diff options
31 files changed, 1070 insertions, 404 deletions
diff --git a/cmd/podman/pull.go b/cmd/podman/pull.go index 5726b20f1..c19e6715b 100644 --- a/cmd/podman/pull.go +++ b/cmd/podman/pull.go @@ -1,16 +1,14 @@ package main import ( - "fmt" "io" "os" - "golang.org/x/crypto/ssh/terminal" - "github.com/containers/image/types" "github.com/pkg/errors" "github.com/projectatomic/libpod/libpod" "github.com/projectatomic/libpod/libpod/common" + "github.com/projectatomic/libpod/pkg/util" "github.com/sirupsen/logrus" "github.com/urfave/cli" ) @@ -80,19 +78,11 @@ func pullCmd(c *cli.Context) error { image := args[0] var registryCreds *types.DockerAuthConfig - if c.String("creds") != "" { - creds, err := common.ParseRegistryCreds(c.String("creds")) + + if c.IsSet("creds") { + creds, err := util.ParseRegistryCreds(c.String("creds")) if err != nil { - if err == common.ErrNoPassword { - fmt.Print("Password: ") - password, err := terminal.ReadPassword(0) - if err != nil { - return errors.Wrapf(err, "could not read password from terminal") - } - creds.Password = string(password) - } else { - return err - } + return err } registryCreds = creds } diff --git a/cmd/podman/push.go b/cmd/podman/push.go index 69d6e6629..2f0d73ffa 100644 --- a/cmd/podman/push.go +++ b/cmd/podman/push.go @@ -13,8 +13,8 @@ import ( "github.com/pkg/errors" "github.com/projectatomic/libpod/libpod" "github.com/projectatomic/libpod/libpod/common" + "github.com/projectatomic/libpod/pkg/util" "github.com/urfave/cli" - "golang.org/x/crypto/ssh/terminal" ) var ( @@ -97,25 +97,15 @@ func pushCmd(c *cli.Context) error { } } - registryCredsString := c.String("creds") certPath := c.String("cert-dir") skipVerify := !c.BoolT("tls-verify") removeSignatures := c.Bool("remove-signatures") signBy := c.String("sign-by") - if registryCredsString != "" { - creds, err := common.ParseRegistryCreds(registryCredsString) + if c.IsSet("creds") { + creds, err := util.ParseRegistryCreds(c.String("creds")) if err != nil { - if err == common.ErrNoPassword { - fmt.Print("Password: ") - password, err := terminal.ReadPassword(0) - if err != nil { - return errors.Wrapf(err, "could not read password from terminal") - } - creds.Password = string(password) - } else { - return err - } + return err } registryCreds = creds } diff --git a/docs/podman-build.1.md b/docs/podman-build.1.md index 61c8d8aaa..d4e9af175 100644 --- a/docs/podman-build.1.md +++ b/docs/podman-build.1.md @@ -38,7 +38,8 @@ resulting image's configuration. **--cert-dir** *path* -Use certificates at *path* (*.crt, *.cert, *.key) to connect to the registry +Use certificates at *path* (*.crt, *.cert, *.key) to connect to the registry. +Default certificates directory is _/etc/containers/certs.d_. **--creds** *creds* diff --git a/docs/podman-login.1.md b/docs/podman-login.1.md index fcf32870a..b22a02553 100644 --- a/docs/podman-login.1.md +++ b/docs/podman-login.1.md @@ -38,7 +38,8 @@ Username for registry Path of the authentication file. Default is ${XDG_\RUNTIME\_DIR}/containers/auth.json **--cert-dir** -Pathname of a directory containing TLS certificates and keys used to connect to the registry +Pathname of a directory containing TLS certificates and keys used to connect to the registry. +Default certificates directory is _/etc/containers/certs.d_. **--tls-verify** Require HTTPS and verify certificates when contacting registries (default: true) diff --git a/docs/podman-pull.1.md b/docs/podman-pull.1.md index b1212ee6b..1a1611fd0 100644 --- a/docs/podman-pull.1.md +++ b/docs/podman-pull.1.md @@ -61,11 +61,14 @@ If the authorization state is not found there, $HOME/.docker/config.json is chec **--cert-dir** -Pathname of a directory containing TLS certificates and keys +Pathname of a directory containing TLS certificates and keys. +Default certificates directory is _/etc/containers/certs.d_. **--creds** -Credentials (USERNAME:PASSWORD) to use for authenticating to a registry +The [username[:password]] to use to authenticate with the registry if required. +If one or both values are not supplied, a command line prompt will appear and the +value can be entered. The password is entered without echo. **--quiet, -q** diff --git a/docs/podman-push.1.md b/docs/podman-push.1.md index 63c75ea36..964758da6 100644 --- a/docs/podman-push.1.md +++ b/docs/podman-push.1.md @@ -53,11 +53,14 @@ If the authorization state is not found there, $HOME/.docker/config.json is chec **--creds="CREDENTIALS"** -Credentials (USERNAME:PASSWORD) to use for authenticating to a registry +The [username[:password]] to use to authenticate with the registry if required. +If one or both values are not supplied, a command line prompt will appear and the +value can be entered. The password is entered without echo. **cert-dir="PATHNAME"** -Pathname of a directory containing TLS certificates and keys +Pathname of a directory containing TLS certificates and keys. +Default certificates directory is _/etc/containers/certs.d_. **--compress** diff --git a/libpod/common/common.go b/libpod/common/common.go index 6af3cd232..932f1f6da 100644 --- a/libpod/common/common.go +++ b/libpod/common/common.go @@ -2,17 +2,9 @@ package common import ( "io" - "strings" - "syscall" cp "github.com/containers/image/copy" "github.com/containers/image/types" - "github.com/pkg/errors" -) - -var ( - // ErrNoPassword is returned if the user did not supply a password - ErrNoPassword = errors.Wrapf(syscall.EINVAL, "password was not supplied") ) // GetCopyOptions constructs a new containers/image/copy.Options{} struct from the given parameters @@ -60,23 +52,3 @@ func IsFalse(str string) bool { func IsValidBool(str string) bool { return IsTrue(str) || IsFalse(str) } - -// ParseRegistryCreds takes a credentials string in the form USERNAME:PASSWORD -// and returns a DockerAuthConfig -func ParseRegistryCreds(creds string) (*types.DockerAuthConfig, error) { - if creds == "" { - return nil, errors.New("no credentials supplied") - } - if !strings.Contains(creds, ":") { - return &types.DockerAuthConfig{ - Username: creds, - Password: "", - }, ErrNoPassword - } - v := strings.SplitN(creds, ":", 2) - cfg := &types.DockerAuthConfig{ - Username: v[0], - Password: v[1], - } - return cfg, nil -} diff --git a/libpod/container_api.go b/libpod/container_api.go index 3e1d600a8..3693ab78b 100644 --- a/libpod/container_api.go +++ b/libpod/container_api.go @@ -524,8 +524,8 @@ func (c *Container) Pause() error { if c.state.State == ContainerStatePaused { return errors.Wrapf(ErrCtrStateInvalid, "%q is already paused", c.ID()) } - if c.state.State != ContainerStateRunning && c.state.State != ContainerStateCreated { - return errors.Wrapf(ErrCtrStateInvalid, "%q is not running/created, can't pause", c.state.State) + if c.state.State != ContainerStateRunning { + return errors.Wrapf(ErrCtrStateInvalid, "%q is not running, can't pause", c.state.State) } if err := c.runtime.ociRuntime.pauseContainer(c); err != nil { return err diff --git a/package_specs/podman.spec b/package_specs/podman.spec new file mode 100644 index 000000000..215e45e7b --- /dev/null +++ b/package_specs/podman.spec @@ -0,0 +1,464 @@ +# If any of the following macros should be set otherwise, +# you can wrap any of them with the following conditions: +# - %%if 0%%{centos} == 7 +# - %%if 0%%{?rhel} == 7 +# - %%if 0%%{?fedora} == 23 +# Or just test for particular distribution: +# - %%if 0%%{centos} +# - %%if 0%%{?rhel} +# - %%if 0%%{?fedora} +# +# Be aware, on centos, both %%rhel and %%centos are set. If you want to test +# rhel specific macros, you can use %%if 0%%{?rhel} && 0%%{?centos} == 0 condition. +# (Don't forget to replace double percentage symbol with single one in order to apply a condition) + +# Generate devel rpm +%global with_devel 0 +# Build project from bundled dependencies +%global with_bundled 1 +# Build with debug info rpm +%global with_debug 1 +# Run tests in check section +%global with_check 0 +# Generate unit-test rpm +%global with_unit_test 0 + +%if 0%{?with_debug} +%global _dwz_low_mem_die_limit 0 +%else +%global debug_package %{nil} +%endif + +# %if ! 