diff options
-rw-r--r-- | SECURITY.md | 4 | ||||
-rw-r--r-- | pkg/api/handlers/compat/info.go | 34 | ||||
-rw-r--r-- | test/apiv2/20-containers.at | 5 | ||||
-rw-r--r-- | test/python/docker/__init__.py | 21 | ||||
-rw-r--r-- | test/python/docker/compat/test_system.py | 5 |
5 files changed, 56 insertions, 13 deletions
diff --git a/SECURITY.md b/SECURITY.md index 1f6d5088d..6f919afbb 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -1,3 +1,3 @@ -## Security and Disclosure Information Policy for the Libpod Project +## Security and Disclosure Information Policy for the Podman Project -The Libpod Project follows the [Security and Disclosure Information Policy](https://github.com/containers/common/blob/main/SECURITY.md) for the Containers Projects. +The Podman Project follows the [Security and Disclosure Information Policy](https://github.com/containers/common/blob/main/SECURITY.md) for the Containers Projects. diff --git a/pkg/api/handlers/compat/info.go b/pkg/api/handlers/compat/info.go index 42a513002..2dfca2f30 100644 --- a/pkg/api/handlers/compat/info.go +++ b/pkg/api/handlers/compat/info.go @@ -11,6 +11,7 @@ import ( "github.com/containers/common/pkg/config" "github.com/containers/common/pkg/sysinfo" + "github.com/containers/image/v5/pkg/sysregistriesv2" "github.com/containers/podman/v4/libpod" "github.com/containers/podman/v4/libpod/define" "github.com/containers/podman/v4/pkg/api/handlers" @@ -108,7 +109,7 @@ func GetInfo(w http.ResponseWriter, r *http.Request) { Log: infoData.Plugins.Log, }, ProductLicense: "Apache-2.0", - RegistryConfig: new(registry.ServiceConfig), + RegistryConfig: getServiceConfig(runtime), RuncCommit: docker.Commit{}, Runtimes: getRuntimes(configInfo), SecurityOptions: getSecOpts(sysInfo), @@ -133,6 +134,37 @@ func GetInfo(w http.ResponseWriter, r *http.Request) { utils.WriteResponse(w, http.StatusOK, info) } +func getServiceConfig(runtime *libpod.Runtime) *registry.ServiceConfig { + var indexConfs map[string]*registry.IndexInfo + + regs, err := sysregistriesv2.GetRegistries(runtime.SystemContext()) + if err == nil { + indexConfs = make(map[string]*registry.IndexInfo, len(regs)) + for _, reg := range regs { + mirrors := make([]string, len(reg.Mirrors)) + for i, mirror := range reg.Mirrors { + mirrors[i] = mirror.Location + } + indexConfs[reg.Prefix] = ®istry.IndexInfo{ + Name: reg.Prefix, + Mirrors: mirrors, + Secure: !reg.Insecure, + } + } + } else { + log.Warnf("failed to get registries configuration: %v", err) + indexConfs = make(map[string]*registry.IndexInfo) + } + + return ®istry.ServiceConfig{ + AllowNondistributableArtifactsCIDRs: make([]*registry.NetIPNet, 0), + AllowNondistributableArtifactsHostnames: make([]string, 0), + InsecureRegistryCIDRs: make([]*registry.NetIPNet, 0), + IndexConfigs: indexConfs, + Mirrors: make([]string, 0), + } +} + func getGraphStatus(storeInfo map[string]string) [][2]string { graphStatus := make([][2]string, 0, len(storeInfo)) for k, v := range storeInfo { diff --git a/test/apiv2/20-containers.at b/test/apiv2/20-containers.at index 72003984f..e6d49ac25 100644 --- a/test/apiv2/20-containers.at +++ b/test/apiv2/20-containers.at @@ -18,6 +18,11 @@ podman rm -a -f &>/dev/null t GET "libpod/containers/json (at start: clean slate)" 200 length=0 +# Regression test for #12904 +podman run --rm -d --replace --name foo $IMAGE sh -c "echo 123;sleep 42" +t POST "containers/foo/attach?logs=true&stream=false" 200 +t POST "containers/foo/kill" 204 + podman run -v /tmp:/tmp $IMAGE true t GET libpod/containers/json 200 length=0 diff --git a/test/python/docker/__init__.py b/test/python/docker/__init__.py index 80fc2a133..816667b82 100644 --- a/test/python/docker/__init__.py +++ b/test/python/docker/__init__.py @@ -42,16 +42,19 @@ class Podman(object): os.environ["CONTAINERS_REGISTRIES_CONF"] = os.path.join( self.anchor_directory, "registry.conf" ) - p = configparser.ConfigParser() - p.read_dict( - { - "registries.search": {"registries": "['quay.io', 'docker.io']"}, - "registries.insecure": {"registries": "[]"}, - "registries.block": {"registries": "[]"}, - } - ) + conf = """unqualified-search-registries = ["docker.io", "quay.io"] + +[[registry]] +location="localhost:5000" +insecure=true + +[[registry.mirror]] +location = "mirror.localhost:5000" + +""" + with open(os.environ["CONTAINERS_REGISTRIES_CONF"], "w") as w: - p.write(w) + w.write(conf) os.environ["CNI_CONFIG_PATH"] = os.path.join( self.anchor_directory, "cni", "net.d" diff --git a/test/python/docker/compat/test_system.py b/test/python/docker/compat/test_system.py index 131b18991..a928de0ee 100644 --- a/test/python/docker/compat/test_system.py +++ b/test/python/docker/compat/test_system.py @@ -54,7 +54,10 @@ class TestSystem(unittest.TestCase): return super().tearDownClass() def test_Info(self): - self.assertIsNotNone(self.client.info()) + info = self.client.info() + self.assertIsNotNone(info) + self.assertEqual(info["RegistryConfig"]["IndexConfigs"]["localhost:5000"]["Secure"], False) + self.assertEqual(info["RegistryConfig"]["IndexConfigs"]["localhost:5000"]["Mirrors"], ["mirror.localhost:5000"]) def test_info_container_details(self): info = self.client.info() |