diff options
38 files changed, 929 insertions, 46 deletions
diff --git a/cmd/podman/common/create.go b/cmd/podman/common/create.go index 53f4a8fa2..7086dc839 100644 --- a/cmd/podman/common/create.go +++ b/cmd/podman/common/create.go @@ -156,8 +156,7 @@ func GetCreateFlags(cf *ContainerCLIOpts) *pflag.FlagSet { createFlags.String("entrypoint", "", "Overwrite the default ENTRYPOINT of the image", ) - createFlags.StringArrayVarP( - &cf.env, + createFlags.StringArrayP( "env", "e", containerConfig.Env(), "Set environment variables in container", ) diff --git a/cmd/podman/common/create_opts.go b/cmd/podman/common/create_opts.go index c275b1674..8b38e3b47 100644 --- a/cmd/podman/common/create_opts.go +++ b/cmd/podman/common/create_opts.go @@ -32,7 +32,7 @@ type ContainerCLIOpts struct { DeviceWriteBPs []string DeviceWriteIOPs []string Entrypoint *string - env []string + Env []string EnvHost bool EnvFile []string Expose []string diff --git a/cmd/podman/common/specgen.go b/cmd/podman/common/specgen.go index 3e9772576..9a2345064 100644 --- a/cmd/podman/common/specgen.go +++ b/cmd/podman/common/specgen.go @@ -335,15 +335,12 @@ func FillOutSpecGen(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string env = envLib.Join(env, fileEnv) } - // env overrides any previous variables - if cmdLineEnv := c.env; len(cmdLineEnv) > 0 { - parsedEnv, err := envLib.ParseSlice(cmdLineEnv) - if err != nil { - return err - } - env = envLib.Join(env, parsedEnv) + parsedEnv, err := envLib.ParseSlice(c.Env) + if err != nil { + return err } - s.Env = env + + s.Env = envLib.Join(env, parsedEnv) // LABEL VARIABLES labels, err := parse.GetAllLabels(c.LabelFile, c.Label) diff --git a/cmd/podman/containers/create.go b/cmd/podman/containers/create.go index 7927da04d..2ecdda2e0 100644 --- a/cmd/podman/containers/create.go +++ b/cmd/podman/containers/create.go @@ -55,6 +55,11 @@ func createFlags(flags *pflag.FlagSet) { flags.AddFlagSet(common.GetCreateFlags(&cliVals)) flags.AddFlagSet(common.GetNetFlags()) flags.SetNormalizeFunc(common.AliasFlags) + if registry.IsRemote() { + _ = flags.MarkHidden("authfile") + _ = flags.MarkHidden("env-host") + _ = flags.MarkHidden("http-proxy") + } } func init() { @@ -170,6 +175,13 @@ func createInit(c *cobra.Command) error { val := c.Flag("entrypoint").Value.String() cliVals.Entrypoint = &val } + if c.Flags().Changed("env") { + env, err := c.Flags().GetStringArray("env") + if err != nil { + return errors.Wrapf(err, "retrieve env flag") + } + cliVals.Env = env + } // Docker-compatibility: the "-h" flag for run/create is reserved for // the hostname (see https://github.com/containers/libpod/issues/1367). diff --git a/cmd/podman/containers/port.go b/cmd/podman/containers/port.go index 2e3386aa9..ec0ddf838 100644 --- a/cmd/podman/containers/port.go +++ b/cmd/podman/containers/port.go @@ -11,6 +11,7 @@ import ( "github.com/cri-o/ocicni/pkg/ocicni" "github.com/pkg/errors" "github.com/spf13/cobra" + "github.com/spf13/pflag" ) var ( @@ -28,23 +29,50 @@ var ( podman port ctrID 80/tcp podman port --latest 80`, } + + containerPortCommand = &cobra.Command{ + Use: "port [flags] CONTAINER [PORT]", + Short: portCommand.Short, + Long: portDescription, + RunE: portCommand.RunE, + Args: func(cmd *cobra.Command, args []string) error { + return parse.CheckAllLatestAndCIDFile(cmd, args, true, false) + }, + Example: `podman container port --all + podman container port --latest 80`, + } ) var ( portOpts entities.ContainerPortOptions ) +func portFlags(flags *pflag.FlagSet) { + flags.BoolVarP(&portOpts.All, "all", "a", false, "Display port information for all containers") + flags.BoolVarP(&portOpts.Latest, "latest", "l", false, "Act on the latest container podman is aware of") + if registry.IsRemote() { + _ = flags.MarkHidden("latest") + } +} + func init() { registry.Commands = append(registry.Commands, registry.CliCommand{ Mode: []entities.EngineMode{entities.ABIMode}, Command: portCommand, }) + flags := portCommand.Flags() - flags.BoolVarP(&portOpts.All, "all", "a", false, "Display port information for all containers") - flags.BoolVarP(&portOpts.Latest, "latest", "l", false, "Act on the latest container podman is aware of") - if registry.IsRemote() { - _ = flags.MarkHidden("latest") - } + portFlags(flags) + + registry.Commands = append(registry.Commands, registry.CliCommand{ + Mode: []entities.EngineMode{entities.ABIMode}, + Command: containerPortCommand, + Parent: containerCmd, + }) + + containerPortflags := containerPortCommand.Flags() + portFlags(containerPortflags) + } func port(cmd *cobra.Command, args []string) error { diff --git a/cmd/podman/containers/run.go b/cmd/podman/containers/run.go index f72446cb6..5f3ea9ef4 100644 --- a/cmd/podman/containers/run.go +++ b/cmd/podman/containers/run.go @@ -60,6 +60,8 @@ func runFlags(flags *pflag.FlagSet) { flags.BoolVar(&runRmi, "rmi", false, "Remove container image unless used by other containers") if registry.IsRemote() { _ = flags.MarkHidden("authfile") + _ = flags.MarkHidden("env-host") + _ = flags.MarkHidden("http-proxy") } } func init() { diff --git a/cmd/podman/images/trust.go b/cmd/podman/images/trust.go new file mode 100644 index 000000000..88a567871 --- /dev/null +++ b/cmd/podman/images/trust.go @@ -0,0 +1,27 @@ +package images + +import ( + "github.com/containers/libpod/cmd/podman/registry" + "github.com/containers/libpod/cmd/podman/validate" + "github.com/containers/libpod/pkg/domain/entities" + "github.com/spf13/cobra" +) + +var ( + trustDescription = `Manages which registries you trust as a source of container images based on their location. + The location is determined by the transport and the registry host of the image. Using this container image docker://quay.io/podman/stable as an example, docker is the transport and quay.io is the registry host.