diff options
33 files changed, 1329 insertions, 137 deletions
diff --git a/cmd/podman/create.go b/cmd/podman/create.go index ac6bc2969..b3aa42b8a 100644 --- a/cmd/podman/create.go +++ b/cmd/podman/create.go @@ -527,7 +527,7 @@ func parseCreateOpts(c *cli.Context, runtime *libpod.Runtime, imageName string, } // STOP SIGNAL - stopSignal := syscall.SIGINT + stopSignal := syscall.SIGTERM signalString := data.Config.StopSignal if c.IsSet("stop-signal") { signalString = c.String("stop-signal") diff --git a/cmd/podman/inspect.go b/cmd/podman/inspect.go index 2e70eaa0a..ba7b17ed7 100644 --- a/cmd/podman/inspect.go +++ b/cmd/podman/inspect.go @@ -2,6 +2,7 @@ package main import ( "encoding/json" + specs "github.com/opencontainers/runtime-spec/specs-go" "github.com/pkg/errors" "github.com/projectatomic/libpod/cmd/podman/formats" @@ -163,8 +164,8 @@ func getCtrInspectInfo(ctr *libpod.Container, ctrInspectData *inspect.ContainerI } data := &inspect.ContainerData{ - CtrInspectData: ctrInspectData, - HostConfig: &inspect.HostConfig{ + ctrInspectData, + &inspect.HostConfig{ ConsoleSize: spec.Process.ConsoleSize, OomScoreAdj: spec.Process.OOMScoreAdj, CPUShares: shares, @@ -210,7 +211,7 @@ func getCtrInspectInfo(ctr *libpod.Container, ctrInspectData *inspect.ContainerI Ulimits: createArtifact.Resources.Ulimit, SecurityOpt: createArtifact.SecurityOpts, }, - Config: &inspect.CtrConfig{ + &inspect.CtrConfig{ Hostname: spec.Hostname, User: spec.Process.User, Env: spec.Process.Env, diff --git a/cmd/podman/main.go b/cmd/podman/main.go index bda8ff517..f18615760 100644 --- a/cmd/podman/main.go +++ b/cmd/podman/main.go @@ -64,6 +64,7 @@ func main() { rmiCommand, runCommand, saveCommand, + searchCommand, startCommand, statsCommand, stopCommand, diff --git a/cmd/podman/pull.go b/cmd/podman/pull.go index 5726b20f1..c19e6715b 100644 --- a/cmd/podman/pull.go +++ b/cmd/podman/pull.go @@ -1,16 +1,14 @@ package main import ( - "fmt" "io" "os" - "golang.org/x/crypto/ssh/terminal" - "github.com/containers/image/types" "github.com/pkg/errors" "github.com/projectatomic/libpod/libpod" "github.com/projectatomic/libpod/libpod/common" + "github.com/projectatomic/libpod/pkg/util" "github.com/sirupsen/logrus" "github.com/urfave/cli" ) @@ -80,19 +78,11 @@ func pullCmd(c *cli.Context) error { image := args[0] var registryCreds *types.DockerAuthConfig - if c.String("creds") != "" { - creds, err := common.ParseRegistryCreds(c.String("creds")) + + if c.IsSet("creds") { + creds, err := util.ParseRegistryCreds(c.String("creds")) if err != nil { - if err == common.ErrNoPassword { - fmt.Print("Password: ") - password, err := terminal.ReadPassword(0) - if err != nil { - return errors.Wrapf(err, "could not read password from terminal") - } - creds.Password = string(password) - } else { - return err - } + return err } registryCreds = creds } diff --git a/cmd/podman/push.go b/cmd/podman/push.go index 69d6e6629..2f0d73ffa 100644 --- a/cmd/podman/push.go +++ b/cmd/podman/push.go @@ -13,8 +13,8 @@ import ( "github.com/pkg/errors" "github.com/projectatomic/libpod/libpod" "github.com/projectatomic/libpod/libpod/common" + "github.com/projectatomic/libpod/pkg/util" "github.com/urfave/cli" - "golang.org/x/crypto/ssh/terminal" ) var ( @@ -97,25 +97,15 @@ func pushCmd(c *cli.Context) error { } } - registryCredsString := c.String("creds") certPath := c.String("cert-dir") skipVerify := !c.BoolT("tls-verify") removeSignatures := c.Bool("remove-signatures") signBy := c.String("sign-by") - if registryCredsString != "" { - creds, err := common.ParseRegistryCreds(registryCredsString) + if c.IsSet("creds") { + creds, err := util.ParseRegistryCreds(c.String("creds")) if err != nil { - if err == common.ErrNoPassword { - fmt.Print("Password: ") - password, err := terminal.ReadPassword(0) - if err != nil { - return errors.Wrapf(err, "could not read password from