0% {?gobuild:1} +%define gobuild(o:) go build -tags="$BUILDTAGS selinux seccomp" -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n')" -a -v -x %{?**}; +#% endif + +%global provider github +%global provider_tld com +%global project projectatomic +%global repo libpod +# https://github.com/projectatomic/libpod +%global provider_prefix %{provider}.%{provider_tld}/%{project}/%{repo} +%global import_path %{provider_prefix} +%global commit 367213a3943961126c6f7c1dce45c7fafea9e6b2 +%global shortcommit %(c=%{commit}; echo ${c:0:7}) + +Name: podman +Version: 0 +Release: 0.3.git%{shortcommit}%{?dist} +Summary: Manage Pods, Containers and Container Images +License: ASL 2.0 +URL: https://%{provider_prefix} +Source0: https://%{provider_prefix}/archive/%{commit}/%{repo}-%{shortcommit}.tar.gz + +# e.g. el6 has ppc64 arch without gcc-go, so EA tag is required +#ExclusiveArch: %%{?go_arches:%%{go_arches}}%%{!?go_arches:%%{ix86} x86_64 aarch64 %%{arm}} +ExclusiveArch: x86_64 +# If go_compiler is not set to 1, there is no virtual provide. Use golang instead. +BuildRequires: %{?go_compiler:compiler(go-compiler)}%{!?go_compiler:golang} +BuildRequires: btrfs-progs-devel +BuildRequires: device-mapper-devel +BuildRequires: glib2-devel +BuildRequires: glibc-devel +BuildRequires: glibc-static +BuildRequires: git +BuildRequires: go-md2man +BuildRequires: gpgme-devel +BuildRequires: libassuan-devel +BuildRequires: libgpg-error-devel +BuildRequires: libseccomp-devel +BuildRequires: libselinux-devel +BuildRequires: pkgconfig +BuildRequires: runc +BuildRequires: skopeo-containers +Requires: runc +Requires: skopeo-containers +Requires: conmon + +# vendored libraries +# awk '{print "Provides: bundled(golang("$1")) = "$2}' containerd-*/vendor.conf | sort +# [thanks to Carl George <carl@george.computer> for containerd.spec] +Provides: bundled(golang(github.com/asaskevich/govalidator)) = v6 +Provides: bundled(golang(github.com/Azure/go-ansiterm)) = 19f72df4d05d31cbe1c56bfc8045c96babff6c7e +Provides: bundled(golang(github.com/beorn7/perks)) = 3ac7bf7a47d159a033b107610db8a1b6575507a4 +Provides: bundled(golang(github.com/blang/semver)) = v3.5.0 +Provides: bundled(golang(github.com/buger/goterm)) = 2f8dfbc7dbbff5dd1d391ed91482c24df243b2d3 +Provides: bundled(golang(github.com/BurntSushi/toml)) = v0.2.0 +Provides: bundled(golang(github.com/containerd/cgroups)) = 7a5fdd8330119dc70d850260db8f3594d89d6943 +Provides: bundled(golang(github.com/containerd/continuity)) = master +Provides: bundled(golang(github.com/containernetworking/cni)) = v0.4.0 +Provides: bundled(golang(github.com/containers/image)) = 9b4510f6d1627c8e53c3303a8fe48ca7842c2ace +Provides: bundled(golang(github.com/containers/storage)) = 1824cf917a6b42d8c41179e807bb20a5fd6c0f0a +Provides: bundled(golang(github.com/coreos/go-systemd)) = v14 +Provides: bundled(golang(github.com/coreos/pkg)) = v3 +Provides: bundled(golang(github.com/davecgh/go-spew)) = v1.1.0 +Provides: bundled(golang(github.com/dgrijalva/jwt-go)) = v3.0.0 +Provides: bundled(golang(github.com/docker/distribution)) = 7a8efe719e55bbfaff7bc5718cdf0ed51ca821df +Provides: bundled(golang(github.com/docker/docker)) = ce452fb72ffcdb7605ce98bde9302238f47c63c5 +Provides: bundled(golang(github.com/docker/docker-credential-helpers)) = d68f9aeca33f5fd3f08eeae5e9d175edf4e731d1 +Provides: bundled(golang(github.com/docker/go-connections)) = 3ede32e2033de7505e6500d6c868c2b9ed9f169d +Provides: bundled(golang(github.com/docker/go-units)) = v0.3.2 +Provides: bundled(golang(github.com/docker/libtrust)) = aabc10ec26b754e797f9028f4589c5b7bd90dc20 +Provides: bundled(golang(github.com/docker/spdystream)) = ed496381df8283605c435b86d4fdd6f4f20b8c6e +Provides: bundled(golang(github.com/emicklei/go-restful)) = ff4f55a206334ef123e4f79bbf348980da81ca46 +Provides: bundled(golang(github.com/emicklei/go-restful-swagger12)) = 1.0.1 +Provides: bundled(golang(github.com/exponent-io/jsonpath)) = d6023ce2651d8eafb5c75bb0c7167536102ec9f5 +Provides: bundled(golang(github.com/fatih/camelcase)) = f6a740d52f961c60348ebb109adde9f4635d7540 +Provides: bundled(golang(github.com/ghodss/yaml)) = 04f313413ffd65ce25f2541bfd2b2ceec5c0908c +Provides: bundled(golang(github.com/godbus/dbus)) = a389bdde4dd695d414e47b755e95e72b7826432c +Provides: bundled(golang(github.com/gogo/protobuf)) = v0.3 +Provides: bundled(golang(github.com/golang/glog)) = 23def4e6c14b4da8ac2ed8007337bc5eb5007998 +Provides: bundled(golang(github.com/golang/groupcache)) = b710c8433bd175204919eb38776e944233235d03 +Provides: bundled(golang(github.com/golang/protobuf)) = 748d386b5c1ea99658fd69fe9f03991ce86a90c1 +Provides: bundled(golang(github.com/google/gofuzz)) = 44d81051d367757e1c7c6a5a86423ece9afcf63c +Provides: bundled(golang(github.com/go-openapi/analysis)) = b44dc874b601d9e4e2f6e19140e794ba24bead3b +Provides: bundled(golang(github.com/go-openapi/errors)) = d24ebc2075bad502fac3a8ae27aa6dd58e1952dc +Provides: bundled(golang(github.com/go-openapi/jsonpointer)) = 779f45308c19820f1a69e9a4cd965f496e0da10f +Provides: bundled(golang(github.com/go-openapi/jsonreference)) = 36d33bfe519efae5632669801b180bf1a245da3b +Provides: bundled(golang(github.com/go-openapi/loads)) = 18441dfa706d924a39a030ee2c3b1d8d81917b38 +Provides: bundled(golang(github.com/go-openapi/spec)) = 6aced65f8501fe1217321abf0749d354824ba2ff +Provides: bundled(golang(github.com/go-openapi/strfmt)) = 93a31ef21ac23f317792fff78f9539219dd74619 +Provides: bundled(golang(github.com/go-openapi/swag)) = 1d0bd113de87027671077d3c71eb3ac5d7dbba72 +Provides: bundled(golang(github.com/gorilla/context)) = v1.1 +Provides: bundled(golang(github.com/gorilla/mux)) = v1.3.0 +Provides: bundled(golang(github.com/hashicorp/errwrap)) = 7554cd9344cec97297fa6649b055a8c98c2a1e55 +Provides: bundled(golang(github.com/hashicorp/golang-lru)) = 0a025b7e63adc15a622f29b0b2c4c3848243bbf6 +Provides: bundled(golang(github.com/hashicorp/go-multierror)) = 83588e72410abfbe4df460eeb6f30841ae47d4c4 +Provides: bundled(golang(github.com/hpcloud/tail)) = v1.0.0 +Provides: bundled(golang(github.com/imdario/mergo)) = 0.2.2 +Provides: bundled(golang(github.com/juju/ratelimit)) = 5b9ff866471762aa2ab2dced63c9fb6f53921342 +Provides: bundled(golang(github.com/kr/pty)) = v1.0.0 +Provides: bundled(golang(github.com/mailru/easyjson)) = 99e922cf9de1bc0ab38310c277cff32c2147e747 +Provides: bundled(golang(github.com/mattn/go-runewidth)) = v0.0.1 +Provides: bundled(golang(github.com/matttproud/golang_protobuf_extensions)) = fc2b8d3a73c4867e51861bbdd5ae3c1f0869dd6a +Provides: bundled(golang(github.com/Microsoft/go-winio)) = 78439966b38d69bf38227fbf57ac8a6fee70f69a +Provides: bundled(golang(github.com/Microsoft/hcsshim)) = 43f9725307998e09f2e3816c2c0c36dc98f0c982 +Provides: bundled(golang(github.com/mistifyio/go-zfs)) = v2.1.1 +Provides: bundled(golang(github.com/mitchellh/mapstructure)) = d0303fe809921458f417bcf828397a65db30a7e4 +Provides: bundled(golang(github.com/mrunalp/fileutils)) = master +Provides: bundled(golang(github.com/mtrmac/gpgme)) = b2432428689ca58c2b8e8dea9449d3295cf96fc9 +Provides: bundled(golang(github.com/opencontainers/go-digest)) = v1.0.0-rc0 +Provides: bundled(golang(github.com/opencontainers/image-spec)) = v1.0.0 +Provides: bundled(golang(github.com/opencontainers/runc)) = 45bde006ca8c90e089894508708bcf0e2cdf9e13 +Provides: bundled(golang(github.com/opencontainers/runtime-spec)) = v1.0.0 +Provides: bundled(golang(github.com/opencontainers/runtime-tools)) = 625e2322645b151a7cbb93a8b42920933e72167f +Provides: bundled(golang(github.com/opencontainers/selinux)) = b29023b86e4a69d1b46b7e7b4e2b6fda03f0b9cd +Provides: bundled(golang(github.com/ostreedev/ostree-go)) = master +Provides: bundled(golang(github.com/pkg/errors)) = v0.8.0 +Provides: bundled(golang(github.com/pmezard/go-difflib)) = 