18 files changed, 173 insertions, 65 deletions
diff --git a/Makefile b/Makefile
index 32f21227f..3fd9b4ed4 100644
--- a/Makefile
+++ b/Makefile
@@ -111,6 +111,9 @@ test/goecho/goecho: .gopathok $(wildcard test/goecho/*.go)
 podman: .gopathok $(PODMAN_VARLINK_DEPENDENCIES)
 	$(GO) build -ldflags '$(LDFLAGS_PODMAN)' -tags "$(BUILDTAGS)" -o bin/$@ $(PROJECT)/cmd/podman
 
+podman-remote: .gopathok $(PODMAN_VARLINK_DEPENDENCIES)
+	$(GO) build -ldflags '$(LDFLAGS_PODMAN)' -tags "$(BUILDTAGS) remoteclient" -o bin/$@ $(PROJECT)/cmd/podman
+
 local-cross: $(CROSS_BUILD_TARGETS)
 
 bin/podman.cross.%: .gopathok
diff --git a/cmd/podman/exec.go b/cmd/podman/exec.go
index 1dcb88dbd..c03834dea 100644
--- a/cmd/podman/exec.go
+++ b/cmd/podman/exec.go
@@ -3,7 +3,6 @@ package main
 import (
 	"fmt"
 	"os"
-	"strings"
 
 	"github.com/containers/libpod/cmd/podman/libpodruntime"
 	"github.com/containers/libpod/libpod"
@@ -99,15 +98,7 @@ func execCmd(c *cli.Context) error {
 	}
 
 	// ENVIRONMENT VARIABLES
-	env := defaultEnvVariables
-	for _, e := range c.StringSlice("env") {
-		split := strings.SplitN(e, "=", 2)
-		if len(split) > 1 {
-			env[split[0]] = split[1]
-		} else {
-			env[split[0]] = ""
-		}
-	}
+	env := map[string]string{}
 
 	if err := readKVStrings(env, []string{}, c.StringSlice("env")); err != nil {
 		return errors.Wrapf(err, "unable to process environment variables")
diff --git a/cmd/podman/info.go b/cmd/podman/info.go
index c0639725e..4b80f94db 100644
--- a/cmd/podman/info.go
+++ b/cmd/podman/info.go
@@ -1,10 +1,10 @@
 package main
 
 import (
+	"github.com/containers/libpod/libpod/adapter"
 	"runtime"
 
 	"github.com/containers/libpod/cmd/podman/formats"
-	"github.com/containers/libpod/cmd/podman/libpodruntime"
 	"github.com/containers/libpod/libpod"
 	"github.com/pkg/errors"
 	"github.com/urfave/cli"
@@ -39,18 +39,20 @@ func infoCmd(c *cli.Context) error {
 	}
 	info := map[string]interface{}{}
 
-	runtime, err := libpodruntime.GetRuntime(c)
+	localRuntime, err := adapter.GetRuntime(c)
 	if err != nil {
 		return errors.Wrapf(err, "could not get runtime")
 	}
-	defer runtime.Shutdown(false)
+	defer localRuntime.Runtime.Shutdown(false)
 
-	infoArr, err := runtime.Info()
+	infoArr, err := localRuntime.Runtime.Info()
 	if err != nil {
 		return errors.Wrapf(err, "error getting info")
 	}
 
-	if c.Bool("debug") {
+	// TODO This is no a problem child because we don't know if we should add information
+	// TODO about the client or the backend.  Only do for traditional podman for now.
+	if !localRuntime.Remote && c.Bool("debug") {
 		debugInfo := debugInfo(c)
 		infoArr = append(infoArr, libpod.InfoData{Type: "debug", Data: debugInfo})
 	}
diff --git a/contrib/cirrus/ooe.sh b/contrib/cirrus/ooe.sh
index d79e574b2..3c8a0409d 100755
--- a/contrib/cirrus/ooe.sh
+++ b/contrib/cirrus/ooe.sh
@@ -7,10 +7,10 @@
 
 set -eo pipefail
 
-SCRIPT_PATH="$0"
+SCRIPT_BASEDIR="$(basename $0)"
 
 badusage() {
-    echo "Incorrect usage: $(basename $SCRIPT_PATH) <command> [options]" > /dev/stderr
+    echo "Incorrect usage: $SCRIPT_BASEDIR) <command> [options]" > /dev/stderr
     echo "ERROR: $1"
     exit 121
 }
@@ -18,7 +18,7 @@ badusage() {
 COMMAND="$@"
 [[ -n "$COMMAND" ]] || badusage "No command specified"
 