terminal") - } - creds.Password = string(password) - } else { - return err - } + return err } registryCreds = creds } diff --git a/cmd/podman/search.go b/cmd/podman/search.go new file mode 100644 index 000000000..01eaa6729 --- /dev/null +++ b/cmd/podman/search.go @@ -0,0 +1,290 @@ +package main + +import ( + "context" + "reflect" + "strconv" + "strings" + + "github.com/containers/image/docker" + "github.com/pkg/errors" + "github.com/projectatomic/libpod/cmd/podman/formats" + "github.com/projectatomic/libpod/libpod" + "github.com/projectatomic/libpod/libpod/common" + "github.com/sirupsen/logrus" + "github.com/urfave/cli" +) + +const ( + descriptionTruncLength = 44 + maxQueries = 25 +) + +var ( + searchFlags = []cli.Flag{ + cli.StringSliceFlag{ + Name: "filter, f", + Usage: "filter output based on conditions provided (default [])", + }, + cli.StringFlag{ + Name: "format", + Usage: "change the output format to a Go template", + }, + cli.IntFlag{ + Name: "limit", + Usage: "limit the number of results", + }, + cli.BoolFlag{ + Name: "no-trunc", + Usage: "do not truncate the output", + }, + cli.StringSliceFlag{ + Name: "registry", + Usage: "specific registry to search", + }, + } + searchDescription = ` + Search registries for a given image. Can search all the default registries or a specific registry. + Can limit the number of results, and filter the output based on certain conditions.` + searchCommand = cli.Command{ + Name: "search", + Usage: "search registry for image", + Description: searchDescription, + Flags: searchFlags, + Action: searchCmd, + ArgsUsage: "TERM", + } +) + +type searchParams struct { + Index string + Name string + Description string + Stars int + Official string + Automated string +} + +type searchOpts struct { + filter []string + limit int + noTrunc bool + format string +} + +type searchFilterParams struct { + stars int + isAutomated *bool + isOfficial *bool +} + +func searchCmd(c *cli.Context) error { + args := c.Args() + if len(args) > 1 { + return errors.Errorf("too many arguments. Requires exactly 1") + } + if len(args) == 0 { + return errors.Errorf("no argument given, requires exactly 1 argument") + } + term := args[0] + + if err := validateFlags(c, searchFlags); err != nil { + return err + } + + runtime, err := getRuntime(c) + if err != nil { + return errors.Wrapf(err, "could not get runtime") + } + defer runtime.Shutdown(false) + + format := genSearchFormat(c.String("format")) + opts := searchOpts{ + format: format, + noTrunc: c.Bool("no-trunc"), + limit: c.Int("limit"), + filter: c.StringSlice("filter"), + } + + var registries []string + if len(c.StringSlice("registry")) > 0 { + registries = c.StringSlice("registry") + } else { + registries, err = libpod.GetRegistries() + if err != nil { + return errors.Wrapf(err, "error getting registries to search") + } + } + + filter, err := parseSearchFilter(&opts) + if err != nil { + return err + } + + return generateSearchOutput(term, registries, opts, *filter) +} + +func genSearchFormat(format string) string { + if format != "" { + // "\t" from the command line is not being recognized as a tab + // replacing the string "\t" to a tab character if the user passes in "\t" + return strings.Replace(format, `\t`, "\t", -1) + } + return "table {{.Index}}\t{{.Name}}\t{{.Description}}\t{{.Stars}}\t{{.Official}}\t{{.Automated}}\t" +} + +func searchToGeneric(params []searchParams) (genericParams []interface{}) { + for _, v := range params { + genericParams = append(genericParams, interface{}(v)) + } + return genericParams +} + +func (s *searchParams) headerMap() map[string]string { + v := reflect.Indirect(reflect.ValueOf(s)) + values := make(map[string]string, v.NumField()) + + for i := 0; i < v.NumField(); i++ { + key := v.Type().Field(i).Name + value := key + values[key] = strings.ToUpper(splitCamelCase(value)) + } + return values +} + +func getSearchOutput(term