` + trustCmd = &cobra.Command{ + Use: "trust", + Short: "Manage container image trust policy", + Long: trustDescription, + RunE: validate.SubCommandExists, + } +) + +func init() { + registry.Commands = append(registry.Commands, registry.CliCommand{ + Mode: []entities.EngineMode{entities.ABIMode}, + Command: trustCmd, + Parent: imageCmd, + }) +} diff --git a/cmd/podman/images/trust_set.go b/cmd/podman/images/trust_set.go new file mode 100644 index 000000000..5868f5546 --- /dev/null +++ b/cmd/podman/images/trust_set.go @@ -0,0 +1,56 @@ +package images + +import ( + "github.com/containers/libpod/cmd/podman/registry" + "github.com/containers/libpod/libpod/image" + "github.com/containers/libpod/pkg/domain/entities" + "github.com/containers/libpod/pkg/util" + "github.com/pkg/errors" + "github.com/spf13/cobra" +) + +var ( + setTrustDescription = "Set default trust policy or add a new trust policy for a registry" + setTrustCommand = &cobra.Command{ + Use: "set [flags] REGISTRY", + Short: "Set default trust policy or a new trust policy for a registry", + Long: setTrustDescription, + Example: "", + RunE: setTrust, + Args: cobra.ExactArgs(1), + } +) + +var ( + setOptions entities.SetTrustOptions +) + +func init() { + registry.Commands = append(registry.Commands, registry.CliCommand{ + Mode: []entities.EngineMode{entities.ABIMode}, + Command: setTrustCommand, + Parent: trustCmd, + }) + setFlags := setTrustCommand.Flags() + setFlags.StringVar(&setOptions.PolicyPath, "policypath", "", "") + _ = setFlags.MarkHidden("policypath") + setFlags.StringSliceVarP(&setOptions.PubKeysFile, "pubkeysfile", "f", []string{}, `Path of installed public key(s) to trust for TARGET. +Absolute path to keys is added to policy.json. May +used multiple times to define multiple public keys. +File(s) must exist before using this command`) + setFlags.StringVarP(&setOptions.Type, "type", "t", "signedBy", "Trust type, accept values: signedBy(default), accept, reject") +} + +func setTrust(cmd *cobra.Command, args []string) error { + validTrustTypes := []string{"accept", "insecureAcceptAnything", "reject", "signedBy"} + + valid, err := image.IsValidImageURI(args[0]) + if err != nil || !valid { + return errors.Wrapf(err, "invalid image uri %s", args[0]) + } + + if !util.StringInSlice(setOptions.Type, validTrustTypes) { + return errors.Errorf("invalid choice: %s (choose from 'accept', 'reject', 'signedBy')", setOptions.Type) + } + return registry.ImageEngine().SetTrust(registry.Context(), args, setOptions) +} diff --git a/cmd/podman/images/trust_show.go b/cmd/podman/images/trust_show.go new file mode 100644 index 000000000..23ee6c709 --- /dev/null +++ b/cmd/podman/images/trust_show.go @@ -0,0 +1,77 @@ +package images + +import ( + "fmt" + "os" + "text/tabwriter" + "text/template" + + "github.com/containers/libpod/cmd/podman/registry" + "github.com/containers/libpod/pkg/domain/entities" + "github.com/spf13/cobra" +) + +var ( + showTrustDescription = "Display trust policy for the system" + showTrustCommand = &cobra.Command{ + Use: "show [flags] [REGISTRY]", + Short: "Display trust policy for the system", + Long: showTrustDescription, + RunE: showTrust, + Example: "", + } +) + +var ( + showTrustOptions entities.ShowTrustOptions +) + +func init() { + registry.Commands = append(registry.Commands, registry.CliCommand{ + Mode: []entities.EngineMode{entities.ABIMode}, + Command: showTrustCommand, + Parent: trustCmd, + }) + showFlags := showTrustCommand.Flags() + showFlags.BoolVarP(&showTrustOptions.JSON, "json", "j", false, "Output as json") + showFlags.StringVar(&showTrustOptions.PolicyPath, "policypath", "", "") + showFlags.BoolVar(&showTrustOptions.Raw, "raw", false, "Output raw policy file") + _ = showFlags.MarkHidden("policypath") + showFlags.StringVar(&showTrustOptions.RegistryPath, "registrypath", "", "") + _ = showFlags.MarkHidden("registrypath") + +} + +func showTrust(cmd *cobra.Command, args []string) error { + report, err := registry.ImageEngine().ShowTrust(registry.Context(), args, showTrustOptions) + if err != nil { + return err + } + if showTrustOptions.Raw { + fmt.Println(report.Raw) + return nil + } + if showTrustOptions.JSON { + b, err := json.MarshalIndent(report.Policies, "", " ") + if err != nil { + return err + } + fmt.Println(string(b)) + return nil + } + + row := "{{.RepoName}}\t{{.Type}}\t{{.GPGId}}\t{{.SignatureStore}}\n" + format := "{{range . }}" + row + "{{end}}" + tmpl, err := template.New("listContainers").Parse(format) + if err != nil { + return err + } + w := tabwriter.NewWriter(os.Stdout, 8, 2, 2, ' ', 0) + if err := tmpl.Execute(w, report.Policies); err != nil { + return err + } + if err := w.Flush(); err != nil { + return err + } + return nil +} diff --git a/cmd/podman/manifest/manifest.go b/cmd/podman/manifest/manifest.go index 88d264c1f..d7f042a56 100644 --- a/cmd/podman/manifest/manifest.go +++ b/cmd/podman/manifest/manifest.go @@ -18,7 +18,9 @@ var ( Example: `podman manifest add mylist:v1.11 image:v1.11-amd64 podman manifest create localhost/list podman manifest inspect localhost/list - podman manifest annotate --annotation left=right mylist:v1.11 image:v1.11-amd64`, + podman manifest annotate --annotation left=right mylist:v1.11 image:v1.11-amd64 + podman manifest push mylist:v1.11 quay.io/myimagelist + podman manifest remove mylist:v1.11 sha256:15352d97781ffdf357bf3459c037be3efac4133dc9070c2dce7eca7c05c3e736`, } ) diff --git a/cmd/podman/manifest/push.go b/cmd/podman/manifest/push.go new file mode 100644 index 000000000..49c76f40b --- /dev/null +++ b/cmd/podman/manifest/push.go @@ -0,0 +1,66 @@ +package manifest + +import ( + "context" + + "github.com/containers/common/pkg/auth" + "github.com/containers/libpod/cmd/podman/registry" + "github.com/containers/libpod/pkg/domain/entities" + "github.com/pkg/errors" + "github.com/spf13/cobra" +) + +var ( + manifestPushOpts = entities.ManifestPushOptions{} + pushCmd = &cobra.Command{ + Use: "push [flags] SOURCE DESTINATION", + Short: "Push a manifest list or image index to a registry", + Long: "Pushes manifest lists and image indexes to registries.", + RunE: push, + Example: `podman manifest push mylist:v1.11 quay.io/myimagelist`, + Args: cobra.ExactArgs(2), + } +) + +func init() { + registry.Commands = append(registry.Commands, registry.CliCommand{ + Mode: []entities.EngineMode{entities.ABIMode, entities.TunnelMode}, + Command: pushCmd, + Parent: manifestCmd, + }) + flags := pushCmd.Flags() + flags.BoolVar(&manifestPushOpts.Purge, "purge", false, "remove the manifest list if push succeeds") + flags.BoolVar(&manifestPushOpts.All, "all", false, "also push the images in the