-OUTPUT_TMPFILE="$(mktemp -p '' $(basename $0)_output_XXXX)"
+OUTPUT_TMPFILE="$(mktemp -p '' ${SCRIPT_BASEDIR}_output_XXXX)"
 output_on_error() {
     RET=$?
     set +e
diff --git a/docs/podman-info.1.md b/docs/podman-info.1.md
index 478f79467..836a2c420 100644
--- a/docs/podman-info.1.md
+++ b/docs/podman-info.1.md
@@ -61,6 +61,7 @@ registries:
   - docker.io
   - registry.access.redhat.com
 store:
+  ConfigFile: /etc/containers/storage.conf
   ContainerStore:
     number: 37
   GraphDriverName: overlay
diff --git a/libpod/adapter/client.go b/libpod/adapter/client.go
new file mode 100644
index 000000000..383c242c9
--- /dev/null
+++ b/libpod/adapter/client.go
@@ -0,0 +1,16 @@
+// +build remoteclient
+
+package adapter
+
+import (
+	"github.com/varlink/go/varlink"
+)
+
+// Connect provides a varlink connection
+func (r RemoteRuntime) Connect() (*varlink.Connection, error) {
+	connection, err := varlink.NewConnection("unix:/run/podman/io.podman")
+	if err != nil {
+		return nil, err
+	}
+	return connection, nil
+}
diff --git a/libpod/adapter/info_remote.go b/libpod/adapter/info_remote.go
new file mode 100644
index 000000000..3b691ed17
--- /dev/null
+++ b/libpod/adapter/info_remote.go
@@ -0,0 +1,56 @@
+// +build remoteclient
+
+package adapter
+
+import (
+	"encoding/json"
+
+	"github.com/containers/libpod/cmd/podman/varlink"
+	"github.com/containers/libpod/libpod"
+)
+
+// Info returns information for the host system and its components
+func (r RemoteRuntime) Info() ([]libpod.InfoData, error) {
+	// TODO the varlink implementation for info should be updated to match the output for regular info
+	var (
+		reply    []libpod.InfoData
+		hostInfo map[string]interface{}
+		store    map[string]interface{}
+	)
+
+	registries := make(map[string]interface{})
+	insecureRegistries := make(map[string]interface{})
+	conn, err := r.Connect()
+	if err != nil {
+		return nil, err
+	}
+	defer conn.Close()
+	info, err := iopodman.GetInfo().Call(conn)
+	if err != nil {
+		return nil, err
+	}
+
+	// info.host -> map[string]interface{}
+	h, err := json.Marshal(info.Host)
+	if err != nil {
+		return nil, err
+	}
+	json.Unmarshal(h, &hostInfo)
+
+	// info.store -> map[string]interface{}
+	s, err := json.Marshal(info.Store)
+	if err != nil {
+		return nil, err
+	}
+	json.Unmarshal(s, &store)
+
+	registries["registries"] = info.Registries
+	insecureRegistries["registries"] = info.Insecure_registries
+
+	// Add everything to the reply
+	reply = append(reply, libpod.InfoData{Type: "host", Data: hostInfo})
+	reply = append(reply, libpod.InfoData{Type: "registries", Data: registries})
+	reply = append(reply, libpod.InfoData{Type: "insecure registries", Data: insecureRegistries})
+	reply = append(reply, libpod.InfoData{Type: "store", Data: store})
+	return reply, nil
+}
diff --git a/libpod/adapter/runtime.go b/libpod/adapter/runtime.go
new file mode 100644
index 000000000..b6db51071
--- /dev/null
+++ b/libpod/adapter/runtime.go
@@ -0,0 +1,26 @@
+// +build !remoteclient
+
+package adapter
+
+import (
+	"github.com/containers/libpod/cmd/podman/libpodruntime"
+	"github.com/containers/libpod/libpod"
+	"github.com/urfave/cli"
+)
+
+// LocalRuntime describes a typical libpod runtime
+type LocalRuntime struct {
+	Runtime *libpod.Runtime
+	Remote  bool
+}
+
+// GetRuntime returns a LocalRuntime struct with the actual runtime embedded in it
+func GetRuntime(c *cli.Context) (*LocalRuntime, error) {
+	runtime, err := libpodruntime.GetRuntime(c)
+	if err != nil {
+		return nil, err
+	}
+	return &LocalRuntime{
+		Runtime: runtime,
+	}, nil
+}
diff --git a/libpod/adapter/runtime_remote.go b/libpod/adapter/runtime_remote.go
new file mode 100644
index 000000000..715728d21
--- /dev/null
+++ b/libpod/adapter/runtime_remote.go
@@ -0,0 +1,28 @@
+// +build remoteclient
+
+package adapter
+
+import "github.com/urfave/cli"
+
+// RemoteRuntime describes a wrapper runtime struct
+type RemoteRuntime struct{}
+
+// LocalRuntime describes a typical libpod runtime
+type LocalRuntime struct {
+	Runtime *RemoteRuntime
+	Remote  bool
+}
+
+// GetRuntime returns a LocalRuntime struct with the actual runtime embedded in it
+func GetRuntime(c *cli.Context) (*LocalRuntime, error) {
+	runtime := RemoteRuntime{}
+	return &LocalRuntime{
+		Runtime: &runtime,
+		Remote:  true,
+	}, nil
+}
+
+// Shutdown is a bogus wrapper for compat with the libpod runtime
+func (r RemoteRuntime) Shutdown(force bool) error {
+	return nil
+}
diff --git a/libpod/info.go b/libpod/info.go
index 7044eba6a..a98f93897 100644
--- a/libpod/info.go
+++ b/libpod/info.go
@@ -13,6 +13,7 @@ import (
 	"time"
 