string, registries []string, opts searchOpts, filter searchFilterParams) ([]searchParams, error) { + sc := common.GetSystemContext("", "", false) + // Max number of queries by default is 25 + limit := maxQueries + if opts.limit != 0 { + limit = opts.limit + } + + var paramsArr []searchParams + for _, reg := range registries { + results, err := docker.SearchRegistry(context.TODO(), sc, reg, term, limit) + if err != nil { + logrus.Errorf("error searching registry %q: %v", reg, err) + continue + } + index := reg + arr := strings.Split(reg, ".") + if len(arr) > 2 { + index = strings.Join(arr[len(arr)-2:], ".") + } + + // limit is the number of results to output + // if the total number of results is less than the limit, output all + // if the limit has been set by the user, output those number of queries + limit := maxQueries + if len(results) < limit { + limit = len(results) + } + if opts.limit != 0 && opts.limit < len(results) { + limit = opts.limit + } + + for i := 0; i < limit; i++ { + if len(opts.filter) > 0 { + // Check whether query matches filters + if !(matchesAutomatedFilter(filter, results[i]) && matchesOfficialFilter(filter, results[i]) && matchesStarFilter(filter, results[i])) { + continue + } + } + official := "" + if results[i].IsOfficial { + official = "[OK]" + } + automated := "" + if results[i].IsAutomated { + automated = "[OK]" + } + description := strings.Replace(results[i].Description, "\n", " ", -1) + if len(description) > 44 && !opts.noTrunc { + description = description[:descriptionTruncLength] + "..." + } + name := index + "/" + results[i].Name + if index == "docker.io" && !strings.Contains(results[i].Name, "/") { + name = index + "/library/" + results[i].Name + } + params := searchParams{ + Index: index, + Name: name, + Description: description, + Official: official, + Automated: automated, + Stars: results[i].StarCount, + } + paramsArr = append(paramsArr, params) + } + } + return paramsArr, nil +} + +func generateSearchOutput(term string, registries []string, opts searchOpts, filter searchFilterParams) error { + searchOutput, err := getSearchOutput(term, registries, opts, filter) + if err != nil { + return err + } + if len(searchOutput) == 0 { + return nil + } + out := formats.StdoutTemplateArray{Output: searchToGeneric(searchOutput), Template: opts.format, Fields: searchOutput[0].headerMap()} + return formats.Writer(out).Out() +} + +func parseSearchFilter(opts *searchOpts) (*searchFilterParams, error) { + filterParams := &searchFilterParams{} + ptrTrue := true + ptrFalse := false + for _, filter := range opts.filter { + arr := strings.Split(filter, "=") + switch arr[0] { + case "stars": + if len(arr) < 2 { + return nil, errors.Errorf("invalid `stars` filter %q, should be stars=<value>", filter) + } + stars, err := strconv.Atoi(arr[1]) + if err != nil { + return nil, errors.Wrapf(err, "incorrect value type for stars filter") + } + filterParams.stars = stars + break + case "is-automated": + if len(arr) == 2 && arr[1] == "false" { + filterParams.isAutomated = &ptrFalse + } else { + filterParams.isAutomated = &ptrTrue + } + break + case "is-official": + if len(arr) == 2 && arr[1] == "false" { + filterParams.isOfficial = &ptrFalse + } else { + filterParams.isOfficial = &ptrTrue + } + break + default: + return nil, errors.Errorf("invalid filter type %q", filter) + } + } + return filterParams, nil +} + +func matchesStarFilter(filter searchFilterParams, result docker.SearchResult) bool { + return result.StarCount >= filter.stars +} + +func matchesAutomatedFilter(filter searchFilterParams, result docker.SearchResult) bool { + if filter.isAutomated != nil { + return result.IsAutomated == *filter.isAutomated + } + return true +} + +func matchesOfficialFilter(filter searchFilterParams, result docker.SearchResult) bool { + if filter.isOfficial != nil { + return result.IsOfficial == *filter.isOfficial + } + return true +} diff --git a/completions/bash/podman b/completions/bash/podman index 0087c56b9..b1033df1c 100644 --- a/completions/bash/podman +++ b/completions/bash/podman @@ -954,6 +954,19 @@ _podman_pull() { _complete_ "$options_with_args" "$boolean_options" } +_podman_search() { + local options_with_args=" + --filter -f + --format + --limit + --registry + " + local boolean_options=" + --no-trunc + " + _complete_ "$options_with_args" "$boolean_options" +} + _podman_unmount() { _podman_umount $@ } @@ -1589,6 +1602,7 @@ _podman_podman() { rmi run save + search start stats stop diff --git a/docs/podman-build.1.md b/docs/podman-build.1.md index 61c8d8aaa..d4e9af175 100644 --- a/docs/podman-build.1.md +++ b/docs/podman-build.1.md @@ -38,7 +38,8 @@ resulting image's configuration. **--cert-dir** *path* -Use certificates at *path* (*.crt, *.cert, *.key) to connect to the registry +Use certificates at *path* (*.crt, *.cert, *.key) to connect to the registry. +Default certificates directory is _/etc/containers/certs.d_. **--creds** *creds* diff --git a/docs/podman-inspect.1.md b/docs/podman-inspect.1.md index 5b8a344d7..e40dfa29f 100644 --- a/docs/podman-inspect.1.md +++ b/docs/podman-inspect.1.md @@ -79,6 +79,16 @@ Display the total file size if the type is a container } ``` +``` +# podman inspect a04 --format "{{.ImageName}}" +fedora +``` + +``` +$ sudo podman inspect a04 --format "{{.GraphDriver.Name}}" +overlay +``` + ## SEE ALSO podman(1) diff --git a/docs/podman-login.1.md b/docs/podman-login.1.md index fcf32870a..b22a02553 100644 --- a/docs/podman-login.1.md +++ b/docs/podman-login.1.md @@ -38,7 +38,8 @@ Username for registry Path of the authentication file. Default is ${XDG_\RUNTIME\_DIR}/containers/auth.json **--cert-dir** -Pathname of a directory containing TLS certificates and keys used to connect to the registry +Pathname of a directory containing TLS certificates and keys used to connect to the registry. +Default certificates directory is _/etc/containers/certs.d_. **--tls-verify** Require HTTPS and verify certificates when contacting registries (default: true) diff --git a/docs/podman-pull.1.md b/docs/podman-pull.1.md index b1212ee6b..1a1611fd0 100644 --- a/docs/podman-pull.1.md +++ b/docs/podman-pull.1.md @@ -61,11 +61,14 @@ If the authorization state is not found there, $HOME/.docker/config.json is chec **--cert-dir** -Pathname of a directory containing TLS certificates and keys +Pathname of a directory containing TLS certificates and keys. +Default certificates directory is _/etc/containers/certs.d_. **--creds** -Credentials (USERNAME:PASSWORD) to use for authenticating to a registry +The [username[:password]] to use to authenticate with the registry if required. +If one or both values are not supplied, a command line prompt will appear and the +value can be entered. The password is entered without echo. **--quiet, -q** diff --git a/docs/podman-push.1.md b/docs/podman-push.1.md index 63c75ea36..964758da6 100644 --- a/docs/podman-push.1.md +++ b/docs/podman-push.1.md @@ -53,11 +53,14 @@ If the authorization state is not found there, $HOME/.docker/config.json is chec **--creds="CREDENTIALS"** -Credentials (USERNAME:PASSWORD) to use for authenticating to a registry +The [username[:password]] to use to authenticate with the registry if required. +If one or both values are not supplied, a command line prompt will appear and the +value can be entered. The password is entered without echo. **cert-dir="PATHNAME"** -Pathname of a directory containing TLS certificates and keys +Pathname of a directory containing TLS certificates and keys. +Default certificates directory is _/etc/containers/certs.d_. **--compress** diff --git a/docs/podman-search.1.md b/docs/podman-search.1.md new file mode 100644 index 000000000..668748d3f --- /dev/null +++ b/docs/podman-search.1.md @@ -0,0 +1,115 @@ +% podman(1) podman-search - Tool to search registries for an image +% Urvashi Mohnani +# podman-search "1" "January 2018" "podman" + +## NAME +podman search - Search a registry for an image + +## SYNOPSIS +**podman search** +**TERM** +[**--filter**|**-f**] +[**--format**] +[**--limit**] +[**--no-trunc**] +[**--registry**] +[**--help**|**-h**] + +## DESCRIPTION +**podman search** searches a registry or a list of registries for a matching image. +The user can specify which registry to search by setting the **--registry** flag, default +is the default registries set in the config file - **/etc/containers/registries.conf**. +The number of results can be limited using the **--limit** flag. If more than one registry +is being searched, the limit will be applied to each registry. The output can be filtered +using the **--filter** flag. + +**podman [GLOBAL OPTIONS]** + +**podman search [GLOBAL OPTIONS]** + +**podman search [OPTIONS] TERM** + +## OPTIONS + +**--filter, -f** +Filter output based on conditions provided (default []) + +Supported filters are: +- stars (int - number of stars the image has) +- is-automated (boolean - true | false) - is the image automated or not +- is-official (boolean - true | false) - is the image official or not + +**--format** +Change the output format to a Go template + +Valid placeholders for the Go template are listed below: + +| **Placeholder** | **Description** | +| --------------- | ---------------------------- | +| .Index | Registry | +| .Name | Image name | +| .Descriptions | Image description | +| .Stars | Star count of image | +| .Official | "[OK]" if image is official | +| .Automated | "[OK]" if image is automated | + +**--limit** +Limit the number of results +Note: The results from each registry will be limited to this value. +Example if limit is 10 and two registries are being searched, the total +number of results will be 20, 10 from each (if there are at least 10 matches in each). +The order of the search results is the order in which the API endpoint returns the results. + +**--no-trunc** +Do not truncate the output + +**--registry** +Specific registry to search (only the given registry will be searched, not the default registries) + +## EXAMPLES + +``` +# podman search --limit 3 rhel +INDEX NAME DESCRIPTION STARS OFFICIAL AUTOMATED +docker.io docker.io/richxsl/rhel7 RHEL 7 image with minimal installation 9 +docker.io docker.io/bluedata/rhel7 RHEL-7.x base container images 1 +docker.io docker.io/gidikern/rhel-oracle-jre RHEL7 with jre8u60 5 [OK] +redhat.com redhat.com/rhel This platform image provides a minimal runti... 0 +redhat.com redhat.com/rhel6 This platform image provides a minimal runti... 0 +redhat.com redhat.com/rhel6.5 This platform image provides a minimal runti... 0 +``` + +``` +# podman search alpine +INDEX NAME DESCRIPTION STARS OFFICIAL AUTOMATED +docker.io docker.io/library/alpine A minimal Docker image based on Alpine Linux... 3009 [OK] +docker.io docker.io/mhart/alpine-node Minimal Node.js built on Alpine Linux 332 +docker.io docker.io/anapsix/alpine-java Oracle Java 8 (and 7) with GLIBC 2.23 over A... 272 [OK] +docker.io docker.io/tenstartups/alpine Alpine linux base docker image with useful p... 5 [OK] +``` + +``` +# podman search --registry registry.fedoraproject.org fedora +INDEX NAME DESCRIPTION STARS OFFICIAL AUTOMATED +fedoraproject.org fedoraproject.org/fedora 0 +fedoraproject.org fedoraproject.org/fedora-minimal 0 +``` + +``` +# podman search --filter=is-official alpine +INDEX NAME DESCRIPTION STARS OFFICIAL AUTOMATED +docker.io docker.io/library/alpine A minimal Docker image based on Alpine Linux... 