list") + flags.StringVar(&manifestPushOpts.Authfile, "authfile", auth.GetDefaultAuthFile(), "path of the authentication file. Use REGISTRY_AUTH_FILE environment variable to override") + flags.StringVar(&manifestPushOpts.CertDir, "cert-dir", "", "use certificates at the specified path to access the registry") + flags.StringVar(&manifestPushOpts.Creds, "creds", "", "use `[username[:password]]` for accessing the registry") + flags.StringVar(&manifestPushOpts.DigestFile, "digestfile", "", "after copying the image, write the digest of the resulting digest to the file") + flags.StringVarP(&manifestPushOpts.Format, "format", "f", "", "manifest type (oci or v2s2) to attempt to use when pushing the manifest list (default is manifest type of source)") + flags.BoolVarP(&manifestPushOpts.RemoveSignatures, "remove-signatures", "", false, "don't copy signatures when pushing images") + flags.StringVar(&manifestPushOpts.SignBy, "sign-by", "", "sign the image using a GPG key with the specified `FINGERPRINT`") + flags.BoolVar(&manifestPushOpts.TlsVerify, "tls-verify", true, "require HTTPS and verify certificates when accessing the registry") + flags.BoolVarP(&manifestPushOpts.Quiet, "quiet", "q", false, "don't output progress information when pushing lists") + if registry.IsRemote() { + _ = flags.MarkHidden("authfile") + _ = flags.MarkHidden("cert-dir") + _ = flags.MarkHidden("tls-verify") + } +} + +func push(cmd *cobra.Command, args []string) error { + if err := auth.CheckAuthFile(manifestPushOpts.Authfile); err != nil { + return err + } + listImageSpec := args[0] + destSpec := args[1] + if listImageSpec == "" { + return errors.Errorf(`invalid image name "%s"`, listImageSpec) + } + if destSpec == "" { + return errors.Errorf(`invalid destination "%s"`, destSpec) + } + if err := registry.ImageEngine().ManifestPush(context.Background(), args, manifestPushOpts); err != nil { + return errors.Wrapf(err, "error pushing manifest %s to %s", listImageSpec, destSpec) + } + return nil +} diff --git a/cmd/podman/manifest/remove.go b/cmd/podman/manifest/remove.go new file mode 100644 index 000000000..4d345efc0 --- /dev/null +++ b/cmd/podman/manifest/remove.go @@ -0,0 +1,47 @@ +package manifest + +import ( + "context" + "fmt" + + "github.com/containers/libpod/cmd/podman/registry" + "github.com/containers/libpod/pkg/domain/entities" + "github.com/pkg/errors" + "github.com/spf13/cobra" +) + +var ( + removeCmd = &cobra.Command{ + Use: "remove [flags] LIST IMAGE", + Short: "Remove an entry from a manifest list or image index", + Long: "Removes an image from a manifest list or image index.", + RunE: remove, + Example: `podman manifest remove mylist:v1.11 sha256:15352d97781ffdf357bf3459c037be3efac4133dc9070c2dce7eca7c05c3e736`, + Args: cobra.ExactArgs(2), + } +) + +func init() { + registry.Commands = append(registry.Commands, registry.CliCommand{ + Mode: []entities.EngineMode{entities.ABIMode, entities.TunnelMode}, + Command: removeCmd, + Parent: manifestCmd, + }) +} + +func remove(cmd *cobra.Command, args []string) error { + listImageSpec := args[0] + instanceSpec := args[1] + if listImageSpec == "" { + return errors.Errorf(`invalid image name "%s"`, listImageSpec) + } + if instanceSpec == "" { + return errors.Errorf(`invalid image digest "%s"`, instanceSpec) + } + updatedListID, err := registry.ImageEngine().ManifestRemove(context.Background(), args) + if err != nil { + return errors.Wrapf(err, "error removing from manifest list %s", listImageSpec) + } + fmt.Printf("%s\n", updatedListID) + return nil +} diff --git a/cmd/podman/parse/common.go b/cmd/podman/parse/common.go index a5e9b4fc2..13f425b6d 100644 --- a/cmd/podman/parse/common.go +++ b/cmd/podman/parse/common.go @@ -30,13 +30,20 @@ func CheckAllLatestAndCIDFile(c *cobra.Command, args []string, ignoreArgLen bool return errors.Errorf("--all and --latest cannot be used together") } + if (argLen > 0) && specifiedAll { + return errors.Errorf("no arguments are needed with --all") + } + if ignoreArgLen { return nil } - if (argLen > 0) && (specifiedAll || specifiedLatest) { - return errors.Errorf("no arguments are needed with --all or --latest") - } else if cidfile && (argLen > 0) && (specifiedAll || specifiedLatest || specifiedCIDFile) { - return errors.Errorf("no arguments are needed with --all, --latest or --cidfile") + + if argLen > 0 { + if specifiedLatest { + return errors.Errorf("no arguments are needed with --latest") + } else if cidfile && (specifiedLatest || specifiedCIDFile) { + return errors.Errorf("no arguments are needed with --latest or --cidfile") + } } if specifiedCIDFile { diff --git a/completions/bash/podman b/completions/bash/podman index 61af7ac59..1e29a2e30 100644 --- a/completions/bash/podman +++ b/completions/bash/podman @@ -1742,7 +1742,9 @@ _podman_manifest() { add create inspect - " + push + remove + " __podman_subcommands "$subcommands" && return case "$cur" in @@ -1838,6 +1840,57 @@ _podman_manifest_inspect() { esac } +_podman_manifest_push() { + local options_with_args=" + --authfile + --cert-dir + --creds + --digestfile + --format + -f + --sign-by + --signature-policy, + " + + local boolean_options=" + --all + --purge + --help + -h + --remove-signatures + --tls-verify + --quiet + " + + _complete_ "$options_with_args" "$boolean_options" + case "$cur" in + -*) + COMPREPLY=($(compgen -W "$boolean_options $options_with_args" -- "$cur")) + ;; + *) + __podman_complete_images --id + ;; + esac +} + +_podman_manifest_remove() { + local options_with_args=" + " + + local boolean_options=" + " + + _complete_ "$options_with_args" "$boolean_options" + case "$cur" in + -*) + COMPREPLY=($(compgen -W "$boolean_options $options_with_args" -- "$cur")) + ;; + *) + __podman_complete_images --id + ;; + esac +} + _podman_pull() { local options_with_args=" --authfile diff --git a/docs/source/Tutorials.rst b/docs/source/Tutorials.rst index 0c7e28c3b..85ae59131 100644 --- a/docs/source/Tutorials.rst +++ b/docs/source/Tutorials.rst @@ -1,2 +1,4 @@ Tutorials ========= + +`Podman Tutorials on GitHub <https://github.com/containers/libpod/tree/master/docs/tutorials>`_ diff --git a/docs/source/markdown/podman-create.1.md b/docs/source/markdown/podman-create.1.md index f0494ca7d..2fd8512a6 100644 --- a/docs/source/markdown/podman-create.1.md +++ b/docs/source/markdown/podman-create.1.md @@ -278,7 +278,7 @@ See [**Environment**](#environment) note below for precedence and examples. **--env-host**=*true|false* -Use host environment inside of the container. See **Environment** note below for precedence. +Use host environment inside of the container. See **Environment** note below for precedence. (Not available for remote commands) **--env-file**=*file* @@ -347,7 +347,7 @@ the container should not use any proxy. Proxy environment variables specified for the container in any other way will override the values that would have been passed through from the host. (Other ways to specify the proxy for the container include passing the values with the `--env` flag, or hard coding the -proxy environment at container build time.) +proxy environment at container build time.) (Not available for remote commands) For example, to disable passing these environment variables from host to container: diff --git a/docs/source/markdown/podman-manifest-add.1.md b/docs/source/markdown/podman-manifest-add.1.md index 857a98e12..82f2071b9 100644 --- a/docs/source/markdown/podman-manifest-add.1.md +++ b/docs/source/markdown/podman-manifest-add.1.md @@ -73,4 +73,4 @@ podman manifest add --arch arm64 --variant v8 mylist:v1.11 docker://71c201d10fff ``` ## SEE ALSO -podman(1), podman-manifest(1), podman-manifest-create(1), podman-manifest-inspect(1), podman-rmi(1) +podman(1), podman-manifest(1), podman-manifest-create(1), podman-manifest-inspect(1), podman-manifest-push(1), podman-manifest-remove(1), podman-rmi(1) diff --git a/docs/source/markdown/podman-manifest-create.1.md b/docs/source/markdown/podman-manifest-create.1.md index 941e70c32..537a641f2 100644 --- a/docs/source/markdown/podman-manifest-create.1.md +++ b/docs/source/markdown/podman-manifest-create.1.md @@ -40,4 +40,4 @@ podman manifest create --all mylist:v1.11 docker://fedora ``` ## SEE ALSO -podman(1), podman-manifest(1), podman-manifest-add(1), podman-manifest-inspect(1), podman-rmi(1) +podman(1), podman-manifest(1), podman-manifest-add(1), podman-manifest-inspect(1), podman-manifest-push(1), podman-manifest-remove(1), podman-rmi(1) diff --git a/docs/source/markdown/podman-manifest-inspect.1.md b/docs/source/markdown/podman-manifest-inspect.1.md index efde02643..a4c58bd13 100644 --- a/docs/source/markdown/podman-manifest-inspect.1.md +++ b/docs/source/markdown/podman-manifest-inspect.1.md @@ -21,4 +21,4 @@ podman manifest inspect mylist:v1.11 ``` ## SEE ALSO -podman(1), podman-manifest(1), podman-manifest-create(1), podman-manifest-add(1), podman-rmi(1) +podman(1), podman-manifest(1), podman-manifest-create(1), podman-manifest-add(1), podman-manifest-push(1), podman-manifest-remove(1), podman-rmi(1) diff --git a/docs/source/markdown/podman-manifest-push.1.md b/docs/source/markdown/podman-manifest-push.1.md new file mode 100644 index 000000000..38d0c5904 --- /dev/null +++ b/docs/source/markdown/podman-manifest-push.1.md @@ -0,0 +1,72 @@ +% podman-manifest-push(1) + +## NAME +podman\-manifest\-push - Push a manifest list or image index to a registry + +## SYNOPSIS +**podman manifest push** [options...] *listnameorindexname* *transport:details* + +## DESCRIPTION +Pushes a manifest list or image index to a registry. + +## RETURN VALUE +The list image's ID and the digest of the image's manifest. + +## OPTIONS + +**--all** + +Push the images mentioned in the manifest list or image index, in addition to +the list or index itself. + +**--authfile** *path* + +Path of the authentication file. Default is ${XDG\_RUNTIME\_DIR}/containers/auth.json, which is set using `podman login`. +If the authorization state is not found there, $HOME/.docker/config.json is checked, which is set using `docker login`. (Not available for remote commands) + +Note: You can also override the default path of the authentication file by setting the REGISTRY\_AUTH\_FILE +environment variable. `export REGISTRY_AUTH_FILE=path` + +**--cert-dir** *path* + +Use certificates at *path* (\*.crt, \*.cert, \*.key) to connect to the registry. +Default certificates directory is _/etc/containers/certs.d_. (Not available for remote commands) + +**--creds** *creds* + +The [username[:password]] to use to authenticate with the registry if required. +If one or both values are not supplied, a command line prompt will appear and the +value can be entered. The password is entered without echo. + +**--digestfile** *Digestfile* + +After copying the image, write the digest of the resulting image to the file. + +**--format, -f** + +Manifest list type (oci or v2s2) to use when pushing the list (default is oci). + +**--purge** + +Delete the manifest list or image index from local storage if pushing succeeds. + +**--remove-signatures** + +Don't copy signatures when pushing images. + +**--sign-by** *fingerprint* + +Sign the pushed images using the GPG key that matches the specified fingerprint. + +**--tls-verify** *bool-value* + +Require HTTPS and verify certificates when talking to container registries (defaults to true) (Not available for remote commands) + +## EXAMPLE + +``` +podman manifest push mylist:v1.11 docker://registry.example.org/mylist:v1.11 +``` + +## SEE ALSO +podman(1), podman-manifest(1), podman-manifest-add(1), podman-manifest-create(1), podman-manifest-inspect(1), podman-manifest-remove(1), podman-rmi(1) diff --git a/docs/source/markdown/podman-manifest-remove.1.md b/docs/source/markdown/podman-manifest-remove.1.md new file mode 100644 index 000000000..c13714195 --- /dev/null +++ b/docs/source/markdown/podman-manifest-remove.1.md @@ -0,0 +1,23 @@ +% podman-manifest-remove(1) + +## NAME +podman\-manifest\-remove - Remove an image from a manifest list or image index + +## SYNOPSIS +**podman manifest remove** *listnameorindexname* *transport:details* + +## DESCRIPTION +Removes the image with the specified digest from the specified manifest list or image index. + +## RETURN VALUE +The list image's ID and the digest of the removed image's manifest. + +## EXAMPLE + +``` +podman manifest remove mylist:v1.11 sha256:cb8a924afdf0229ef7515d9e5b3024e23b3eb03ddbba287f4a19c6ac90b8d221 +e604eabaaee4858232761b4fef84e2316ed8f93e15eceafce845966ee3400036 :sha256:cb8a924afdf0229ef7515d9e5b3024e23b3eb03ddbba287f4a19c6ac90b8d221 +``` + +## SEE ALSO +podman(1), podman-manifest(1), podman-manifest-add(1), podman-manifest-create(1), podman-manifest-inspect(1), podman-manifest-push(1), podman-rmi(1) diff --git a/docs/source/markdown/podman-manifest.1.md b/docs/source/markdown/podman-manifest.1.md index c86035ce3..3353979ac 100644 --- a/docs/source/markdown/podman-manifest.1.md +++ b/docs/source/markdown/podman-manifest.1.md @@ -19,6 +19,8 @@ The `podman manifest` command provides subcommands which can be used to: | annotate | [podman-manifest-annotate(1)](podman-manifest-annotate.1.md) | Add or update information about an entry in a manifest list or image index. | | create | [podman-manifest-create(1)](podman-manifest-create.1.md) | Create a manifest list or image index. | | inspect | [podman-manifest-inspect(1)](podman-manifest-inspect.1.md) | Display a manifest list or image index. | +| push | [podman-manifest-push(1)](podman-manifest-push.1.md) | Push a manifest list or image index to a registry. | +| remove | [podman-manifest-remove(1)](podman-manifest-remove.1.md) | Remove an image from a manifest list or image index. | ## SEE ALSO -podman(1), podman-manifest-add(1), podman-manifest-annotate(1), podman-manifest-create(1), podman-manifest-inspect(1) +podman(1), podman-manifest-add(1), podman-manifest-annotate(1), podman-manifest-create(1), podman-manifest-inspect(1), podman-manifest-push(1), podman-manifest-remove(1) diff --git a/docs/source/markdown/podman-run.1.md b/docs/source/markdown/podman-run.1.md index b21eb9da9..dd221590d 100644 --- a/docs/source/markdown/podman-run.1.md +++ b/docs/source/markdown/podman-run.1.md @@ -294,7 +294,7 @@ See [**Environment**](#environment) note below for precedence and examples. **--env-host**=**true**|**false** -Use host environment inside of the container. See **Environment** note below for precedence. +Use host environment inside of the container. See **Environment** note below for precedence. (Not available for remote commands) **--env-file**=*file* @@ -363,7 +363,7 @@ the container should not use any proxy. Proxy environment variables specified for the container in any other way will override the values that would have been passed through from the host. (Other ways to specify the proxy for the container include passing the values with the **--env** flag, or hard coding the -proxy environment at container build time.) +proxy environment at container build time.) (Not available for remote commands) Defaults to **true**. diff --git a/pkg/domain/entities/engine_image.go b/pkg/domain/entities/engine_image.go index c46ba815a..ffa71abd6 100644 --- a/pkg/domain/entities/engine_image.go +++ b/pkg/domain/entities/engine_image.go @@ -22,6 +22,8 @@ type ImageEngine interface { Remove(ctx context.Context, images []string, opts ImageRemoveOptions) (*ImageRemoveReport, []error) Save(ctx context.Context, nameOrId string, tags []string, options ImageSaveOptions) error Search(ctx context.Context, term string, opts ImageSearchOptions) ([]ImageSearchReport, error) + SetTrust(ctx context.Context, args []string, options SetTrustOptions) error + ShowTrust(ctx context.Context, args []string, options ShowTrustOptions) (*ShowTrustReport, error) Shutdown(ctx context.Context) Tag(ctx context.Context, nameOrId string, tags []string, options ImageTagOptions) error Tree(ctx context.Context, nameOrId string, options ImageTreeOptions) (*ImageTreeReport, error) @@ -30,4 +32,6 @@ type ImageEngine interface { ManifestInspect(ctx context.Context, name string) ([]byte, error) ManifestAdd(ctx context.Context, opts ManifestAddOptions) (string, error) ManifestAnnotate(ctx context.Context, names []string, opts ManifestAnnotateOptions) (string, error) + ManifestRemove(ctx context.Context, names []string) (string, error) + ManifestPush(ctx context.Context, names []string, manifestPushOpts ManifestPushOptions) error } diff --git a/pkg/domain/entities/images.go b/pkg/domain/entities/images.go index 74f27e25f..e116a90b9 100644 --- a/pkg/domain/entities/images.go +++ b/pkg/domain/entities/images.go @@ -7,6 +7,7 @@ import ( "github.com/containers/image/v5/manifest" "github.com/containers/image/v5/types" "github.com/containers/libpod/pkg/inspect" + "github.com/containers/libpod/pkg/trust" docker "github.com/docker/docker/api/types" "github.com/docker/docker/api/types/container" "github.com/opencontainers/go-digest" @@ -285,3 +286,26 @@ type ImageTreeOptions struct { type ImageTreeReport struct { Tree string // TODO: Refactor move presentation work out of server } + +// ShowTrustOptions are the cli options for showing trust +type ShowTrustOptions struct { + JSON bool + PolicyPath string + Raw bool + RegistryPath string +} + +// ShowTrustReport describes the results of show trust +type ShowTrustReport struct { + Raw []byte + SystemRegistriesDirPath string + JSONOutput []byte + Policies []*trust.TrustPolicy +} + +// SetTrustOptions describes the CLI options for setting trust +type SetTrustOptions struct { + PolicyPath string + PubKeysFile []string + Type string +} diff --git a/pkg/domain/entities/manifest.go b/pkg/domain/entities/manifest.go index d92b1dc9b..273052bb9 100644 --- a/pkg/domain/entities/manifest.go +++ b/pkg/domain/entities/manifest.go @@ -24,3 +24,8 @@ type ManifestAnnotateOptions struct { OSVersion string `json:"os_version" schema:"os_version"` Variant string `json:"variant" schema:"variant"` } + +type ManifestPushOptions struct { + Purge, Quiet, All, TlsVerify, RemoveSignatures bool + Authfile, CertDir, Creds, DigestFile, Format, SignBy string +} diff --git a/pkg/domain/infra/abi/manifest.go b/pkg/domain/infra/abi/manifest.go index 812507f0a..fca34dda2 100644 --- a/pkg/domain/infra/abi/manifest.go +++ b/pkg/domain/infra/abi/manifest.go @@ -6,15 +6,21 @@ import ( "context" "encoding/json" "fmt" + "io/ioutil" + "os" "strings" + "github.com/containers/buildah/manifests" buildahUtil "github.com/containers/buildah/util" + cp "github.com/containers/image/v5/copy" "github.com/containers/image/v5/docker" + "github.com/containers/image/v5/manifest" "github.com/containers/image/v5/transports/alltransports" libpodImage "github.com/containers/libpod/libpod/image" "github.com/containers/libpod/pkg/domain/entities" "github.com/containers/libpod/pkg/util" "github.com/opencontainers/go-digest" + imgspecv1 "github.com/opencontainers/image-spec/specs-go/v1" "github.com/pkg/errors" ) @@ -137,3 +143,68 @@ func (ir *ImageEngine) ManifestAnnotate(ctx context.Context, names []string, opt } return "", err } + +// ManifestRemove removes specified digest from the specified manifest list +func (ir *ImageEngine) ManifestRemove(ctx context.Context, names []string) (string, error) { + instanceDigest, err := digest.Parse(names[1]) + if err != nil { + return "", errors.Errorf(`invalid image digest "%s": %v`, names[1], err) + } + listImage, err := ir.Libpod.ImageRuntime().NewFromLocal(names[0]) + if err != nil { + return "", errors.Wrapf(err, "error retriving local image from image name %s", names[0]) + } + updatedListID, err := listImage.RemoveManifest(instanceDigest) + if err == nil { + return fmt.Sprintf("%s :%s\n", updatedListID, instanceDigest.String()), nil + } + return "", err +} + +// ManifestPush pushes a manifest list or image index to the destination +func (ir *ImageEngine) ManifestPush(ctx context.Context, names []string, opts entities.ManifestPushOptions) error { + listImage, err := ir.Libpod.ImageRuntime().NewFromLocal(names[0]) + if err != nil { + return errors.Wrapf(err, "error retriving local image from image name %s", names[0]) + } + dest, err := alltransports.ParseImageName(names[1]) + if err != nil { + return err + } + var manifestType string + if opts.Format != "" { + switch opts.Format { + case "oci": + manifestType = imgspecv1.MediaTypeImageManifest + case "v2s2", "docker": + manifestType = manifest.DockerV2Schema2MediaType + default: + return errors.Errorf("unknown format %q. Choose on of the supported formats: 'oci' or 'v2s2'", opts.Format) + } + } + options := manifests.PushOptions{ + Store: ir.Libpod.GetStore(), + SystemContext: ir.Libpod.SystemContext(), + ImageListSelection: cp.CopySpecificImages, + Instances: nil, + RemoveSignatures: opts.RemoveSignatures, + SignBy: opts.SignBy, + ManifestType: manifestType, + } + if opts.All { + options.ImageListSelection = cp.CopyAllImages + } + if !opts.Quiet { + options.ReportWriter = os.Stderr + } + digest, err := listImage.PushManifest(dest, options) + if err == nil && opts.Purge { + _, err = ir.Libpod.GetStore().DeleteImage(listImage.ID(), true) + } + if opts.DigestFile != "" { + if err = ioutil.WriteFile(opts.DigestFile, []byte(digest.String()), 0644); err != nil { + return buildahUtil.GetFailureCause(err, errors.Wrapf(err, "failed to write digest to file %q", opts.DigestFile)) + } + } + return err +} diff --git a/pkg/domain/infra/abi/trust.go b/pkg/domain/infra/abi/trust.go new file mode 100644 index 000000000..5b89c91d9 --- /dev/null +++ b/pkg/domain/infra/abi/trust.go @@ -0,0 +1,171 @@ +package abi + +import ( + "context" + "encoding/json" + "io/ioutil" + "os" + "strings" + + "github.com/containers/libpod/pkg/domain/entities" + "github.com/containers/libpod/pkg/trust" + "github.com/pkg/errors" + "github.com/sirupsen/logrus" +) + +func (ir *ImageEngine) ShowTrust(ctx context.Context, args []string, options entities.ShowTrustOptions) (*entities.ShowTrustReport, error) { + var ( + err error + report entities.ShowTrustReport + ) + policyPath := trust.DefaultPolicyPath(ir.Libpod.SystemContext()) + if len(options.PolicyPath) > 0 { + policyPath = options.PolicyPath + } + report.Raw, err = ioutil.ReadFile(policyPath) + if err != nil { + return nil, errors.Wrapf(err, "unable to read %s", policyPath) + } + if options.Raw { + return &report, nil + } + report.SystemRegistriesDirPath = trust.RegistriesDirPath(ir.Libpod.SystemContext()) + if len(options.RegistryPath) > 0 { + report.SystemRegistriesDirPath = options.RegistryPath + } + policyContentStruct, err := trust.GetPolicy(policyPath) + if err != nil { + return nil, errors.Wrapf(err, "could not read trust policies") + } + report.Policies, err = getPolicyShowOutput(policyContentStruct, report.SystemRegistriesDirPath) + if err != nil { + return nil, errors.Wrapf(err, "could not show trust policies") + } + return &report, nil +} + +func (ir *ImageEngine) SetTrust(ctx context.Context, args []string, options entities.SetTrustOptions) error { + var ( + policyContentStruct trust.PolicyContent + newReposContent []trust.RepoContent + ) + trustType := options.Type + if trustType == "accept" { + trustType = "insecureAcceptAnything" + } + + pubkeysfile := options.PubKeysFile + if len(pubkeysfile) == 0 && trustType == "signedBy" { + return errors.Errorf("At least one public key must be defined for type 'signedBy'") + } + + policyPath := trust.DefaultPolicyPath(ir.Libpod.SystemContext()) + if len(options.PolicyPath) > 0 { + policyPath = options.PolicyPath + } + _, err := os.Stat(policyPath) + if !os.IsNotExist(err) { + policyContent, err := ioutil.ReadFile(policyPath) + if err != nil { + return errors.Wrapf(err, "unable to read %s", policyPath) + } + if err := json.Unmarshal(policyContent, &policyContentStruct); err != nil { + return errors.Errorf("could not read trust policies") + } + } + if len(pubkeysfile) != 0 { + for _, filepath := range pubkeysfile { + newReposContent = append(newReposContent, trust.RepoContent{Type: trustType, KeyType: "GPGKeys", KeyPath: filepath}) + } + } else { + newReposContent = append(newReposContent, trust.RepoContent{Type: trustType}) + } + if args[0] == "default" { + policyContentStruct.Default = newReposContent + } else { + if len(policyContentStruct.Default) == 0 { + return errors.Errorf("Default trust policy must be set.") + } + registryExists := false + for transport, transportval := range policyContentStruct.Transports { + _, registryExists = transportval[args[0]] + if registryExists { + policyContentStruct.Transports[transport][args[0]] = newReposContent + break + } + } + if !registryExists { + if policyContentStruct.Transports == nil { + policyContentStruct.Transports = make(map[string]trust.RepoMap) + } + if policyContentStruct.Transports["docker"] == nil { + policyContentStruct.Transports["docker"] = make(map[string][]trust.RepoContent) + } + policyContentStruct.Transports["docker"][args[0]] = append(policyContentStruct.Transports["docker"][args[0]], newReposContent...) + } + } + + data, err := json.MarshalIndent(policyContentStruct, "", " ") + if err != nil { + return errors.Wrapf(err, "error setting trust policy") + } + return ioutil.WriteFile(policyPath, data, 0644) +} + +func getPolicyShowOutput(policyContentStruct trust.PolicyContent, systemRegistriesDirPath string) ([]*trust.TrustPolicy, error) { + var output []*trust.TrustPolicy + + registryConfigs, err := trust.LoadAndMergeConfig(systemRegistriesDirPath) + if err != nil { + return nil, err + } + + if len(policyContentStruct.Default) > 0 { + defaultPolicyStruct := trust.TrustPolicy{ + Name: "* (default)", + RepoName: "default", + Type: trustTypeDescription(policyContentStruct.Default[0].Type), + } + output = append(output, &defaultPolicyStruct) + } + for _, transval := range policyContentStruct.Transports { + for repo, repoval := range transval { + tempTrustShowOutput := trust.TrustPolicy{ + Name: repo, + RepoName: repo, + Type: repoval[0].Type, + } + // TODO - keyarr is not used and I don't know its intent; commenting out for now for someone to fix later + //keyarr := []string{} + uids := []string{} + for _, repoele := range repoval { + if len(repoele.KeyPath) > 0 { + //keyarr = append(keyarr, repoele.KeyPath) + uids = append(uids, trust.GetGPGIdFromKeyPath(repoele.KeyPath)...) + } + if len(repoele.KeyData) > 0 { + //keyarr = append(keyarr, string(repoele.KeyData)) + uids = append(uids, trust.GetGPGIdFromKeyData(repoele.KeyData)...) + } + } + tempTrustShowOutput.GPGId = strings.Join(uids, ", ") + + registryNamespace := trust.HaveMatchRegistry(repo, registryConfigs) + if registryNamespace != nil { + tempTrustShowOutput.SignatureStore = registryNamespace.SigStore + } + output = append(output, &tempTrustShowOutput) + } + } + return output, nil +} + +var typeDescription = map[string]string{"insecureAcceptAnything": "accept", "signedBy": "signed", "reject": "reject"} + +func trustTypeDescription(trustType string) string { + trustDescription, exist := typeDescription[trustType] + if !exist { + logrus.Warnf("invalid trust type %s", trustType) + } + return trustDescription +} diff --git a/pkg/domain/infra/tunnel/manifest.go b/pkg/domain/infra/tunnel/manifest.go index 3d3196019..7d9a0fce1 100644 --- a/pkg/domain/infra/tunnel/manifest.go +++ b/pkg/domain/infra/tunnel/manifest.go @@ -91,3 +91,18 @@ func (ir *ImageEngine) ManifestAnnotate(ctx context.Context, names []string, opt } return fmt.Sprintf("%s :%s", updatedListID, names[1]), nil } + +// ManifestRemove removes the digest from manifest list +func (ir *ImageEngine) ManifestRemove(ctx context.Context, names []string) (string, error) { + updatedListID, err := manifests.Remove(ctx, names[0], names[1]) + if err != nil { + return updatedListID, errors.Wrapf(err, "error removing from manifest %s", names[0]) + } + return fmt.Sprintf("%s :%s\n", updatedListID, names[1]), nil +} + +// ManifestPush pushes a manifest list or image index to the destination +func (ir *ImageEngine) ManifestPush(ctx context.Context, names []string, opts entities.ManifestPushOptions) error { + _, err := manifests.Push(ctx, names[0], &names[1], &opts.All) + return err +} diff --git a/pkg/domain/infra/tunnel/trust.go b/pkg/domain/infra/tunnel/trust.go new file mode 100644 index 000000000..a976bfdc2 --- /dev/null +++ b/pkg/domain/infra/tunnel/trust.go @@ -0,0 +1,16 @@ +package tunnel + +import ( + "context" + "errors" + + "github.com/containers/libpod/pkg/domain/entities" +) + +func (ir *ImageEngine) ShowTrust(ctx context.Context, args []string, options entities.ShowTrustOptions) (*entities.ShowTrustReport, error) { + return nil, errors.New("not implemented") +} + +func (ir *ImageEngine) SetTrust(ctx context.Context, args []string, options entities.SetTrustOptions) error { + return errors.New("not implemented") +} diff --git a/pkg/specgen/generate/container.go b/pkg/specgen/generate/container.go index 92a2b4d35..e4bd2991a 100644 --- a/pkg/specgen/generate/container.go +++ b/pkg/specgen/generate/container.go @@ -9,6 +9,7 @@ import ( envLib "github.com/containers/libpod/pkg/env" "github.com/containers/libpod/pkg/signal" "github.com/containers/libpod/pkg/specgen" + "github.com/pkg/errors" "golang.org/x/sys/unix" ) @@ -48,24 +49,28 @@ func CompleteSpec(ctx context.Context, r *libpod.Runtime, s *specgen.SpecGenerat s.StopSignal = &sig } + rtc, err := r.GetConfig() + if err != nil { + return err + } + // Get Default Environment + defaultEnvs, err := envLib.ParseSlice(rtc.Containers.Env) + if err != nil { + return errors.Wrap(err, "Env fields in containers.conf failed to parse") + } + // Image envs from the image if they don't exist - // already - env, err := newImage.Env(ctx) + // already, overriding the default environments + imageEnvs, err := newImage.Env(ctx) if err != nil { return err } - if len(env) > 0 { - envs, err := envLib.ParseSlice(env) - if err != nil { - return err - } - for k, v := range envs { - if _, exists := s.Env[k]; !exists { - s.Env[v] = k - } - } + envs, err := envLib.ParseSlice(imageEnvs) + if err != nil { + return errors.Wrap(err, "Env fields from image failed to parse") } + s.Env = envLib.Join(envLib.Join(defaultEnvs, envs), s.Env) labels, err := newImage.Labels(ctx) if err != nil { diff --git a/pkg/specgen/specgen.go b/pkg/specgen/specgen.go index 4ad6dd6fb..bb01a5d14 100644 --- a/pkg/specgen/specgen.go +++ b/pkg/specgen/specgen.go @@ -47,6 +47,7 @@ type ContainerBasicConfig struct { // Optional. Env map[string]string `json:"env,omitempty"` // Terminal is whether the container will create a PTY. + // Optional. Terminal bool `json:"terminal,omitempty"` // Stdin is whether the container will keep its STDIN open. Stdin bool `json:"stdin,omitempty"` diff --git a/pkg/trust/config.go b/pkg/trust/config.go new file mode 100644 index 000000000..0bafc722b --- /dev/null +++ b/pkg/trust/config.go @@ -0,0 +1,12 @@ +package trust + +// Trust Policy describes a basic trust policy configuration +type TrustPolicy struct { + Name string `json:"name"` + RepoName string `json:"repo_name,omitempty"` + Keys []string `json:"keys,omitempty"` + SignatureStore string `json:"sigstore"` + Transport string `json:"transport"` + Type string `json:"type"` + GPGId string `json:"gpg_id,omitempty"` +} diff --git a/test/e2e/build_test.go