 	"github.com/containers/libpod/pkg/rootless"
+	"github.com/containers/libpod/pkg/util"
 	"github.com/containers/libpod/utils"
 	"github.com/containers/storage/pkg/system"
 	"github.com/pkg/errors"
@@ -115,6 +116,7 @@ func (r *Runtime) hostInfo() (map[string]interface{}, error) {
 func (r *Runtime) storeInfo() (map[string]interface{}, error) {
 	// lets say storage driver in use, number of images, number of containers
 	info := map[string]interface{}{}
+	info["ConfigFile"] = util.StorageConfigFile()
 	info["GraphRoot"] = r.store.GraphRoot()
 	info["RunRoot"] = r.store.RunRoot()
 	info["GraphDriverName"] = r.store.GraphDriverName()
diff --git a/pkg/util/utils.go b/pkg/util/utils.go
index a6f52cb3e..2b752afe1 100644
--- a/pkg/util/utils.go
+++ b/pkg/util/utils.go
@@ -314,8 +314,9 @@ func GetDefaultStoreOptions() (storage.StoreOptions, string, error) {
 			return storageOpts, volumePath, err
 		}
 
-		storageConf := filepath.Join(os.Getenv("HOME"), ".config/containers/storage.conf")
+		storageConf := StorageConfigFile()
 		if _, err := os.Stat(storageConf); err == nil {
+			storageOpts = storage.StoreOptions{}
 			storage.ReloadConfigurationFile(storageConf, &storageOpts)
 		} else if os.IsNotExist(err) {
 			os.MkdirAll(filepath.Dir(storageConf), 0755)
@@ -334,3 +335,11 @@ func GetDefaultStoreOptions() (storage.StoreOptions, string, error) {
 	}
 	return storageOpts, volumePath, nil
 }
+
+// StorageConfigFile returns the path to the storage config file used
+func StorageConfigFile() string {
+	if rootless.IsRootless() {
+		return filepath.Join(os.Getenv("HOME"), ".config/containers/storage.conf")
+	}
+	return storage.DefaultConfigFile
+}
diff --git a/pkg/varlinkapi/system.go b/pkg/varlinkapi/system.go
index a29d22e7d..e50643dd0 100644
--- a/pkg/varlinkapi/system.go
+++ b/pkg/varlinkapi/system.go
@@ -102,6 +102,5 @@ func (i *LibpodAPI) GetInfo(call iopodman.VarlinkCall) error {
 	podmanInfo.Podman = pmaninfo
 	podmanInfo.Registries = registries
 	podmanInfo.Insecure_registries = insecureRegistries
-
 	return call.ReplyGetInfo(podmanInfo)
 }
diff --git a/vendor.conf b/vendor.conf
index c215f8294..18283cae6 100644
--- a/vendor.conf
+++ b/vendor.conf
@@ -92,7 +92,7 @@ k8s.io/kube-openapi 275e2ce91dec4c05a4094a7b1daee5560b555ac9 https://github.com/
 k8s.io/utils 258e2a2fa64568210fbd6267cf1d8fd87c3cb86e https://github.com/kubernetes/utils
 github.com/mrunalp/fileutils master
 github.com/varlink/go master
-github.com/containers/buildah bb710f39d01868e47224f35f48a128fbea6539c4
+github.com/containers/buildah e7ca330f923701dba8859f5c014d0a9a3f7f0a49
 github.com/Nvveen/Gotty master
 github.com/fsouza/go-dockerclient master
 github.com/openshift/imagebuilder master
diff --git a/vendor/github.com/containers/buildah/common.go b/vendor/github.com/containers/buildah/common.go
index dfdc33a22..e369dc407 100644
--- a/vendor/github.com/containers/buildah/common.go
+++ b/vendor/github.com/containers/buildah/common.go
@@ -6,10 +6,8 @@ import (
 	"path/filepath"
 
