diff options
| -rw-r--r-- | cmd/podman/common/completion.go | 4 | ||||
| -rw-r--r-- | cmd/podman/login.go | 24 | ||||
| -rw-r--r-- | cmd/podman/logout.go | 9 | ||||
| -rw-r--r-- | go.mod | 2 | ||||
| -rw-r--r-- | go.sum | 4 | ||||
| -rw-r--r-- | libpod/info.go | 8 | ||||
| -rw-r--r-- | libpod/runtime.go | 22 | ||||
| -rw-r--r-- | libpod/runtime_img_test.go | 54 | ||||
| -rw-r--r-- | pkg/api/handlers/compat/auth.go | 14 | ||||
| -rw-r--r-- | pkg/registries/registries.go | 85 | ||||
| -rw-r--r-- | vendor/github.com/containers/common/libimage/runtime.go | 5 | ||||
| -rw-r--r-- | vendor/modules.txt | 2 |
12 files changed, 52 insertions, 181 deletions
diff --git a/cmd/podman/common/completion.go b/cmd/podman/common/completion.go index c93f2017c..177d094aa 100644 --- a/cmd/podman/common/completion.go +++ b/cmd/podman/common/completion.go @@ -8,11 +8,11 @@ import ( "strings" "github.com/containers/common/pkg/config" + "github.com/containers/image/v5/pkg/sysregistriesv2" "github.com/containers/podman/v3/cmd/podman/registry" "github.com/containers/podman/v3/libpod/define" "github.com/containers/podman/v3/pkg/domain/entities" "github.com/containers/podman/v3/pkg/network" - "github.com/containers/podman/v3/pkg/registries" "github.com/containers/podman/v3/pkg/rootless" systemdDefine "github.com/containers/podman/v3/pkg/systemd/define" "github.com/containers/podman/v3/pkg/util" @@ -236,7 +236,7 @@ func getSecrets(cmd *cobra.Command, toComplete string) ([]string, cobra.ShellCom } func getRegistries() ([]string, cobra.ShellCompDirective) { - regs, err := registries.GetRegistries() + regs, err := sysregistriesv2.UnqualifiedSearchRegistries(nil) if err != nil { cobra.CompErrorln(err.Error()) return nil, cobra.ShellCompDirectiveNoFileComp diff --git a/cmd/podman/login.go b/cmd/podman/login.go index 2101e32e2..a8dadf5cd 100644 --- a/cmd/podman/login.go +++ b/cmd/podman/login.go @@ -9,7 +9,6 @@ import ( "github.com/containers/image/v5/types" "github.com/containers/podman/v3/cmd/podman/common" "github.com/containers/podman/v3/cmd/podman/registry" - "github.com/containers/podman/v3/pkg/registries" "github.com/spf13/cobra" ) @@ -63,12 +62,29 @@ func login(cmd *cobra.Command, args []string) error { skipTLS = types.NewOptionalBool(!loginOptions.tlsVerify) } - sysCtx := types.SystemContext{ + sysCtx := &types.SystemContext{ AuthFilePath: loginOptions.AuthFile, DockerCertPath: loginOptions.CertDir, DockerInsecureSkipTLSVerify: skipTLS, - SystemRegistriesConfPath: registries.SystemRegistriesConfPath(), } + setRegistriesConfPath(sysCtx) loginOptions.GetLoginSet = cmd.Flag("get-login").Changed - return auth.Login(context.Background(), &sysCtx, &loginOptions.LoginOptions, args) + return auth.Login(context.Background(), sysCtx, &loginOptions.LoginOptions, args) +} + +// setRegistriesConfPath sets the registries.conf path for the specified context. +// NOTE: this is a verbatim copy from c/common/libimage which we're not using +// to prevent leaking c/storage into this file. Maybe this should go into c/image? +func setRegistriesConfPath(systemContext *types.SystemContext) { + if systemContext.SystemRegistriesConfPath != "" { + return + } + if envOverride, ok := os.LookupEnv("CONTAINERS_REGISTRIES_CONF"); ok { + systemContext.SystemRegistriesConfPath = envOverride + return + } + if envOverride, ok := os.LookupEnv("REGISTRIES_CONFIG_PATH"); ok { + systemContext.SystemRegistriesConfPath = envOverride + return + } } diff --git a/cmd/podman/logout.go b/cmd/podman/logout.go index 092ad2610..0ee134635 100644 --- a/cmd/podman/logout.go +++ b/cmd/podman/logout.go @@ -8,7 +8,6 @@ import ( "github.com/containers/image/v5/types" "github.com/containers/podman/v3/cmd/podman/common" "github.com/containers/podman/v3/cmd/podman/registry" - "github.com/containers/podman/v3/pkg/registries" "github.com/spf13/cobra" ) @@ -48,9 +47,9 @@ func init() { // Implementation of podman-logout. func logout(cmd *cobra.Command, args []string) error { - sysCtx := types.SystemContext{ - AuthFilePath: logoutOptions.AuthFile, - SystemRegistriesConfPath: registries.SystemRegistriesConfPath(), + sysCtx := &types.SystemContext{ + AuthFilePath: logoutOptions.AuthFile, } - return auth.Logout(&sysCtx, &logoutOptions, args) + setRegistriesConfPath(sysCtx) + return auth.Logout(sysCtx, &logoutOptions, args) } @@ -12,7 +12,7 @@ require ( github.com/containernetworking/cni v0.8.1 github.com/containernetworking/plugins v0.9.1 github.com/containers/buildah v1.21.1 - github.com/containers/common v0.40.2-0.20210623133759-d13a31743aec + github.com/containers/common v0.40.2-0.20210624120009-b1d3c4dc2515 github.com/containers/conmon v2.0.20+incompatible github.com/containers/image/v5 v5.13.2 github.com/containers/ocicrypt v1.1.1 @@ -221,8 +221,8 @@ github.com/containernetworking/plugins v0.9.1/go.mod h1:xP/idU2ldlzN6m4p5LmGiwRD github.com/containers/buildah v1.21.1 h1:e9LmTCUKUBLg72v5DnIOT/wc8ffkfB7LbpQBywLZo20= github.com/containers/buildah v1.21.1/go.mod h1:yPdlpVd93T+i91yGxrJbW1YOWrqN64j5ZhHOZmHUejs= github.com/containers/common v0.38.4/go.mod h1:egfpX/Y3+19Dz4Wa1eRZDdgzoEOeneieF9CQppKzLBg= -github.com/containers/common v0.40.2-0.20210623133759-d13a31743aec h1:ZcteA2klZSZAZgVonwJAqezF6hdO9SMKUy49ZHXZd38= -github.com/containers/common v0.40.2-0.20210623133759-d13a31743aec/go.mod h1:J23CfuhN1fAg85q5HxS6SKYhKbGqmqieKQqoHaQbEI8= +github.com/containers/common v0.40.2-0.20210624120009-b1d3c4dc2515 h1:ih6akqzrwgKFRxLzdoRBFRUlIGbDWPoDYxhn5GihfXM= +github.com/containers/common v0.40.2-0.20210624120009-b1d3c4dc2515/go.mod h1:J23CfuhN1fAg85q5HxS6SKYhKbGqmqieKQqoHaQbEI8= github.com/containers/conmon v2.0.20+incompatible h1:YbCVSFSCqFjjVwHTPINGdMX1F6JXHGTUje2ZYobNrkg= github.com/containers/conmon v2.0.20+incompatible/go.mod h1:hgwZ2mtuDrppv78a/cOBNiCm6O0UMWGx1mu7P00nu5I= github.com/containers/image/v5 v5.12.0/go.mod h1:VasTuHmOw+uD0oHCfApQcMO2+36SfyncoSahU7513Xs= diff --git a/libpod/info.go b/libpod/info.go index 461e39a48..cdc73780f 100644 --- a/libpod/info.go +++ b/libpod/info.go @@ -15,10 +15,10 @@ import ( "github.com/containers/buildah" "github.com/containers/common/pkg/apparmor" "github.com/containers/common/pkg/seccomp" + "github.com/containers/image/v5/pkg/sysregistriesv2" "github.com/containers/podman/v3/libpod/define" "github.com/containers/podman/v3/libpod/linkmode" "github.com/containers/podman/v3/pkg/cgroups" - registries2 "github.com/containers/podman/v3/pkg/registries" "github.com/containers/podman/v3/pkg/rootless" "github.com/containers/storage" "github.com/containers/storage/pkg/system" @@ -49,14 +49,16 @@ func (r *Runtime) info() (*define.Info, error) { } info.Store = storeInfo registries := make(map[string]interface{}) - data, err := registries2.GetRegistriesData() + + sys := r.SystemContext() + data, err := sysregistriesv2.GetRegistries(sys) if err != nil { return nil, errors.Wrapf(err, "error getting registries") } for _, reg := range data { registries[reg.Prefix] = reg } - regs, err := registries2.GetRegistries() + regs, err := sysregistriesv2.UnqualifiedSearchRegistries(sys) if err != nil { return nil, errors.Wrapf(err, "error getting registries") } diff --git a/libpod/runtime.go b/libpod/runtime.go index f53789e89..d31d00ae4 100644 --- a/libpod/runtime.go +++ b/libpod/runtime.go @@ -29,7 +29,6 @@ import ( "github.com/containers/podman/v3/libpod/plugin" "github.com/containers/podman/v3/libpod/shutdown" "github.com/containers/podman/v3/pkg/cgroups" - "github.com/containers/podman/v3/pkg/registries" "github.com/containers/podman/v3/pkg/rootless" "github.com/containers/podman/v3/pkg/util" "github.com/containers/storage" @@ -932,7 +931,9 @@ func (r *Runtime) LibimageRuntime() *libimage.Runtime { // SystemContext returns the imagecontext func (r *Runtime) SystemContext() *types.SystemContext { - return r.imageContext + // Return the context from the libimage runtime. libimage is sensitive + // to a number of env vars. + return r.libimageRuntime.SystemContext() } // GetOCIRuntimePath retrieves the path of the default OCI runtime. @@ -1042,9 +1043,9 @@ func (r *Runtime) Reload() error { if err := r.reloadStorageConf(); err != nil { return err } - if err := reloadRegistriesConf(); err != nil { - return err - } + // Invalidate the registries.conf cache. The next invocation will + // reload all data. + sysregistriesv2.InvalidateCache() return nil } @@ -1059,17 +1060,6 @@ func (r *Runtime) reloadContainersConf() error { return nil } -// reloadRegistries reloads the registries.conf -func reloadRegistriesConf() error { - sysregistriesv2.InvalidateCache() - registries, err := sysregistriesv2.GetRegistries(&types.SystemContext{SystemRegistriesConfPath: registries.SystemRegistriesConfPath()}) - if err != nil { - return err - } - logrus.Infof("applied new registry configuration: %+v", registries) - return nil -} - // reloadStorageConf reloads the storage.conf func (r *Runtime) reloadStorageConf() error { configFile, err := storage.DefaultConfigFile(rootless.IsRootless()) diff --git a/libpod/runtime_img_test.go b/libpod/runtime_img_test.go deleted file mode 100644 index c25f3f08c..000000000 --- a/libpod/runtime_img_test.go +++ /dev/null @@ -1,54 +0,0 @@ -package libpod - -import ( - "io/ioutil" - "os" - "reflect" - "testing" - - sysreg "github.com/containers/podman/v3/pkg/registries" - "github.com/stretchr/testify/assert" -) - -var ( - registry = `[registries.search] -registries = ['one'] - -[registries.insecure] -registries = ['two']` -) - -func createTmpFile(content []byte) (string, error) { - tmpfile, err := ioutil.TempFile(os.TempDir(), "unittest") - if err != nil { - return "", err - } - - if _, err := tmpfile.Write(content); err != nil { - return "", err - } - if err := tmpfile.Close(); err != nil { - return "", err - } - return tmpfile.Name(), nil -} - -func TestGetRegistries(t *testing.T) { - registryPath, err := createTmpFile([]byte(registry)) - assert.NoError(t, err) - defer os.Remove(registryPath) - os.Setenv("CONTAINERS_REGISTRIES_CONF", registryPath) - registries, err := sysreg.GetRegistries() - assert.NoError(t, err) - assert.True(t, reflect.DeepEqual(registries, []string{"one"})) -} - -func TestGetInsecureRegistries(t *testing.T) { - registryPath, err := createTmpFile([]byte(registry)) - assert.NoError(t, err) - os.Setenv("CONTAINERS_REGISTRIES_CONF", registryPath) - defer os.Remove(registryPath) - registries, err := sysreg.GetInsecureRegistries() - assert.NoError(t, err) - assert.True(t, reflect.DeepEqual(registries, []string{"two"})) -} diff --git a/pkg/api/handlers/compat/auth.go b/pkg/api/handlers/compat/auth.go index 2c152fbc2..3594c9781 100644 --- a/pkg/api/handlers/compat/auth.go +++ b/pkg/api/handlers/compat/auth.go @@ -9,9 +9,9 @@ import ( DockerClient "github.com/containers/image/v5/docker" "github.com/containers/image/v5/types" + "github.com/containers/podman/v3/libpod" "github.com/containers/podman/v3/pkg/api/handlers/utils" "github.com/containers/podman/v3/pkg/domain/entities" - "github.com/containers/podman/v3/pkg/registries" docker "github.com/docker/docker/api/types" "github.com/pkg/errors" ) @@ -37,15 +37,13 @@ func Auth(w http.ResponseWriter, r *http.Request) { skipTLS = types.NewOptionalBool(true) } + runtime := r.Context().Value("runtime").(*libpod.Runtime) + sysCtx := runtime.SystemContext() + sysCtx.DockerInsecureSkipTLSVerify = skipTLS + fmt.Println("Authenticating with existing credentials...") - sysCtx := types.SystemContext{ - AuthFilePath: "", - DockerCertPath: "", - DockerInsecureSkipTLSVerify: skipTLS, - SystemRegistriesConfPath: registries.SystemRegistriesConfPath(), - } registry := stripAddressOfScheme(authConfig.ServerAddress) - if err := DockerClient.CheckAuth(context.Background(), &sysCtx, authConfig.Username, authConfig.Password, registry); err == nil { + if err := DockerClient.CheckAuth(context.Background(), sysCtx, authConfig.Username, authConfig.Password, registry); err == nil { utils.WriteResponse(w, http.StatusOK, entities.AuthReport{ IdentityToken: "", Status: "Login Succeeded", diff --git a/pkg/registries/registries.go b/pkg/registries/registries.go deleted file mode 100644 index 34c9138e3..000000000 --- a/pkg/registries/registries.go +++ /dev/null @@ -1,85 +0,0 @@ -package registries - -// TODO: this package should not exist anymore. Users should