b/test/e2e/build_test.go index 76651283a..9e41fd231 100644 --- a/test/e2e/build_test.go +++ b/test/e2e/build_test.go @@ -177,7 +177,6 @@ var _ = Describe("Podman build", func() { }) It("podman Test PATH in built image", func() { - Skip(v2fail) // Run error - we don't set data from the image (i.e., PATH) yet path := "/tmp:/bin:/usr/bin:/usr/sbin" session := podmanTest.PodmanNoCache([]string{ "build", "-f", "build/basicalpine/Containerfile.path", "-t", "test-path", diff --git a/test/e2e/manifest_test.go b/test/e2e/manifest_test.go index be6919bdc..f622bf042 100644 --- a/test/e2e/manifest_test.go +++ b/test/e2e/manifest_test.go @@ -2,6 +2,8 @@ package integration import ( "os" + "path/filepath" + "strings" . "github.com/containers/libpod/test/utils" . "github.com/onsi/ginkgo" @@ -114,4 +116,90 @@ var _ = Describe("Podman manifest", func() { Expect(session.ExitCode()).To(Equal(0)) Expect(session.OutputToString()).To(ContainSubstring(`"architecture": "bar"`)) }) + + It("podman manifest remove", func() { + session := podmanTest.Podman([]string{"manifest", "create", "foo"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + session = podmanTest.Podman([]string{"manifest", "add", "--all", "foo", imageList}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + session = podmanTest.Podman([]string{"manifest", "inspect", "foo"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + Expect(session.OutputToString()).To(ContainSubstring(imageListARM64InstanceDigest)) + session = podmanTest.Podman([]string{"manifest", "remove", "foo", imageListARM64InstanceDigest}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + session = podmanTest.Podman([]string{"manifest", "inspect", "foo"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + Expect(session.OutputToString()).To(ContainSubstring(imageListAMD64InstanceDigest)) + Expect(session.OutputToString()).To(ContainSubstring(imageListARMInstanceDigest)) + Expect(session.OutputToString()).To(ContainSubstring(imageListPPC64LEInstanceDigest)) + Expect(session.OutputToString()).To(ContainSubstring(imageListS390XInstanceDigest)) + Expect(session.OutputToString()).To(Not(ContainSubstring(imageListARM64InstanceDigest))) + }) + + It("podman manifest remove not-found", func() { + session := podmanTest.Podman([]string{"manifest", "create", "foo"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + session = podmanTest.Podman([]string{"manifest", "add", "foo", imageList}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + session = podmanTest.Podman([]string{"manifest", "remove", "foo", "sha256:0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Not(Equal(0))) + }) + + It("podman manifest push", func() { + session := podmanTest.Podman([]string{"manifest", "create", "foo"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + session = podmanTest.Podman([]string{"manifest", "add", "--all", "foo", imageList}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + dest := filepath.Join(podmanTest.TempDir, "pushed") + err := os.MkdirAll(dest, os.ModePerm) + Expect(err).To(BeNil()) + defer func() { + os.RemoveAll(dest) + }() + session = podmanTest.Podman([]string{"manifest", "push", "--all", "foo", "dir:" + dest}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + files, err := filepath.Glob(dest + string(os.PathSeparator) + "*") + Expect(err).To(BeNil()) + check := SystemExec("sha256sum", files) + check.WaitWithDefaultTimeout() + Expect(check.ExitCode()).To(Equal(0)) + prefix := "sha256:" + Expect(check.OutputToString()).To(ContainSubstring(strings.TrimPrefix(imageListAMD64InstanceDigest, prefix))) + Expect(check.OutputToString()).To(ContainSubstring(strings.TrimPrefix(imageListARMInstanceDigest, prefix))) + Expect(check.OutputToString()).To(ContainSubstring(strings.TrimPrefix(imageListPPC64LEInstanceDigest, prefix))) + Expect(check.OutputToString()).To(ContainSubstring(strings.TrimPrefix(imageListS390XInstanceDigest, prefix))) + Expect(check.OutputToString()).To(ContainSubstring(strings.TrimPrefix(imageListARM64InstanceDigest, prefix))) + }) + + It("podman manifest push purge", func() { + session := podmanTest.Podman([]string{"manifest", "create", "foo"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + session = podmanTest.Podman([]string{"manifest", "add", "foo", imageList}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + dest := filepath.Join(podmanTest.TempDir, "pushed") + err := os.MkdirAll(dest, os.ModePerm) + Expect(err).To(BeNil()) + defer func() { + os.RemoveAll(dest) + }() + session = podmanTest.Podman([]string{"manifest", "push", "--purge", "foo", "dir:" + dest}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + session = podmanTest.Podman([]string{"manifest", "inspect", "foo"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Not(Equal(0))) + }) }) diff --git a/test/e2e/port_test.go b/test/e2e/port_test.go index ce31c9ad2..5bb86d558 100644 --- a/test/e2e/port_test.go +++ b/test/e2e/port_test.go @@ -20,7 +20,6 @@ var _ = Describe("Podman port", func() { ) BeforeEach(func() { - Skip(v2fail) tempdir, err = CreateTempDirInTempDir() if err != nil { os.Exit(1) diff --git a/test/e2e/run_env_test.go b/test/e2e/run_env_test.go index 867913a08..2adf21171 100644 --- a/test/e2e/run_env_test.go +++ b/test/e2e/run_env_test.go @@ -91,7 +91,8 @@ var _ = Describe("Podman run", func() { Expect(match).Should(BeTrue()) }) - It("podman run --host-env environment test", func() { + It("podman run --env-host environment test", func() { + SkipIfRemote() env := append(os.Environ(), "FOO=BAR") session := podmanTest.PodmanAsUser([]string{"run", "--rm", "--env-host", ALPINE, "/bin/printenv", "FOO"}, 0, 0, "", env) @@ -109,6 +110,7 @@ var _ = Describe("Podman run", func() { }) It("podman run --http-proxy test", func() { + SkipIfRemote() os.Setenv("http_proxy", "1.2.3.4") session := podmanTest.Podman([]string{"run", "--rm", ALPINE, "printenv", "http_proxy"}) session.WaitWithDefaultTimeout() diff --git a/test/e2e/trust_test.go b/test/e2e/trust_test.go index 2da370194..8c97e6b28 100644 --- a/test/e2e/trust_test.go +++ b/test/e2e/trust_test.go @@ -21,7 +21,6 @@ var _ = Describe("Podman trust", func() { ) BeforeEach(func() { - Skip(v2fail) tempdir, err = CreateTempDirInTempDir() if err != nil { os.Exit(1) |