 	cp "github.com/containers/image/copy"
-	"github.com/containers/image/transports"
 	"github.com/containers/image/types"
 	"github.com/containers/libpod/pkg/rootless"
-	"github.com/sirupsen/logrus"
 )
 
 const (
@@ -34,12 +32,6 @@ func getCopyOptions(reportWriter io.Writer, sourceReference types.ImageReference
 
 		}
 	}
-	sourceInsecure, err := isReferenceInsecure(sourceReference, sourceCtx)
-	if err != nil {
-		logrus.Debugf("error determining if registry for %q is insecure: %v", transports.ImageName(sourceReference), err)
-	} else if sourceInsecure {
-		sourceCtx.OCIInsecureSkipTLSVerify = true
-	}
 
 	destinationCtx := &types.SystemContext{}
 	if destinationSystemContext != nil {
@@ -51,12 +43,6 @@ func getCopyOptions(reportWriter io.Writer, sourceReference types.ImageReference
 			}
 		}
 	}
-	destinationInsecure, err := isReferenceInsecure(destinationReference, destinationCtx)
-	if err != nil {
-		logrus.Debugf("error determining if registry for %q is insecure: %v", transports.ImageName(destinationReference), err)
-	} else if destinationInsecure {
-		destinationCtx.OCIInsecureSkipTLSVerify = true
-	}
 
 	return &cp.Options{
 		ReportWriter:          reportWriter,
diff --git a/vendor/github.com/containers/buildah/imagebuildah/build.go b/vendor/github.com/containers/buildah/imagebuildah/build.go
index d838260e7..217bcfc79 100644
--- a/vendor/github.com/containers/buildah/imagebuildah/build.go
+++ b/vendor/github.com/containers/buildah/imagebuildah/build.go
@@ -517,6 +517,7 @@ func (b *Executor) Run(run imagebuilder.Run, config docker.Config) error {
 		Hostname:   config.Hostname,
 		Runtime:    b.runtime,
 		Args:       b.runtimeArgs,
+		NoPivot:    os.Getenv("BUILDAH_NOPIVOT") != "",
 		Mounts:     convertMounts(b.transientMounts),
 		Env:        config.Env,
 		User:       config.User,
diff --git a/vendor/github.com/containers/buildah/pkg/blobcache/blobcache.go b/vendor/github.com/containers/buildah/pkg/blobcache/blobcache.go
index ae55316b0..31e6a428c 100644
--- a/vendor/github.com/containers/buildah/pkg/blobcache/blobcache.go
+++ b/vendor/github.com/containers/buildah/pkg/blobcache/blobcache.go
@@ -52,14 +52,18 @@ type BlobCache interface {
 
 type blobCacheReference struct {
 	reference types.ImageReference
+	// WARNING: The contents of this directory may be accessed concurrently,
+	// both within this process and by multiple different processes
 	directory string
 	compress  types.LayerCompression
 }
 
 type blobCacheSource struct {
-	reference   *blobCacheReference
-	source      types.ImageSource
-	sys         types.SystemContext
+	reference *blobCacheReference
+	source    types.ImageSource
+	sys       types.SystemContext
+	// this mutex synchronizes the counters below
+	mu          sync.Mutex
 	cacheHits   int64
 	cacheMisses int64
 	cacheErrors int64
@@ -219,7 +223,7 @@ func (s *blobCacheSource) GetManifest(ctx context.Context, instanceDigest *diges
 }
 
 func (s *blobCacheSource) HasThreadSafeGetBlob() bool {
-	return false
+	return s.source.HasThreadSafeGetBlob()
 }
 