either use -// c/image's `sysregistriesv2` package directly OR, even better, we cache a -// config in libpod's image runtime so we don't need to parse the -// registries.conf files redundantly. - -import ( - "os" - "path/filepath" - - "github.com/containers/image/v5/pkg/sysregistriesv2" - "github.com/containers/image/v5/types" - "github.com/containers/podman/v3/pkg/rootless" - "github.com/pkg/errors" -) - -// userRegistriesFile is the path to the per user registry configuration file. -var userRegistriesFile = filepath.Join(os.Getenv("HOME"), ".config/containers/registries.conf") - -// SystemRegistriesConfPath returns an appropriate value for types.SystemContext.SystemRegistriesConfPath -// (possibly "", which is not an error), taking into account rootless mode and environment variable overrides. -// -// FIXME: This should be centralized in a global SystemContext initializer inherited throughout the code, -// not haphazardly called throughout the way it is being called now. -func SystemRegistriesConfPath() string { - if envOverride, ok := os.LookupEnv("CONTAINERS_REGISTRIES_CONF"); ok { - return envOverride - } - if envOverride, ok := os.LookupEnv("REGISTRIES_CONFIG_PATH"); ok { - return envOverride - } - - if rootless.IsRootless() { - if _, err := os.Stat(userRegistriesFile); err == nil { - return userRegistriesFile - } - } - - return "" -} - -// GetRegistriesData obtains the list of registries -func GetRegistriesData() ([]sysregistriesv2.Registry, error) { - registries, err := sysregistriesv2.GetRegistries(&types.SystemContext{SystemRegistriesConfPath: SystemRegistriesConfPath()}) - if err != nil { - return nil, errors.Wrapf(err, "unable to parse the registries.conf file") - } - return registries, nil -} - -// GetRegistries obtains the list of search registries defined in the global registries file. -func GetRegistries() ([]string, error) { - return sysregistriesv2.UnqualifiedSearchRegistries(&types.SystemContext{SystemRegistriesConfPath: SystemRegistriesConfPath()}) -} - -// GetBlockedRegistries obtains the list of blocked registries defined in the global registries file. -func GetBlockedRegistries() ([]string, error) { - var blockedRegistries []string - registries, err := GetRegistriesData() - if err != nil { - return nil, err - } - for _, reg := range registries { - if reg.Blocked { - blockedRegistries = append(blockedRegistries, reg.Prefix) - } - } - return blockedRegistries, nil -} - -// GetInsecureRegistries obtains the list of insecure registries from the global registration file. -func GetInsecureRegistries() ([]string, error) { - var insecureRegistries []string - registries, err := GetRegistriesData() - if err != nil { - return nil, err - } - for _, reg := range registries { - if reg.Insecure { - insecureRegistries = append(insecureRegistries, reg.Prefix) - } - } - return insecureRegistries, nil -} diff --git a/vendor/github.com/containers/common/libimage/runtime.go b/vendor/github.com/containers/common/libimage/runtime.go index 3cbd3dcf4..d07d6a83a 100644 --- a/vendor/github.com/containers/common/libimage/runtime.go +++ b/vendor/github.com/containers/common/libimage/runtime.go @@ -54,6 +54,11 @@ type Runtime struct { } // Returns a copy of the runtime's system context. +func (r *Runtime) SystemContext() *types.SystemContext { + return r.systemContextCopy() +} + +// Returns a copy of the runtime's system context. func (r *Runtime) systemContextCopy() *types.SystemContext { var sys types.SystemContext deepcopy.Copy(&sys, &r.systemContext) diff --git a/vendor/modules.txt b/vendor/modules.txt index c4cfc0d83..b749ff8e3 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -93,7 +93,7 @@ github.com/containers/buildah/pkg/overlay github.com/containers/buildah/pkg/parse github.com/containers/buildah/pkg/rusage github.com/containers/buildah/util -# github.com/containers/common v0.40.2-0.20210623133759-d13a31743aec +# github.com/containers/common v0.40.2-0.20210624120009-b1d3c4dc2515 github.com/containers/common/libimage github.com/containers/common/libimage/manifests github.com/containers/common/pkg/apparmor |