanTest.Podman([]string{"commit", "-c", "label=io.containers.capabilities=sys_chroot,net_raw", "test1", "image1"}) + commit := podmanTest.Podman([]string{"commit", "-c", "label=io.containers.capabilities=sys_chroot,setuid", "test1", "image1"}) commit.WaitWithDefaultTimeout() Expect(commit.ExitCode()).To(BeZero()) @@ -108,7 +108,7 @@ var _ = Describe("Podman generate kube", func() { ctr := inspect.InspectContainerToJSON() caps := strings.Join(ctr[0].EffectiveCaps, ",") - Expect(caps).To(Equal("CAP_SYS_CHROOT,CAP_NET_RAW")) + Expect(caps).To(Equal("CAP_SYS_CHROOT,CAP_SETUID")) }) diff --git a/test/e2e/save_test.go b/test/e2e/save_test.go index 1f1258be3..79fc4d737 100644 --- a/test/e2e/save_test.go +++ b/test/e2e/save_test.go @@ -1,8 +1,12 @@ package integration import ( + "io/ioutil" "os" + "os/exec" "path/filepath" + "strconv" + "strings" "github.com/containers/podman/v2/pkg/rootless" . "github.com/containers/podman/v2/test/utils" @@ -116,6 +120,71 @@ var _ = Describe("Podman save", func() { Expect(save).To(ExitWithError()) }) + It("podman save remove signature", func() { + SkipIfRootless("FIXME: Need get in rootless push sign") + if podmanTest.Host.Arch == "ppc64le" { + Skip("No registry image for ppc64le") + } + tempGNUPGHOME := filepath.Join(podmanTest.TempDir, "tmpGPG") + err := os.Mkdir(tempGNUPGHOME, os.ModePerm) + Expect(err).To(BeNil()) + origGNUPGHOME := os.Getenv("GNUPGHOME") + err = os.Setenv("GNUPGHOME", tempGNUPGHOME) + Expect(err).To(BeNil()) + defer os.Setenv("GNUPGHOME", origGNUPGHOME) + + port := 5000 + session := podmanTest.Podman([]string{"run", "-d", "--name", "registry", "-p", strings.Join([]string{strconv.Itoa(port), strconv.Itoa(port)}, ":"), "docker.io/registry:2.6"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + if !WaitContainerReady(podmanTest, "registry", "listening on", 20, 1) { + Skip("Cannot start docker registry.") + } + + cmd := exec.Command("gpg", "--import", "sign/secret-key.asc") + err = cmd.Run() + Expect(err).To(BeNil()) + + cmd = exec.Command("cp", "/etc/containers/registries.d/default.yaml", "default.yaml") + if err = cmd.Run(); err != nil { + Skip("no signature store to verify") + } + defer func() { + cmd = exec.Command("cp", "default.yaml", "/etc/containers/registries.d/default.yaml") + cmd.Run() + }() + + cmd = exec.Command("cp", "sign/key.gpg", "/tmp/key.gpg") + Expect(cmd.Run()).To(BeNil()) + sigstore := ` +default-docker: + sigstore: file:///var/lib/containers/sigstore + sigstore-staging: file:///var/lib/containers/sigstore +` + Expect(ioutil.WriteFile("/etc/containers/registries.d/default.yaml", []byte(sigstore), 0755)).To(BeNil()) + + session = podmanTest.Podman([]string{"tag", ALPINE, "localhost:5000/alpine"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + session = podmanTest.Podman([]string{"push", "--tls-verify=false", "--sign-by", "foo@bar.com", "localhost:5000/alpine"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + session = podmanTest.Podman([]string{"rmi", ALPINE, "localhost:5000/alpine"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + session = podmanTest.Podman([]string{"pull", "--tls-verify=false", "--signature-policy=sign/policy.json", "localhost:5000/alpine"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + outfile := filepath.Join(podmanTest.TempDir, "temp.tar") + save := podmanTest.Podman([]string{"save", "remove-signatures=true", "-o", outfile, "localhost:5000/alpine"}) + save.WaitWithDefaultTimeout() + Expect(save).To(ExitWithError()) + }) + It("podman save image with digest reference", func() { // pull a digest reference session := podmanTest.PodmanNoCache([]string{"pull", ALPINELISTDIGEST}) diff --git a/test/e2e/sign/key.gpg b/test/e2e/sign/key.gpg new file mode 100644 index 000000000..32968fc04 --- /dev/null +++ b/test/e2e/sign/key.gpg @@ -0,0 +1,30 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQENBF8kNqwBCAC0x3Kog+WlDNwcR6rWIP8Gj2T6LrQ2/3knSyAWzTgC/OBB6Oh0 +KAokXLjy8J3diG3EaSltE7erGG/bZCz8jYvMiwDJScON4zzidotqjoY80E+NeRDg +CC0gqvqmh0ftJIjYNBHzSxqrGRQwzwZU+u6ezlE8+0dvsHcHY+MRnxXJQrdM07EP +Prp85kKckChDlJ1tyGUB/YHieFQmOW5+TERA7ZqQOAQ12Vviv6V4kNfEJJq3MS2c +csZpO323tcHt3oebqsZCIElhX7uVw6GAeCw1tm4NZXs4g1yIC21Of/hzPeC18F72 +splCgKaAOiE9w/nMGLNEYy2NzgEclZLs2Y7jABEBAAG0FGZvb2JhciA8Zm9vQGJh +ci5jb20+iQFUBBMBCAA+FiEERyT4ac7LLibByeabqaoHAy6P2bIFAl8kNqwCGwMF +CQPCZwAFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQqaoHAy6P2bKtuggAgv54 +/F8wgi+uMrtFr8rqNtZMDyXRxfXaXUy5uGNfqHD83yqxweEqxiA8lmFkRHixPWtg +Z2MniFXMVc9kVmg8GNIIuzewXrPqtXztvuURQo9phK68v8fXEqqT6K25wtq8TiQZ +0J3mQIJPPTMe3pCCOyR6+W3iMtQp2AmitxKbzLP3J3GG2i0rG5S147A2rPnzTeMY +hds819+JE7jNMD7FkV+TcQlOVl4wyOQhNEJcjb6rA6EUe5+s85pIFTBSyPMJpJ03 +Y0dLdcSGpKdncGTK2X9+hS96G1+FP/t8hRIDblqUHtBRXe3Ozz6zSqpqu1DbAQSM +bIrLYxXfnZEN+ro0dLkBDQRfJDasAQgAncvLLZUHZkJWDPka3ocysJ7+/lmrXyAj +T3D4r7UM4oaLBOMKjvaKSDw1uW5qYmTxnnsqFDI0O5+XJxD1/0qEf6l2oUpnILdx +Vruf28FuvymbsyhDgs+MBoHz0jLWWPHUW2oWLIqcvaF0BePQ1GS6UoZlmZejsLww +cSpbaAHJng7An/iLuqOBr5EdUA5XMXqmdMFDrjh0uZezImJ2Eacu/hshBdu3IY49 +J5XP18GWrSdUnP27cv3tOii9j5Lfl8QAvCN89vkALIU3eZtnMlWZqLgl5o6COVFm +zpyx+iHOoCznQBt0aGoSNmE/dAqWIQS/xCSFqMHI6kNd9N0oR0rEHwARAQABiQE8 +BBgBCAAmFiEERyT4ac7LLibByeabqaoHAy6P2bIFAl8kNqwCGwwFCQPCZwAACgkQ +qaoHAy6P2bJfjQgAje6YR+p1QaNlTN9l4t2kGzy9RhkfYMrTgI2fEqbS9bFJUy3Y +3mH+vj/r2gN/kaN8LHH4K1d7fAohBsFqSI0flzHHIx2rfti9zAlbXcAErbnG+f0f +k0AaqU7KelU35vjPfNe6Vn7ky6G9CC6jW04NkLZDNFA2GusdYf1aM0LWew5t4WZa +quLVFhL36q9eHaogO/fcPR/quvQefHokk+b541ytwMN9l/g43rTbCvAjrUDHwipb +Gbw91Wg2XjbecRiCXDKWds2M149BpxUzY5xHFtD5t5WSEE/SkkryGTMmTxS3tuQZ +9PdtCPGrNDO6Ts/amORF04Tf+YMJgfv3IWxMeQ== +=y0uZ +-----END PGP PUBLIC KEY BLOCK----- diff --git a/test/e2e/sign/policy.json b/test/e2e/sign/policy.json new file mode 100644 index 000000000..ab01137bf --- /dev/null +++ b/test/e2e/sign/policy.json @@ -0,0 +1,18 @@ +{ + "default": [ + { + "type": "insecureAcceptAnything" + } + ], + "transports": { + "docker": { + "localhost:5000": [ + { + "type": "signedBy", + "keyType": "GPGKeys", + "keyPath": "/tmp/key.gpg" + } + ] + } + } +} diff --git a/test/system/030-run.bats b/test/system/030-run.bats index 9f4037730..8712dc72d 100644 --- a/test/system/030-run.bats +++ b/test/system/030-run.bats @@ -473,4 +473,23 @@ json-file | f run_podman kill $cid } +# Regression test for issue #8082 +@test "podman run : look up correct image name" { + # Create a 2nd tag for the local image. + local name="localhost/foo/bar" + run_podman tag $IMAGE $name + + # Create a container with the 2nd tag and make sure that it's being + # used. #8082 always inaccurately used the 1st tag. + run_podman create $name + cid="$output" + + run_podman inspect --format "{{.ImageName}}" $cid + is "$output" "$name" + + # Clean up. + run_podman rm $cid + run_podman untag $IMAGE $name +} + # vim: filetype=sh |