 func (s *blobCacheSource) GetBlob(ctx context.Context, blobinfo types.BlobInfo, cache types.BlobInfoCache) (io.ReadCloser, int64, error) {
@@ -232,16 +236,22 @@ func (s *blobCacheSource) GetBlob(ctx context.Context, blobinfo types.BlobInfo,
 			filename := filepath.Join(s.reference.directory, makeFilename(blobinfo.Digest, isConfig))
 			f, err := os.Open(filename)
 			if err == nil {
+				s.mu.Lock()
 				s.cacheHits++
+				s.mu.Unlock()
 				return f, size, nil
 			}
 			if !os.IsNotExist(err) {
+				s.mu.Lock()
 				s.cacheErrors++
+				s.mu.Unlock()
 				return nil, -1, errors.Wrapf(err, "error checking for cache file %q", filepath.Join(s.reference.directory, filename))
 			}
 		}
 	}
+	s.mu.Lock()
 	s.cacheMisses++
+	s.mu.Unlock()
 	rc, size, err := s.source.GetBlob(ctx, blobinfo, cache)
 	if err != nil {
 		return rc, size, errors.Wrapf(err, "error reading blob from source image %q", transports.ImageName(s.reference))
@@ -403,7 +413,7 @@ func saveStream(wg *sync.WaitGroup, decompressReader io.ReadCloser, tempFile *os
 }
 
 func (s *blobCacheDestination) HasThreadSafePutBlob() bool {
-	return false
+	return s.destination.HasThreadSafePutBlob()
 }
 
 func (d *blobCacheDestination) PutBlob(ctx context.Context, stream io.Reader, inputInfo types.BlobInfo, cache types.BlobInfoCache, isConfig bool) (types.BlobInfo, error) {
diff --git a/vendor/github.com/containers/buildah/util.go b/vendor/github.com/containers/buildah/util.go
index 66a4e535a..5dadec7c2 100644
--- a/vendor/github.com/containers/buildah/util.go
+++ b/vendor/github.com/containers/buildah/util.go
@@ -173,24 +173,6 @@ func (b *Builder) tarPath() func(path string) (io.ReadCloser, error) {
 	}
 }
 
-// isRegistryInsecure checks if the named registry is marked as not secure
-func isRegistryInsecure(registry string, sc *types.SystemContext) (bool, error) {
-	reginfo, err := sysregistriesv2.FindRegistry(sc, registry)
-	if err != nil {
-		return false, errors.Wrapf(err, "unable to parse the registries configuration (%s)", sysregistries.RegistriesConfPath(sc))
-	}
-	if reginfo != nil {
-		if reginfo.Insecure {
-			logrus.Debugf("registry %q is marked insecure in registries configuration %q", registry, sysregistries.RegistriesConfPath(sc))
-		} else {
-			logrus.Debugf("registry %q is not marked insecure in registries configuration %q", registry, sysregistries.RegistriesConfPath(sc))
-		}
-		return reginfo.Insecure, nil
-	}
-	logrus.Debugf("registry %q is not listed in registries configuration %q, assuming it's secure", registry, sysregistries.RegistriesConfPath(sc))
-	return false, nil
-}
-
 // isRegistryBlocked checks if the named registry is marked as blocked
 func isRegistryBlocked(registry string, sc *types.SystemContext) (bool, error) {
 	reginfo, err := sysregistriesv2.FindRegistry(sc, registry)
@@ -221,11 +203,6 @@ func isReferenceSomething(ref types.ImageReference, sc *types.SystemContext, wha
 	return false, nil
 }
 
-// isReferenceInsecure checks if the registry part of a reference is insecure
-func isReferenceInsecure(ref types.ImageReference, sc *types.SystemContext) (bool, error) {
-	return isReferenceSomething(ref, sc, isRegistryInsecure)
-}
-
 // isReferenceBlocked checks if the registry part of a reference is blocked
 func isReferenceBlocked(ref types.ImageReference, sc *types.SystemContext) (bool, error) {
 	if ref != nil && ref.Transport() != nil {
diff --git a/vendor/github.com/containers/storage/store.go b/vendor/github.com/containers/storage/store.go
index a166799c6..5877c3b06 100644
--- a/vendor/github.com/containers/storage/store.go
+++ b/vendor/github.com/containers/storage/store.go
@@ -2992,7 +2992,8 @@ func copyStringInterfaceMap(m map[string]interface{}) map[string]interface{} {
 	return ret
 }
 
-const defaultConfigFile = "/etc/containers/storage.conf"
+// DefaultConfigFile path to the system wide storage.conf file
+const DefaultConfigFile = "/etc/containers/storage.conf"
 
 // ThinpoolOptionsConfig represents the "storage.options.thinpool"
 // TOML config table.
@@ -3237,7 +3238,7 @@ func init() {
 	DefaultStoreOptions.GraphRoot = "/var/lib/containers/storage"
 	DefaultStoreOptions.GraphDriverName = ""
 
-	ReloadConfigurationFile(defaultConfigFile, &DefaultStoreOptions)
+	ReloadConfigurationFile(DefaultConfigFile, &DefaultStoreOptions)
 }
 
 func GetDefaultMountOptions() ([]string, error) {