792786c7400a136282c1664665ae0a8db921c6c2 +Provides: bundled(golang(github.com/pquerna/ffjson)) = d49c2bc1aa135aad0c6f4fc2056623ec78f5d5ac +Provides: bundled(golang(github.com/prometheus/client_golang)) = e7e903064f5e9eb5da98208bae10b475d4db0f8c +Provides: bundled(golang(github.com/prometheus/client_model)) = fa8ad6fec33561be4280a8f0514318c79d7f6cb6 +Provides: bundled(golang(github.com/prometheus/common)) = 13ba4ddd0caa9c28ca7b7bffe1dfa9ed8d5ef207 +Provides: bundled(golang(github.com/prometheus/procfs)) = 65c1f6f8f0fc1e2185eb9863a3bc751496404259 +Provides: bundled(golang(github.com/PuerkitoBio/purell)) = v1.1.0 +Provides: bundled(golang(github.com/PuerkitoBio/urlesc)) = 5bd2802263f21d8788851d5305584c82a5c75d7e +Provides: bundled(golang(github.com/renstrom/dedent)) = v1.0.0 +Provides: bundled(golang(github.com/seccomp/libseccomp-golang)) = v0.9.0 +Provides: bundled(golang(github.com/sirupsen/logrus)) = v1.0.0 +Provides: bundled(golang(github.com/spf13/pflag)) = 9ff6c6923cfffbcd502984b8e0c80539a94968b7 +Provides: bundled(golang(github.com/stretchr/testify)) = 4d4bfba8f1d1027c4fdbe371823030df51419987 +Provides: bundled(golang(github.com/syndtr/gocapability)) = e7cb7fa329f456b3855136a2642b197bad7366ba +Provides: bundled(golang(github.com/tchap/go-patricia)) = v2.2.6 +Provides: bundled(golang(github.com/ugorji/go)) = d23841a297e5489e787e72fceffabf9d2994b52a +Provides: bundled(golang(github.com/urfave/cli)) = 39908eb08fee7c10d842622a114a5c133fb0a3c6 +Provides: bundled(golang(github.com/vbatts/tar-split)) = v0.10.2 +Provides: bundled(golang(github.com/vishvananda/netlink)) = master +Provides: bundled(golang(github.com/vishvananda/netns)) = master +Provides: bundled(golang(github.com/xeipuuv/gojsonpointer)) = master +Provides: bundled(golang(github.com/xeipuuv/gojsonreference)) = master +Provides: bundled(golang(github.com/xeipuuv/gojsonschema)) = master +Provides: bundled(golang(golang.org/x/crypto)) = 3fbbcd23f1cb824e69491a5930cfeff09b12f4d2 +Provides: bundled(golang(golang.org/x/net)) = c427ad74c6d7a814201695e9ffde0c5d400a7674 +Provides: bundled(golang(golang.org/x/sys)) = 9aade4d3a3b7e6d876cd3823ad20ec45fc035402 +Provides: bundled(golang(golang.org/x/text)) = f72d8390a633d5dfb0cc84043294db9f6c935756 +Provides: bundled(golang(google.golang.org/grpc)) = v1.0.4 +Provides: bundled(golang(gopkg.in/cheggaaa/pb.v1)) = v1.0.7 +Provides: bundled(golang(gopkg.in/fsnotify.v1)) = v1.4.2 +Provides: bundled(golang(gopkg.in/inf.v0)) = v0.9.0 +Provides: bundled(golang(gopkg.in/mgo.v2)) = v2 +Provides: bundled(golang(gopkg.in/tomb.v1)) = v1 +Provides: bundled(golang(gopkg.in/yaml.v2)) = v2 + +%description +%{summary} +libpod provides a library for applications looking to use +the Container Pod concept popularized by Kubernetes. + +%if 0%{?with_devel} +%package -n libpod-devel +Summary: Library for applications looking to use Container Pods +BuildArch: noarch + +%if 0%{?with_check} && ! 0%{?with_bundled} +BuildRequires: golang(github.com/BurntSushi/toml) +BuildRequires: golang(github.com/containerd/cgroups) +BuildRequires: golang(github.com/containernetworking/plugins/pkg/ns) +BuildRequires: golang(github.com/containers/image/copy) +BuildRequires: golang(github.com/containers/image/directory) +BuildRequires: golang(github.com/containers/image/docker) +BuildRequires: golang(github.com/containers/image/docker/archive) +BuildRequires: golang(github.com/containers/image/docker/reference) +BuildRequires: golang(github.com/containers/image/docker/tarfile) +BuildRequires: golang(github.com/containers/image/image) +BuildRequires: golang(github.com/containers/image/oci/archive) +BuildRequires: golang(github.com/containers/image/pkg/strslice) +BuildRequires: golang(github.com/containers/image/pkg/sysregistries) +BuildRequires: golang(github.com/containers/image/signature) +BuildRequires: golang(github.com/containers/image/storage) +BuildRequires: golang(github.com/containers/image/tarball) +BuildRequires: golang(github.com/containers/image/transports/alltransports) +BuildRequires: golang(github.com/containers/image/types) +BuildRequires: golang(github.com/containers/storage) +BuildRequires: golang(github.com/containers/storage/pkg/archive) +BuildRequires: golang(github.com/containers/storage/pkg/idtools) +BuildRequires: golang(github.com/containers/storage/pkg/reexec) +BuildRequires: golang(github.com/coreos/go-systemd/dbus) +BuildRequires: golang(github.com/cri-o/ocicni/pkg/ocicni) +BuildRequires: golang(github.com/docker/distribution/reference) +BuildRequires: golang(github.com/docker/docker/daemon/caps) +BuildRequires: golang(github.com/docker/docker/pkg/mount) +BuildRequires: golang(github.com/docker/docker/pkg/namesgenerator) +BuildRequires: golang(github.com/docker/docker/pkg/stringid) +BuildRequires: golang(github.com/docker/docker/pkg/system) +BuildRequires: golang(github.com/docker/docker/pkg/term) +BuildRequires: golang(github.com/docker/docker/pkg/truncindex) +BuildRequires: golang(github.com/ghodss/yaml) +BuildRequires: golang(github.com/godbus/dbus) +BuildRequires: golang(github.com/mattn/go-sqlite3) +BuildRequires: golang(github.com/mrunalp/fileutils) +BuildRequires: golang(github.com/opencontainers/go-digest) +BuildRequires: golang(github.com/opencontainers/image-spec/specs-go/v1) +BuildRequires: golang(github.com/opencontainers/runc/libcontainer) +BuildRequires: golang(github.com/opencontainers/runtime-spec/specs-go) +BuildRequires: golang(github.com/opencontainers/runtime-tools/generate) +BuildRequires: golang(github.com/opencontainers/selinux/go-selinux) +BuildRequires: golang(github.com/opencontainers/selinux/go-selinux/label) +BuildRequires: golang(github.com/pkg/errors) +BuildRequires: golang(github.com/sirupsen/logrus) +BuildRequires: golang(github.com/ulule/deepcopier) +BuildRequires: golang(golang.org/x/crypto/ssh/terminal) +BuildRequires: golang(golang.org/x/sys/unix) +BuildRequires: golang(k8s.io/apimachinery/pkg/util/wait) +BuildRequires: golang(k8s.io/client-go/tools/remotecommand) +BuildRequires: golang(k8s.io/kubernetes/pkg/kubelet/container) +%endif + +Requires: golang(github.com/BurntSushi/toml) +Requires: golang(github.com/containerd/cgroups) +Requires: golang(github.com/containernetworking/plugins/pkg/ns) +Requires: golang(github.com/containers/image/copy) +Requires: golang(github.com/containers/image/directory) +Requires: golang(github.com/containers/image/docker) +Requires: golang(github.com/containers/image/docker/archive) +Requires: golang(github.com/containers/image/docker/reference) +Requires: golang(github.com/containers/image/docker/tarfile) +Requires: golang(github.com/containers/image/image) +Requires: golang(github.com/containers/image/oci/archive) +Requires: golang(github.com/containers/image/pkg/strslice) +Requires: golang(github.com/containers/image/pkg/sysregistries) +Requires: golang(github.com/containers/image/signature) +Requires: golang(github.com/containers/image/storage) +Requires: golang(github.com/containers/image/tarball) +Requires: golang(github.com/containers/image/transports/alltransports) +Requires: golang(github.com/containers/image/types) +Requires: golang(github.com/containers/storage) +Requires: golang(github.com/containers/storage/pkg/archive) +Requires: golang(github.com/containers/storage/pkg/idtools) +Requires: golang(github.com/containers/storage/pkg/reexec) +Requires: golang(github.com/coreos/go-systemd/dbus) +Requires: golang(github.com/cri-o/ocicni/pkg/ocicni) +Requires: golang(github.com/docker/distribution/reference) +Requires: golang(github.com/docker/docker/daemon/caps) +Requires: golang(github.com/docker/docker/pkg/mount) +Requires: golang(github.com/docker/docker/pkg/namesgenerator) +Requires: golang(github.com/docker/docker/pkg/stringid) +Requires: golang(github.com/docker/docker/pkg/system) +Requires: golang(github.com/docker/docker/pkg/term) +Requires: golang(github.com/docker/docker/pkg/truncindex) +Requires: golang(github.com/ghodss/yaml) +Requires: golang(github.com/godbus/dbus) +Requires: golang(github.com/mattn/go-sqlite3) +Requires: golang(github.com/mrunalp/fileutils) +Requires: golang(github.com/opencontainers/go-digest) +Requires: golang(github.com/opencontainers/image-spec/specs-go/v1) +Requires: golang(github.com/opencontainers/runc/libcontainer) +Requires: golang(github.com/opencontainers/runtime-spec/specs-go) +Requires: golang(github.com/opencontainers/runtime-tools/generate) +Requires: golang(github.com/opencontainers/selinux/go-selinux) +Requires: golang(github.com/opencontainers/selinux/go-selinux/label) +Requires: golang(github.com/pkg/errors) +Requires: golang(github.com/sirupsen/logrus) +Requires: golang(github.com/ulule/deepcopier) +Requires: golang(golang.org/x/crypto/ssh/terminal) +Requires: golang(golang.org/x/sys/unix) +Requires: golang(k8s.io/apimachinery/pkg/util/wait) +Requires: golang(k8s.io/client-go/tools/remotecommand) +Requires: golang(k8s.io/kubernetes/pkg/kubelet/container) + +Provides: golang(%{import_path}/cmd/%{name}/docker) = %{version}-%{release} +Provides: golang(%{import_path}/cmd/%{name}/formats) = %{version}-%{release} +Provides: golang(%{import_path}/libkpod) = %{version}-%{release} +Provides: golang(%{import_path}/libpod) = %{version}-%{release} +Provides: golang(%{import_path}/libpod/common) = %{version}-%{release} +Provides: golang(%{import_path}/libpod/driver) = %{version}-%{release} +Provides: golang(%{import_path}/libpod/layers) = %{version}-%{release} +Provides: golang(%{import_path}/pkg/annotations) = %{version}-%{release} +Provides: golang(%{import_path}/pkg/chrootuser) = %{version}-%{release} +Provides: golang(%{import_path}/pkg/registrar) = %{version}-%{release} +Provides: golang(%{import_path}/pkg/storage) = %{version}-%{release} +Provides: golang(%{import_path}/utils) = %{version}-%{release} + +%description -n libpod-devel +%{summary} + +This package contains library source intended for +building other packages which use import path with +%{import_path} prefix. +%endif + +%if 0%{?with_unit_test} && 0%{?with_devel} +%package unit-test-devel +Summary: Unit tests for %{name} package +%if 0%{?with_check} +#Here comes all BuildRequires: PACKAGE the unit tests +#in %%check section need for running +%endif + +# test subpackage tests code from devel subpackage +Requires: %{name}-devel = %{version}-%{release} + +%if 0%{?with_check} && ! 0%{?with_bundled} +BuildRequires: golang(github.com/stretchr/testify/assert) +BuildRequires: golang(github.com/urfave/cli) +%endif + +Requires: golang(github.com/stretchr/testify/assert) +Requires: golang(github.com/urfave/cli) + +%description unit-test-devel +%{summary} +libpod provides a library for applications looking to use the Container Pod concept popularized by Kubernetes. + +This package contains unit tests for project +providing packages with %{import_path} prefix. +%endif + +%prep +%autosetup -Sgit -n %{repo}-%{commit} +sed -i '/\/bin\/bash/d' completions/bash/%{name} + +%build +mkdir _build +pushd _build +mkdir -p src/%{provider}.%{provider_tld}/%{project} +ln -s ../../../../ src/%{import_path} +popd +ln -s vendor src +export GOPATH=$(pwd)/_build:$(pwd):$(pwd):%{gopath} +export BUILDTAGS="selinux seccomp $(hack/btrfs_installed_tag.sh) $(hack/btrfs_tag.sh) $(hack/libdm_tag.sh) containers_image_ostree_stub" + +GOPATH=$GOPATH BUILDTAGS=$BUILDTAGS %gobuild -o bin/%{name} %{import_path}/cmd/%{name} +BUILDTAGS=$BUILDTAGS make docs + +%install +%make_install PREFIX=%{buildroot}%{_prefix} install install.completions + +# source codes for building projects +%if 0%{?with_devel} +install -d -p %{buildroot}/%{gopath}/src/%{import_path}/ + +echo "%%dir %%{gopath}/src/%%{import_path}/." >> devel.file-list +# find all *.go but no *_test.go files and generate devel.file-list +for file in $(find . \( -iname "*.go" -or -iname "*.s" \) \! -iname "*_test.go" | grep -v "vendor") ; do + dirprefix=$(dirname $file) + install -d -p %{buildroot}/%{gopath}/src/%{import_path}/$dirprefix + cp -pav $file %{buildroot}/%{gopath}/src/%{import_path}/$file + echo "%%{gopath}/src/%%{import_path}/$file" >> devel.file-list + + while [ "$dirprefix" != "." ]; do + echo "%%dir %%{gopath}/src/%%{import_path}/$dirprefix" >> devel.file-list + dirprefix=$(dirname $dirprefix) + done +done +%endif + +# testing files for this project +%if 0%{?with_unit_test} && 0%{?with_devel} +install -d -p %{buildroot}/%{gopath}/src/%{import_path}/ +# find all *_test.go files and generate unit-test-devel.file-list +for file in $(find . -iname "*_test.go" | grep -v "vendor") ; do + dirprefix=$(dirname $file) + install -d -p %{buildroot}/%{gopath}/src/%{import_path}/$dirprefix + cp -pav $file %{buildroot}/%{gopath}/src/%{import_path}/$file + echo "%%{gopath}/src/%%{import_path}/$file" >> unit-test-devel.file-list + + while [ "$dirprefix" != "." ]; do + echo "%%dir %%{gopath}/src/%%{import_path}/$dirprefix" >> devel.file-list + dirprefix=$(dirname $dirprefix) + done +done +%endif + +%if 0%{?with_devel} +sort -u -o devel.file-list devel.file-list +%endif + +%check +%if 0%{?with_check} && 0%{?with_unit_test} && 0%{?with_devel} +%if ! 0%{?with_bundled} +export GOPATH=%{buildroot}/%{gopath}:%{gopath} +%else +# Since we aren't packaging up the vendor directory we need to link +# back to it somehow. Hack it up so that we can add the vendor +# directory from BUILD dir as a gopath to be searched when executing +# tests from the BUILDROOT dir. +ln -s ./ ./vendor/src # ./vendor/src -> ./vendor + +export GOPATH=%{buildroot}/%{gopath}:$(pwd)/vendor:%{gopath} +%endif + +%if ! 0%{?gotest:1} +%global gotest go test +%endif + +%gotest %{import_path}/cmd/%{name} +%gotest %{import_path}/libkpod +%gotest %{import_path}/libpod +%gotest %{import_path}/pkg/registrar +%endif + +#define license tag if not already defined +%{!?_licensedir:%global license %doc} + +%files +%license LICENSE +%doc README.md CONTRIBUTING.md hooks.md install.md code-of-conduct.md transfer.md +%{_bindir}/%{name} +%{_mandir}/man1/*.1* +%{_datadir}/bash-completion/completions/* +%config(noreplace) %{_sysconfdir}/cni/net.d/87-%{name}-bridge.conflist + +%if 0%{?with_devel} +%files -n libpod-devel -f devel.file-list +%license LICENSE +%doc README.md CONTRIBUTING.md hooks.md install.md code-of-conduct.md transfer.md +%dir %{gopath}/src/%{provider}.%{provider_tld}/%{project} +%endif + +%if 0%{?with_unit_test} && 0%{?with_devel} +%files unit-test-devel -f unit-test-devel.file-list +%license LICENSE +%doc README.md CONTRIBUTING.md hooks.md install.md code-of-conduct.md transfer.md +%endif + +%changelog +* Tue Feb 06 2018 Lokesh Mandvekar <lsm5@fedoraproject.org> - 0-0.3.git367213a +- Resolves: #1541554 - first official build +- built commit 367213a + +* Fri Feb 02 2018 Lokesh Mandvekar <lsm5@fedoraproject.org> - 0-0.2.git0387f69 +- built commit 0387f69 + +* Wed Jan 10 2018 Frantisek Kluknavsky <fkluknav@redhat.com> - 0-0.1.gitc1b2278 +- First package for Fedora diff --git a/pkg/util/utils.go b/pkg/util/utils.go new file mode 100644 index 000000000..9a93021e4 --- /dev/null +++ b/pkg/util/utils.go @@ -0,0 +1,46 @@ +package util + +import ( + "fmt" + "strings" + + "github.com/containers/image/types" + "github.com/pkg/errors" + "golang.org/x/crypto/ssh/terminal" +) + +// Helper function to determine the username/password passed +// in the creds string. It could be either or both. +func parseCreds(creds string) (string, string) { + if creds == "" { + return "", "" + } + up := strings.SplitN(creds, ":", 2) + if len(up) == 1 { + return up[0], "" + } + return up[0], up[1] +} + +// ParseRegistryCreds takes a credentials string in the form USERNAME:PASSWORD +// and returns a DockerAuthConfig +func ParseRegistryCreds(creds string) (*types.DockerAuthConfig, error) { + username, password := parseCreds(creds) + if username == "" { + fmt.Print("Username: ") + fmt.Scanln(&username) + } + if password == "" { + fmt.Print("Password: ") + termPassword, err := terminal.ReadPassword(0) + if err != nil { + return nil, errors.Wrapf(err, "could not read password from terminal") + } + password = string(termPassword) + } + + return &types.DockerAuthConfig{ + Username: username, + Password: password, + }, nil +} diff --git a/test/e2e/attach_test.go b/test/e2e/attach_test.go new file mode 100644 index 000000000..afe324e9c --- /dev/null +++ b/test/e2e/attach_test.go @@ -0,0 +1,60 @@ +package integration + +import ( + "os" + + . "github.com/onsi/ginkgo" + . "github.com/onsi/gomega" +) + +var _ = Describe("Podman attach", func() { + var ( + tempdir string + err error + podmanTest PodmanTest + ) + + BeforeEach(func() { + tempdir, err = CreateTempDirInTempDir() + if err != nil { + os.Exit(1) + } + podmanTest = PodmanCreate(tempdir) + podmanTest.RestoreAllArtifacts() + }) + + AfterEach(func() { + podmanTest.Cleanup() + + }) + + It("podman attach to bogus container", func() { + session := podmanTest.Podman([]string{"attach", "foobar"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(125)) + }) + + It("podman attach to non-running container", func() { + session := podmanTest.Podman([]string{"create", "--name", "test1", "-d", "-i", ALPINE, "ls"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + results := podmanTest.Podman([]string{"attach", "test1"}) + results.WaitWithDefaultTimeout() + Expect(results.ExitCode()).To(Equal(125)) + }) + + It("podman attach to multiple containers", func() { + session := podmanTest.RunSleepContainer("test1") + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + session = podmanTest.RunSleepContainer("test2") + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + results := podmanTest.Podman([]string{"attach", "test1", "test2"}) + results.WaitWithDefaultTimeout() + Expect(results.ExitCode()).To(Equal(125)) + }) +}) diff --git a/test/e2e/commit_test.go b/test/e2e/commit_test.go index 6955b33d1..c807b46c5 100644 --- a/test/e2e/commit_test.go +++ b/test/e2e/commit_test.go @@ -74,6 +74,7 @@ var _ = Describe("Podman commit", func() { }) It("podman commit container with change flag", func() { + podmanTest.RestoreArtifact(fedoraMinimal) test := podmanTest.Podman([]string{"run", "--name", "test1", "-d", fedoraMinimal, "ls"}) test.WaitWithDefaultTimeout() Expect(test.ExitCode()).To(Equal(0)) diff --git a/test/e2e/libpod_suite_test.go b/test/e2e/libpod_suite_test.go index 712af7236..d6263beb2 100644 --- a/test/e2e/libpod_suite_test.go +++ b/test/e2e/libpod_suite_test.go @@ -39,7 +39,8 @@ var ( INTEGRATION_ROOT string STORAGE_OPTIONS = "--storage-driver vfs" ARTIFACT_DIR = "/tmp/.artifacts" - IMAGES = []string{"alpine", "busybox"} + CACHE_IMAGES = []string{"alpine", "busybox", fedoraMinimal} + RESTORE_IMAGES = []string{"alpine", "busybox"} ALPINE = "docker.io/library/alpine:latest" BB_GLIBC = "docker.io/library/busybox:glibc" fedoraMinimal = "registry.fedoraproject.org/fedora-minimal:latest" @@ -86,7 +87,7 @@ var _ = BeforeSuite(func() { os.Exit(1) } } - for _, image := range IMAGES { + for _, image := range CACHE_IMAGES { fmt.Printf("Caching %s...\n", image) if err := podman.CreateArtifact(image); err != nil { fmt.Printf("%q\n", err) @@ -280,7 +281,8 @@ func (p *PodmanTest) CreateArtifact(image string) error { return errors.Errorf("error parsing image name %v: %v", image, err) } - exportTo := filepath.Join("dir:", p.ArtifactPath, image) + imageDir := strings.Replace(image, "/", "_", -1) + exportTo := filepath.Join("dir:", p.ArtifactPath, imageDir) exportRef, err := alltransports.ParseImageName(exportTo) if err != nil { return errors.Errorf("error parsing image name %v: %v", exportTo, err) @@ -314,7 +316,8 @@ func (p *PodmanTest) RestoreArtifact(image string) error { return errors.Errorf("error parsing image name: %v", err) } - importFrom := fmt.Sprintf("dir:%s", filepath.Join(p.ArtifactPath, image)) + imageDir := strings.Replace(image, "/", "_", -1) + importFrom := fmt.Sprintf("dir:%s", filepath.Join(p.ArtifactPath, imageDir)) importRef, err := alltransports.ParseImageName(importFrom) if err != nil { return errors.Errorf("error parsing image name %v: %v", image, err) @@ -342,7 +345,7 @@ func (p *PodmanTest) RestoreArtifact(image string) error { // RestoreAllArtifacts unpacks all cached images func (p *PodmanTest) RestoreAllArtifacts() error { - for _, image := range IMAGES { + for _, image := range RESTORE_IMAGES { if err := p.RestoreArtifact(image); err != nil { return err } diff --git a/test/e2e/privileged_test.go b/test/e2e/privileged_test.go index 1da9ed07e..b660e1b55 100644 --- a/test/e2e/privileged_test.go +++ b/test/e2e/privileged_test.go @@ -5,6 +5,7 @@ import ( . "github.com/onsi/ginkgo" . "github.com/onsi/gomega" + "strings" ) var _ = Describe("Podman privileged container tests", func() { @@ -36,4 +37,40 @@ var _ = Describe("Podman privileged container tests", func() { Expect(ok).To(BeTrue()) Expect(lines[0]).To(ContainSubstring("sysfs (rw,")) }) + + It("podman privileged CapEff", func() { + cap := podmanTest.SystemExec("grep", []string{"CapEff", "/proc/self/status"}) + cap.WaitWithDefaultTimeout() + Expect(cap.ExitCode()).To(Equal(0)) + + session := podmanTest.Podman([]string{"run", "--privileged", "busybox", "grep", "CapEff", "/proc/self/status"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + Expect(session.OutputToString()).To(Equal(cap.OutputToString())) + }) + + It("podman cap-add CapEff", func() { + cap := podmanTest.SystemExec("grep", []string{"CapEff", "/proc/self/status"}) + cap.WaitWithDefaultTimeout() + Expect(cap.ExitCode()).To(Equal(0)) + + session := podmanTest.Podman([]string{"run", "--cap-add", "all", "busybox", "grep", "CapEff", "/proc/self/status"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + Expect(session.OutputToString()).To(Equal(cap.OutputToString())) + }) + + It("podman cap-drop CapEff", func() { + cap := podmanTest.SystemExec("grep", []string{"CapAmb", "/proc/self/status"}) + cap.WaitWithDefaultTimeout() + Expect(cap.ExitCode()).To(Equal(0)) + session := podmanTest.Podman([]string{"run", "--cap-drop", "all", "busybox", "grep", "CapEff", "/proc/self/status"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + capAmp := strings.Split(cap.OutputToString(), " ") + capEff := strings.Split(session.OutputToString(), " ") + Expect(capAmp[1]).To(Equal(capEff[1])) + }) + }) diff --git a/test/e2e/run_exit_test.go b/test/e2e/run_exit_test.go new file mode 100644 index 000000000..3b9e08b5e --- /dev/null +++ b/test/e2e/run_exit_test.go @@ -0,0 +1,61 @@ +package integration + +import ( + "os" + + . "github.com/onsi/ginkgo" + . "github.com/onsi/gomega" +) + +var _ = Describe("Podman run exit", func() { + var ( + tempdir string + err error + podmanTest PodmanTest + ) + + BeforeEach(func() { + tempdir, err = CreateTempDirInTempDir() + if err != nil { + os.Exit(1) + } + podmanTest = PodmanCreate(tempdir) + podmanTest.RestoreAllArtifacts() + }) + + AfterEach(func() { + podmanTest.Cleanup() + + }) + + It("podman run exit 125", func() { + result := podmanTest.Podman([]string{"run", "--foobar", ALPINE, "ls", "$tmp"}) + result.WaitWithDefaultTimeout() + Expect(result.ExitCode()).To(Equal(125)) + }) + + It("podman run exit 126", func() { + result := podmanTest.Podman([]string{"run", ALPINE, "foobar"}) + result.WaitWithDefaultTimeout() + Expect(result.ExitCode()).To(Equal(126)) + }) + + It("podman run exit 127", func() { + result := podmanTest.Podman([]string{"run", ALPINE, "/etc"}) + result.WaitWithDefaultTimeout() + Expect(result.ExitCode()).To(Equal(127)) + }) + + It("podman run exit 0", func() { + result := podmanTest.Podman([]string{"run", ALPINE, "ls"}) + result.WaitWithDefaultTimeout() + Expect(result.ExitCode()).To(Equal(0)) + }) + + It("podman run exit 50", func() { + podmanTest.RestoreArtifact(fedoraMinimal) + result := podmanTest.Podman([]string{"run", "registry.fedoraproject.org/fedora-minimal", "bash", "-c", "exit 50"}) + result.WaitWithDefaultTimeout() + Expect(result.ExitCode()).To(Equal(50)) + }) +}) diff --git a/test/e2e/run_memory_test.go b/test/e2e/run_memory_test.go new file mode 100644 index 000000000..a7482a6ea --- /dev/null +++ b/test/e2e/run_memory_test.go @@ -0,0 +1,58 @@ +package integration + +import ( + "os" + + . "github.com/onsi/ginkgo" + . "github.com/onsi/gomega" +) + +var _ = Describe("Podman run memory", func() { + var ( + tempdir string + err error + podmanTest PodmanTest + ) + + BeforeEach(func() { + tempdir, err = CreateTempDirInTempDir() + if err != nil { + os.Exit(1) + } + podmanTest = PodmanCreate(tempdir) + podmanTest.RestoreAllArtifacts() + }) + + AfterEach(func() { + podmanTest.Cleanup() + + }) + + It("podman run memory test", func() { + session := podmanTest.Podman([]string{"run", "--memory=40m", ALPINE, "cat", "/sys/fs/cgroup/memory/memory.limit_in_bytes"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + Expect(session.OutputToString()).To(Equal("41943040")) + }) + + It("podman run memory-reservation test", func() { + session := podmanTest.Podman([]string{"run", "--memory-reservation=40m", ALPINE, "cat", "/sys/fs/cgroup/memory/memory.soft_limit_in_bytes"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + Expect(session.OutputToString()).To(Equal("41943040")) + }) + + It("podman run memory-swappiness test", func() { + session := podmanTest.Podman([]string{"run", "--memory-swappiness=15", ALPINE, "cat", "/sys/fs/cgroup/memory/memory.swappiness"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + Expect(session.OutputToString()).To(Equal("15")) + }) + + It("podman run kernel-memory test", func() { + session := podmanTest.Podman([]string{"run", "--kernel-memory=40m", ALPINE, "cat", "/sys/fs/cgroup/memory/memory.kmem.limit_in_bytes"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + Expect(session.OutputToString()).To(Equal("41943040")) + }) +}) diff --git a/test/e2e/run_ns_test.go b/test/e2e/run_ns_test.go new file mode 100644 index 000000000..1dfec9f64 --- /dev/null +++ b/test/e2e/run_ns_test.go @@ -0,0 +1,67 @@ +package integration + +import ( + "os" + + . "github.com/onsi/ginkgo" + . "github.com/onsi/gomega" +) + +var _ = Describe("Podman run ns", func() { + var ( + tempdir string + err error + podmanTest PodmanTest + ) + + BeforeEach(func() { + tempdir, err = CreateTempDirInTempDir() + if err != nil { + os.Exit(1) + } + podmanTest = PodmanCreate(tempdir) + podmanTest.RestoreAllArtifacts() + podmanTest.RestoreArtifact(fedoraMinimal) + }) + + AfterEach(func() { + podmanTest.Cleanup() + + }) + + It("podman run pidns test", func() { + session := podmanTest.Podman([]string{"run", fedoraMinimal, "bash", "-c", "echo $$"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + Expect(session.OutputToString()).To(Equal("1")) + + session = podmanTest.Podman([]string{"run", "--pid=host", fedoraMinimal, "bash", "-c", "echo $$"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + Expect(session.OutputToString()).To(Not(Equal("1"))) + + session = podmanTest.Podman([]string{"run", "--pid=badpid", fedoraMinimal, "bash", "-c", "echo $$"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Not(Equal(0))) + }) + + It("podman run ipcns test", func() { + setup := podmanTest.SystemExec("mktemp", []string{"/dev/shm/podmantest.XXXX)"}) + setup.WaitWithDefaultTimeout() + Expect(setup.ExitCode()).To(Equal(0)) + + session := podmanTest.Podman([]string{"run", "--ipc=host", fedoraMinimal, "ls", setup.OutputToString()}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + Expect(session.OutputToString()).To(ContainSubstring(setup.OutputToString())) + + err := os.Remove(setup.OutputToString()) + Expect(err).To(BeNil()) + }) + + It("podman run bad ipc pid test", func() { + session := podmanTest.Podman([]string{"run", "--ipc=badpid", fedoraMinimal, "bash", "-c", "echo $$"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).ToNot(Equal(0)) + }) +}) diff --git a/test/e2e/run_test.go b/test/e2e/run_test.go index 7bd42edc4..3ca06d362 100644 --- a/test/e2e/run_test.go +++ b/test/e2e/run_test.go @@ -115,6 +115,7 @@ var _ = Describe("Podman run", func() { }) It("podman run limits test", func() { + podmanTest.RestoreArtifact(fedoraMinimal) session := podmanTest.Podman([]string{"run", "--rm", "--ulimit", "rtprio=99", "--cap-add=sys_nice", fedoraMinimal, "cat", "/proc/self/sched"}) session.Wait(45) Expect(session.ExitCode()).To(Equal(0)) diff --git a/test/e2e/save_test.go b/test/e2e/save_test.go new file mode 100644 index 000000000..351e57bf5 --- /dev/null +++ b/test/e2e/save_test.go @@ -0,0 +1,96 @@ +package integration + +import ( + "os" + "path/filepath" + + . "github.com/onsi/ginkgo" + . "github.com/onsi/gomega" +) + +var _ = Describe("Podman save", func() { + var ( + tempdir string + err error + podmanTest PodmanTest + ) + + BeforeEach(func() { + tempdir, err = CreateTempDirInTempDir() + if err != nil { + os.Exit(1) + } + podmanTest = PodmanCreate(tempdir) + podmanTest.RestoreAllArtifacts() + }) + + AfterEach(func() { + podmanTest.Cleanup() + }) + + It("podman save output flag", func() { + outfile := filepath.Join(podmanTest.TempDir, "alpine.tar") + + save := podmanTest.Podman([]string{"save", "-o", outfile, ALPINE}) + save.WaitWithDefaultTimeout() + Expect(save.ExitCode()).To(Equal(0)) + }) + + It("podman save oci flag", func() { + outfile := filepath.Join(podmanTest.TempDir, "alpine.tar") + + save := podmanTest.Podman([]string{"save", "-o", outfile, "--format", "oci-archive", ALPINE}) + save.WaitWithDefaultTimeout() + Expect(save.ExitCode()).To(Equal(0)) + }) + + It("podman save with stdout", func() { + Skip("Pipe redirection in ginkgo probably wont work") + outfile := filepath.Join(podmanTest.TempDir, "alpine.tar") + + save := podmanTest.Podman([]string{"save", ALPINE, ">", outfile}) + save.WaitWithDefaultTimeout() + Expect(save.ExitCode()).To(Equal(0)) + }) + + It("podman save quiet flag", func() { + outfile := filepath.Join(podmanTest.TempDir, "alpine.tar") + + save := podmanTest.Podman([]string{"save", "-q", "-o", outfile, ALPINE}) + save.WaitWithDefaultTimeout() + Expect(save.ExitCode()).To(Equal(0)) + }) + + It("podman save bogus image", func() { + outfile := filepath.Join(podmanTest.TempDir, "alpine.tar") + + save := podmanTest.Podman([]string{"save", "-o", outfile, "FOOBAR"}) + save.WaitWithDefaultTimeout() + Expect(save.ExitCode()).To(Not(Equal(0))) + }) + + It("podman save to directory with oci format", func() { + outdir := filepath.Join(podmanTest.TempDir, "save") + + save := podmanTest.Podman([]string{"save", "--format", "oci-dir", "-o", outdir, ALPINE}) + save.WaitWithDefaultTimeout() + Expect(save.ExitCode()).To(Equal(0)) + }) + + It("podman save to directory with v2s2 docker format", func() { + outdir := filepath.Join(podmanTest.TempDir, "save") + + save := podmanTest.Podman([]string{"save", "--format", "docker-dir", "-o", outdir, ALPINE}) + save.WaitWithDefaultTimeout() + Expect(save.ExitCode()).To(Equal(0)) + }) + + It("podman save to directory with docker format and compression", func() { + outdir := filepath.Join(podmanTest.TempDir, "save") + + save := podmanTest.Podman([]string{"save", "--compress", "--format", "docker-dir", "-o", outdir, ALPINE}) + save.WaitWithDefaultTimeout() + Expect(save.ExitCode()).To(Equal(0)) + }) + +}) diff --git a/test/e2e/tag_test.go b/test/e2e/tag_test.go new file mode 100644 index 000000000..c5ec5710d --- /dev/null +++ b/test/e2e/tag_test.go @@ -0,0 +1,69 @@ +package integration + +import ( + "os" + + . "github.com/onsi/ginkgo" + . "github.com/onsi/gomega" +) + +var _ = Describe("Podman tag", func() { + var ( + tempdir string + err error + podmanTest PodmanTest + ) + + BeforeEach(func() { + tempdir, err = CreateTempDirInTempDir() + if err != nil { + os.Exit(1) + } + podmanTest = PodmanCreate(tempdir) + podmanTest.RestoreAllArtifacts() + }) + + AfterEach(func() { + podmanTest.Cleanup() + + }) + + It("podman tag shortname:latest", func() { + session := podmanTest.Podman([]string{"tag", ALPINE, "foobar:latest"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + results := podmanTest.Podman([]string{"inspect", "foobar:latest"}) + results.WaitWithDefaultTimeout() + Expect(results.ExitCode()).To(Equal(0)) + inspectData := results.InspectImageJSON() + Expect(StringInSlice("docker.io/library/alpine:latest", inspectData.RepoTags)).To(BeTrue()) + Expect(StringInSlice("foobar:latest", inspectData.RepoTags)).To(BeTrue()) + }) + + It("podman tag shortname", func() { + session := podmanTest.Podman([]string{"tag", ALPINE, "foobar"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + results := podmanTest.Podman([]string{"inspect", "foobar:latest"}) + results.WaitWithDefaultTimeout() + Expect(results.ExitCode()).To(Equal(0)) + inspectData := results.InspectImageJSON() + Expect(StringInSlice("docker.io/library/alpine:latest", inspectData.RepoTags)).To(BeTrue()) + Expect(StringInSlice("foobar:latest", inspectData.RepoTags)).To(BeTrue()) + }) + + It("podman tag shortname:tag", func() { + session := podmanTest.Podman([]string{"tag", ALPINE, "foobar:new"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + results := podmanTest.Podman([]string{"inspect", "foobar:new"}) + results.WaitWithDefaultTimeout() + Expect(results.ExitCode()).To(Equal(0)) + inspectData := results.InspectImageJSON() + Expect(StringInSlice("docker.io/library/alpine:latest", inspectData.RepoTags)).To(BeTrue()) + Expect(StringInSlice("foobar:new", inspectData.RepoTags)).To(BeTrue()) + }) +}) diff --git a/test/e2e/version_test.go b/test/e2e/version_test.go new file mode 100644 index 000000000..c6b71bec1 --- /dev/null +++ b/test/e2e/version_test.go @@ -0,0 +1,38 @@ +package integration + +import ( + "os" + + . "github.com/onsi/ginkgo" + . "github.com/onsi/gomega" +) + +var _ = Describe("Podman version", func() { + var ( + tempdir string + err error + podmanTest PodmanTest + ) + + BeforeEach(func() { + tempdir, err = CreateTempDirInTempDir() + if err != nil { + os.Exit(1) + } + podmanTest = PodmanCreate(tempdir) + podmanTest.RestoreAllArtifacts() + podmanTest.RestoreArtifact(fedoraMinimal) + }) + + AfterEach(func() { + podmanTest.Cleanup() + + }) + + It("podman version", func() { + session := podmanTest.Podman([]string{"version"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + Expect(len(session.OutputToStringArray())).To(BeNumerically(">", 3)) + }) +}) diff --git a/test/podman_attach.bats b/test/podman_attach.bats deleted file mode 100644 index 605a44789..000000000 --- a/test/podman_attach.bats +++ /dev/null @@ -1,32 +0,0 @@ -#!/usr/bin/env bats - -load helpers - -function teardown() { - cleanup_test -} - -function setup() { - copy_images -} - -@test "attach to a bogus container" { - run ${PODMAN_BINARY} ${PODMAN_OPTIONS} attach foobar - echo "$output" - [ "$status" -eq 125 ] -} - -@test "attach to non-running container" { - ${PODMAN_BINARY} ${PODMAN_OPTIONS} create --name foobar -d -i ${ALPINE} ls - run ${PODMAN_BINARY} ${PODMAN_OPTIONS} attach foobar - echo "$output" - [ "$status" -eq 125 ] -} - -@test "attach to multiple containers" { - ${PODMAN_BINARY} ${PODMAN_OPTIONS} run --name foobar1 -d -i ${ALPINE} /bin/sh - ${PODMAN_BINARY} ${PODMAN_OPTIONS} run --name foobar2 -d -i ${ALPINE} /bin/sh - run ${PODMAN_BINARY} ${PODMAN_OPTIONS} attach foobar1 foobar2 - echo "$output" - [ "$status" -eq 125 ] -} diff --git a/test/podman_run_exit.bats b/test/podman_run_exit.bats deleted file mode 100644 index 02ccb56ec..000000000 --- a/test/podman_run_exit.bats +++ /dev/null @@ -1,46 +0,0 @@ -#!/usr/bin/env bats - -load helpers - -function teardown() { - cleanup_test -} - -function setup() { - copy_images -} - -@test "run exit125 test" { - run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run --foobar ${ALPINE} ls $tmp - echo $output - echo $status != 125 - [ $status -eq 125 ] -} - -@test "run exit126 test" { - run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run ${ALPINE} foobar - echo $output - echo $status != 126 - [ "$status" -eq 126 ] -} - -@test "run exit127 test" { - run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run ${ALPINE} /etc - echo $output - echo $status != 127 - [ "$status" -eq 127 ] -} - -@test "run exit0 test" { - run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run ${ALPINE} ps - echo $output - echo $status != 0 - [ "$status" -eq 0 ] -} - -@test "run exit50 test" { - run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run ${ALPINE} sh -c "exit 50" - echo $output - echo $status != 50 - [ "$status" -eq 50 ] -} diff --git a/test/podman_run_memory.bats b/test/podman_run_memory.bats deleted file mode 100644 index 2eaebe104..000000000 --- a/test/podman_run_memory.bats +++ /dev/null @@ -1,39 +0,0 @@ -#!/usr/bin/env bats - -load helpers - -function teardown() { - cleanup_test -} - -function setup() { - copy_images -} - -@test "run memory test" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run --rm --memory=40m ${ALPINE} cat /sys/fs/cgroup/memory/memory.limit_in_bytes | tr -d '\r'" - echo $output - [ "$status" -eq 0 ] - [ "$output" = 41943040 ] -} - -@test "run memory-reservation test" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run --rm --memory-reservation=40m ${ALPINE} cat /sys/fs/cgroup/memory/memory.soft_limit_in_bytes | tr -d '\r'" - echo "$output" - [ "$status" -eq 0 ] - [ "$output" = 41943040 ] -} - -@test "run memory-swappiness test" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run --rm --memory-swappiness=15 ${ALPINE} cat /sys/fs/cgroup/memory/memory.swappiness | tr -d '\r'" - echo "$output" - [ "$status" -eq 0 ] - [ "$output" = 15 ] -} - -@test "run kernel-memory test" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run --rm --kernel-memory=40m ${ALPINE} cat /sys/fs/cgroup/memory/memory.kmem.limit_in_bytes | tr -d '\r'" - echo "$output" - [ "$status" -eq 0 ] - [ "$output" = 41943040 ] -} diff --git a/test/podman_run_ns.bats b/test/podman_run_ns.bats deleted file mode 100644 index 8ed710394..000000000 --- a/test/podman_run_ns.bats +++ /dev/null @@ -1,44 +0,0 @@ -#!/usr/bin/env bats - -load helpers - -function teardown() { - cleanup_test -} - -function setup() { - copy_images -} - -@test "run pidns test" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run ${ALPINE} sh -c 'echo \$\$'" - echo $output - [ "$status" -eq 0 ] - pid=$(echo $output | tr -d '\r') - [ $pid = "1" ] - - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run --pid=host ${ALPINE} sh -c 'echo \$\$'" - echo $output - pid=$(echo $output | tr -d '\r') - [ "$status" -eq 0 ] - [ $pid != "1" ] - - run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run --pid=badpid ${ALPINE} sh -c 'echo $$' - echo $output - [ "$status" -ne 0 ] -} - -@test "run ipcns test" { - tmp=$(mktemp /dev/shm/foo.XXXXX) - run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run --ipc=host ${ALPINE} ls $tmp - echo $output - out=$(echo $output | tr -d '\r') - [ "$status" -eq 0 ] - [ $out != $tmp ] - - rm -f $tmp - - run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run --ipc=badpid ${ALPINE} sh -c 'echo $$' - echo $output - [ "$status" -ne 0 ] -} diff --git a/test/podman_run_security.bats b/test/podman_run_security.bats deleted file mode 100644 index 07dabf44b..000000000 --- a/test/podman_run_security.bats +++ /dev/null @@ -1,34 +0,0 @@ -#!/usr/bin/env bats - -load helpers - -function teardown() { - cleanup_test -} - -function setup() { - copy_images -} - -@test "run privileged test" { - cap=$(grep CapEff /proc/self/status | cut -f2 -d":") - - run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run --privileged ${ALPINE} grep CapEff /proc/self/status - echo $output - [ "$status" -eq 0 ] - containercap=$(echo $output | tr -d '\r'| cut -f2 -d":") - [ $containercap = $cap ] - - run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run --cap-add all ${ALPINE} grep CapEff /proc/self/status - echo $output - [ "$status" -eq 0 ] - containercap=$(echo $output | tr -d '\r'| cut -f2 -d":") - [ $containercap = $cap ] - - cap=$(grep CapAmb /proc/self/status | cut -f2 -d":") - run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run --cap-drop all ${ALPINE} grep CapEff /proc/self/status - echo $output - [ "$status" -eq 0 ] - containercap=$(echo $output | tr -d '\r'| cut -f2 -d":") - [ $containercap = $cap ] -} diff --git a/test/podman_save.bats b/test/podman_save.bats deleted file mode 100644 index 5adfb8fea..000000000 --- a/test/podman_save.bats +++ /dev/null @@ -1,70 +0,0 @@ -#!