diff options
| -rw-r--r-- | contrib/spec/podman.spec.in | 23 | ||||
| -rw-r--r-- | pkg/api/handlers/compat/images_push.go | 41 | ||||
| -rw-r--r-- | pkg/api/handlers/compat/networks.go | 2 | ||||
| -rw-r--r-- | test/apiv2/12-imagesMore.at | 18 | ||||
| -rw-r--r-- | test/apiv2/35-networks.at | 3 |
5 files changed, 79 insertions, 8 deletions
diff --git a/contrib/spec/podman.spec.in b/contrib/spec/podman.spec.in index db79ebede..662234f71 100644 --- a/contrib/spec/podman.spec.in +++ b/contrib/spec/podman.spec.in @@ -380,6 +380,29 @@ tar zxf %{SOURCE1} %build mkdir _build pushd _build + +# These flags should work for all rpm distros and arches +export CGO_CFLAGS="-O2 -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -ffat-lto-objects -fexceptions -fasynchronous-unwind-tables -fstack-protector-strong -fstack-clash-protection -D_GNU_SOURCE -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE" + +%if 0%{?fedora} || 0%{?rhel} +# This flag is only present on RH-family distros +export CGO_CFLAGS+=" -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1" +%endif + +%ifnarch %{ix86} +# Build fails on i686 with this flag +export CGO_CFLAGS+=" -D_FILE_OFFSET_BITS=64" +%endif + +%ifarch x86_64 +# Builds only on x86_64 with this flag +export CGO_CFLAGS+=" -m64 -mtune=generic" +%if 0%{?fedora} || 0%{?rhel} >= 8 +# Build fails on rhel7 and non-86_64 with this flag +export CGO_CFLAGS+=" -fcf-protection" +%endif +%endif + mkdir -p src/%{provider}.%{provider_tld}/%{project} ln -s ../../../../ src/%{import_path} popd diff --git a/pkg/api/handlers/compat/images_push.go b/pkg/api/handlers/compat/images_push.go index 34b53f34e..77d891546 100644 --- a/pkg/api/handlers/compat/images_push.go +++ b/pkg/api/handlers/compat/images_push.go @@ -1,6 +1,8 @@ package compat import ( + "fmt" + "io/ioutil" "net/http" "strings" @@ -19,6 +21,14 @@ import ( func PushImage(w http.ResponseWriter, r *http.Request) { decoder := r.Context().Value("decoder").(*schema.Decoder) runtime := r.Context().Value("runtime").(*libpod.Runtime) + + digestFile, err := ioutil.TempFile("", "digest.txt") + if err != nil { + utils.Error(w, "unable to create digest tempfile", http.StatusInternalServerError, errors.Wrap(err, "unable to create tempfile")) + return + } + defer digestFile.Close() + // Now use the ABI implementation to prevent us from having duplicate // code. imageEngine := abi.ImageEngine{Libpod: runtime} @@ -65,12 +75,13 @@ func PushImage(w http.ResponseWriter, r *http.Request) { password = authconf.Password } options := entities.ImagePushOptions{ - All: query.All, - Authfile: authfile, - Compress: query.Compress, - Format: query.Format, - Password: password, - Username: username, + All: query.All, + Authfile: authfile, + Compress: query.Compress, + Format: query.Format, + Password: password, + Username: username, + DigestFile: digestFile.Name(), } if _, found := r.URL.Query()["tlsVerify"]; found { options.SkipTLSVerify = types.NewOptionalBool(!query.TLSVerify) @@ -93,5 +104,21 @@ func PushImage(w http.ResponseWriter, r *http.Request) { return } - utils.WriteResponse(w, http.StatusOK, "") + digestBytes, err := ioutil.ReadAll(digestFile) + if err != nil { + utils.Error(w, "Something went wrong.", http.StatusInternalServerError, errors.Wrap(err, "failed to read digest tmp file")) + return + } + + tag := query.Tag + if tag == "" { + tag = "latest" + } + respData := struct { + Status string `json:"status"` + }{ + Status: fmt.Sprintf("%s: digest: %s size: null", tag, string(digestBytes)), + } + + utils.WriteJSON(w, http.StatusOK, &respData) } diff --git a/pkg/api/handlers/compat/networks.go b/pkg/api/handlers/compat/networks.go index f7a70816f..85d2db87e 100644 --- a/pkg/api/handlers/compat/networks.go +++ b/pkg/api/handlers/compat/networks.go @@ -196,7 +196,7 @@ func ListNetworks(w http.ResponseWriter, r *http.Request) { return } - var reports []*types.NetworkResource + reports := []*types.NetworkResource{} logrus.Debugf("netNames: %q", strings.Join(netNames, ", ")) for _, name := range netNames { report, err := getNetworkResourceByNameOrID(name, runtime, query.Filters) diff --git a/test/apiv2/12-imagesMore.at b/test/apiv2/12-imagesMore.at index fe6a271ce..4f3ddf925 100644 --- a/test/apiv2/12-imagesMore.at +++ b/test/apiv2/12-imagesMore.at @@ -3,6 +3,9 @@ # Tests for more image-related endpoints # +red='\e[31m' +nc='\e[0m' + podman pull -q $IMAGE t GET libpod/images/json 200 \ @@ -26,6 +29,17 @@ t GET libpod/images/$IMAGE/json 200 \ podman run -d --name registry -p 5000:5000 quay.io/libpod/registry:2.6 /entrypoint.sh /etc/docker/registry/config.yml wait_for_port localhost 5000 +# Push to local registry and check output +while read -r LINE +do + if echo "${LINE}" | jq --exit-status 'select( .status != null) | select ( .status | contains("digest: sha256:"))' &>/dev/null; then + GOT_DIGEST="1" + fi +done < <(curl -sL "http://$HOST:$PORT/images/localhost:5000/myrepo/push?tlsVerify=false&tag=mytag" -XPOST) +if [ -z "${GOT_DIGEST}" ] ; then + echo -e "${red}not ok: did not found digest in output${nc}" 1>&2; +fi + # Push to local registry t POST "images/localhost:5000/myrepo/push?tlsVerify=false&tag=mytag" '' 200 @@ -43,3 +57,7 @@ t DELETE libpod/images/$IMAGE 200 \ .ExitCode=0 t DELETE libpod/images/quay.io/libpod/registry:2.6 200 \ .ExitCode=0 + +if [ -z "${GOT_DIGEST}" ] ; then + exit 1; +fi diff --git a/test/apiv2/35-networks.at b/test/apiv2/35-networks.at index 5327bd076..7ce109913 100644 --- a/test/apiv2/35-networks.at +++ b/test/apiv2/35-networks.at @@ -46,6 +46,9 @@ length=1 \ # invalid filter filters={"dangling":["1"]} t GET networks?filters=%7B%22dangling%22%3A%5B%221%22%5D%7D 500 \ .cause='invalid filter "dangling"' +# (#9293 with no networks the endpoint should return empty array instead of null) +t GET networks?filters=%7B%22name%22%3A%5B%22doesnotexists%22%5D%7D 200 \ +"[]" # network inspect docker t GET networks/a7662f44d65029fd4635c91feea3d720a57cef52e2a9fcc7772b69072cc1ccd1 200 \ |