/usr/bin/env bats - -load helpers - -function teardown() { - cleanup_test -} - -function setup() { - copy_images -} - -@test "podman save output flag" { - run ${PODMAN_BINARY} ${PODMAN_OPTIONS} save -o alpine.tar $ALPINE - echo "$output" - [ "$status" -eq 0 ] - rm -f alpine.tar -} - -@test "podman save oci flag" { - run ${PODMAN_BINARY} ${PODMAN_OPTIONS} save -o alpine.tar --format oci-archive $ALPINE - echo "$output" - [ "$status" -eq 0 ] - rm -f alpine.tar -} - -@test "podman save using stdout" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} save $ALPINE > alpine.tar" - [ "$status" -eq 0 ] - rm -f alpine.tar -} - -@test "podman save quiet flag" { - run ${PODMAN_BINARY} ${PODMAN_OPTIONS} save -q -o alpine.tar $ALPINE - echo "$output" - [ "$status" -eq 0 ] - rm -f alpine.tar -} - -@test "podman save non-existent image" { - run ${PODMAN_BINARY} ${PODMAN_OPTIONS} save -o alpine.tar FOOBAR - echo "$output" - [ "$status" -ne 0 ] -} - -@test "podman save to directory with oci format" { - run ${PODMAN_BINARY} ${PODMAN_OPTIONS} save --format oci-dir -o alp-dir $ALPINE - echo "$output" - [ "$status" -eq 0 ] - rm -rf alp-dir -} - -@test "podman save to directory with v2s2 (docker) format" { - run ${PODMAN_BINARY} ${PODMAN_OPTIONS} save --format docker-dir -o alp-dir $ALPINE - echo "$output" - [ "$status" -eq 0 ] - rm -rf alp-dir -} - -@test "podman save to directory with compression" { - run ${PODMAN_BINARY} ${PODMAN_OPTIONS} save --compress --format docker-dir -o alp-dir $ALPINE - echo "$output" - [ "$status" -eq 0 ] - rm -rf alp-dir - - run ${PODMAN_BINARY} ${PODMAN_OPTIONS} save --format docker-dir --compress -o alp-dir $ALPINE - echo "$output" - [ "$status" -eq 0 ] - rm -rf alp-dir -} diff --git a/test/podman_tag.bats b/test/podman_tag.bats deleted file mode 100644 index 749c3ae2c..000000000 --- a/test/podman_tag.bats +++ /dev/null @@ -1,43 +0,0 @@ -#!/usr/bin/env bats - -load helpers - -function teardown() { - cleanup_test -} - -function setup() { - copy_images -} - -@test "podman tag with shortname:latest" { - run ${PODMAN_BINARY} ${PODMAN_OPTIONS} tag ${ALPINE} foobar:latest - [ "$status" -eq 0 ] - run ${PODMAN_BINARY} ${PODMAN_OPTIONS} inspect foobar:latest - echo "$output" - [ "$status" -eq 0 ] - run ${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi --force foobar:latest - [ "$status" -eq 0 ] -} - -@test "podman tag with shortname" { - run ${PODMAN_BINARY} ${PODMAN_OPTIONS} tag ${ALPINE} foobar - echo "$output" - [ "$status" -eq 0 ] - run ${PODMAN_BINARY} ${PODMAN_OPTIONS} inspect foobar:latest - echo "$output" - [ "$status" -eq 0 ] - run ${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi --force foobar:latest - [ "$status" -eq 0 ] -} - -@test "podman tag with shortname:tag" { - run ${PODMAN_BINARY} ${PODMAN_OPTIONS} tag ${ALPINE} foobar:v - echo "$output" - [ "$status" -eq 0 ] - run ${PODMAN_BINARY} ${PODMAN_OPTIONS} inspect foobar:v - echo "$output" - [ "$status" -eq 0 ] - run ${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi --force foobar:v - [ "$status" -eq 0 ] -} diff --git a/test/podman_version.bats b/test/podman_version.bats deleted file mode 100644 index a44da5943..000000000 --- a/test/podman_version.bats +++ /dev/null @@ -1,13 +0,0 @@ -#!/usr/bin/env bats - -load helpers - -function teardown() { - cleanup_test -} - -@test "podman version test" { - run ${PODMAN_BINARY} version - echo "$output" - [ "$status" -eq 0 ] -} diff --git a/vendor.conf b/vendor.conf index 4e7bff400..ea659eab8 100644 --- a/vendor.conf +++ b/vendor.conf @@ -1,6 +1,6 @@ # github.com/sirupsen/logrus v1.0.0 -github.com/containers/image 2524e50daed223ad84b827238ed409bbf44296c5 +github.com/containers/image 3ab2e31e6ff9fc2b21b81188c1f6cf545658ff4a github.com/docker/docker-credential-helpers d68f9aeca33f5fd3f08eeae5e9d175edf4e731d1 github.com/ostreedev/ostree-go master github.com/containers/storage 1824cf917a6b42d8c41179e807bb20a5fd6c0f0a diff --git a/vendor/github.com/containers/image/docker/docker_client.go b/vendor/github.com/containers/image/docker/docker_client.go index b1256b9cb..ff1af8f65 100644 --- a/vendor/github.com/containers/image/docker/docker_client.go +++ b/vendor/github.com/containers/image/docker/docker_client.go @@ -9,6 +9,7 @@ import ( "io/ioutil" "net/http" "net/url" + "os" "path/filepath" "strconv" "strings" @@ -30,8 +31,6 @@ const ( dockerV1Hostname = "index.docker.io" dockerRegistry = "registry-1.docker.io" - systemPerHostCertDirPath = "/etc/docker/certs.d" - resolvedPingV2URL = "%s://%s/v2/" resolvedPingV1URL = "%s://%s/v1/_ping" tagsPath = "/v2/%s/tags/list" @@ -52,6 +51,7 @@ var ( ErrV1NotSupported = errors.New("can't talk to a V1 docker registry") // ErrUnauthorizedForCredentials is returned when the status code returned is 401 ErrUnauthorizedForCredentials = errors.New("unable to retrieve auth token: invalid username/password") + systemPerHostCertDirPaths = [2]string{"/etc/containers/certs.d", "/etc/docker/certs.d"} ) // extensionSignature and extensionSignatureList come from github.com/openshift/origin/pkg/dockerregistry/server/signaturedispatcher.go: @@ -131,19 +131,42 @@ func serverDefault() *tls.Config { } // dockerCertDir returns a path to a directory to be consumed by tlsclientconfig.SetupCertificates() depending on ctx and hostPort. -func dockerCertDir(ctx *types.SystemContext, hostPort string) string { +func dockerCertDir(ctx *types.SystemContext, hostPort string) (string, error) { if ctx != nil && ctx.DockerCertPath != "" { - return ctx.DockerCertPath + return ctx.DockerCertPath, nil } - var hostCertDir string if ctx != nil && ctx.DockerPerHostCertDirPath != "" { - hostCertDir = ctx.DockerPerHostCertDirPath - } else if ctx != nil && ctx.RootForImplicitAbsolutePaths != "" { - hostCertDir = filepath.Join(ctx.RootForImplicitAbsolutePaths, systemPerHostCertDirPath) - } else { - hostCertDir = systemPerHostCertDirPath + return filepath.Join(ctx.DockerPerHostCertDirPath, hostPort), nil } - return filepath.Join(hostCertDir, hostPort) + + var ( + hostCertDir string + fullCertDirPath string + ) + for _, systemPerHostCertDirPath := range systemPerHostCertDirPaths { + if ctx != nil && ctx.RootForImplicitAbsolutePaths != "" { + hostCertDir = filepath.Join(ctx.RootForImplicitAbsolutePaths, systemPerHostCertDirPath) + } else { + hostCertDir = systemPerHostCertDirPath + } + + fullCertDirPath = filepath.Join(hostCertDir, hostPort) + _, err := os.Stat(fullCertDirPath) + if err == nil { + break + } + if os.IsNotExist(err) { + continue + } + if os.IsPermission(err) { + logrus.Debugf("error accessing certs directory due to permissions: %v", err) + continue + } + if err != nil { + return "", err + } + } + return fullCertDirPath, nil } // newDockerClientFromRef returns a new dockerClient instance for refHostname (a host a specified in the Docker image reference, not canonicalized to dockerRegistry) @@ -177,7 +200,10 @@ func newDockerClientWithDetails(ctx *types.SystemContext, registry, username, pa // dockerHostname here, because it is more symmetrical to read the configuration in that case as well, and because // generally the UI hides the existence of the different dockerRegistry. But note that this behavior is // undocumented and may change if docker/docker changes. - certDir := dockerCertDir(ctx, hostName) + certDir, err := dockerCertDir(ctx, hostName) + if err != nil { + return nil, err + } if err := tlsclientconfig.SetupCertificates(certDir, tr.TLSClientConfig); err != nil { return nil, err } |