3009 [OK] +``` + +``` +# podman search --registry registry.fedoraproject.org --format "table {{.Index}} {{.Name}}" fedora +INDEX NAME +fedoraproject.org fedoraproject.org/fedora +fedoraproject.org fedoraproject.org/fedora-minimal +``` + +## SEE ALSO +podman(1), crio(8), crio.conf(5) + +## HISTORY +January 2018, Originally compiled by Urvashi Mohnani <umohnani@redhat.com> diff --git a/docs/podman-stop.1.md b/docs/podman-stop.1.md index f4372be5f..58cb2c39c 100644 --- a/docs/podman-stop.1.md +++ b/docs/podman-stop.1.md @@ -11,7 +11,9 @@ podman stop - Stop one or more containers ## DESCRIPTION Stops one or more containers. You may use container IDs or names as input. The **--timeout** switch allows you to specify the number of seconds to wait before forcibly stopping the container after the stop command -is issued to the container. The default is 10 seconds. +is issued to the container. The default is 10 seconds. By default, containers are stopped with SIGTERM +and then SIGKILL after the timeout. The SIGTERM default can be overridden by the image used to create the +container and also via command line when creating the container. ## OPTIONS diff --git a/docs/tutorials/podman_tutorial.md b/docs/tutorials/podman_tutorial.md index 8402dd74b..5e174ac6b 100644 --- a/docs/tutorials/podman_tutorial.md +++ b/docs/tutorials/podman_tutorial.md @@ -12,7 +12,7 @@ for Podman until an RPM becomes available. ### Installing build and runtime dependencies ``` -# sudo dnf install -y git runc libassuan-devel golang golang-github-cpuguy83-go-md2man glibc-static \ +$ sudo dnf install -y git runc libassuan-devel golang golang-github-cpuguy83-go-md2man glibc-static \ gpgme-devel glib2-devel device-mapper-devel libseccomp-devel \ atomic-registries iptables skopeo-containers containernetworking-cni \ conmon @@ -22,7 +22,7 @@ for Podman until an RPM becomes available. # git clone https://github.com/projectatomic/libpod/ ~/src/github.com/projectatomic/libpod # cd !$ # make -# sudo make install PREFIX=/usr +$ sudo make install PREFIX=/usr ``` You now have a working podman environment. Jump to [Familiarizing yourself with Podman](Familiarizing yourself with Podman) @@ -38,8 +38,8 @@ tutorial. For this tutorial, the Ubuntu **artful-server-cloudimg** image was use #### Installing base packages ``` -# sudo apt-get update -# sudo apt-get install libdevmapper-dev libglib2.0-dev libgpgme11-dev golang libseccomp-dev \ +$ sudo apt-get update +$ sudo apt-get install libdevmapper-dev libglib2.0-dev libgpgme11-dev golang libseccomp-dev \ go-md2man libprotobuf-dev libprotobuf-c0-dev libseccomp-dev ``` #### Building and installing conmon @@ -48,28 +48,28 @@ tutorial. For this tutorial, the Ubuntu **artful-server-cloudimg** image was use # cd ~/src/github.com/kubernetes-incubator/cri-o # mkdir bin # make conmon -# sudo install -D -m 755 bin/conmon /usr/libexec/crio/conmon +$ sudo install -D -m 755 bin/conmon /usr/libexec/crio/conmon ``` #### Adding required configuration files ``` -# sudo mkdir -p /etc/containers -# sudo curl https://raw.githubusercontent.com/projectatomic/registries/master/registries.fedora -o /etc/containers/registries.conf -# sudo curl https://raw.githubusercontent.com/projectatomic/skopeo/master/default-policy.json -o /etc/containers/policy.json +$ sudo mkdir -p /etc/containers +$ sudo curl https://raw.githubusercontent.com/projectatomic/registries/master/registries.fedora -o /etc/containers/registries.conf +$ sudo curl https://raw.githubusercontent.com/projectatomic/skopeo/master/default-policy.json -o /etc/containers/policy.json ``` #### Installing CNI plugins ``` # git clone https://github.com/containernetworking/plugins.git ~/src/github.com/containernetworking/plugins # cd ~/src/github.com/containernetworking/plugins # ./build.sh -# sudo mkdir -p /usr/libexec/cni -# sudo cp bin/* /usr/libexec/cni +$ sudo mkdir -p /usr/libexec/cni +$ sudo cp bin/* /usr/libexec/cni ``` #### Installing runc ``` # git clone https://github.com/opencontainers/runc.git ~/src/github.com/opencontainers/runc # cd ~/src/github.com/opencontainers/runc # GOPATH=~/ make static BUILDTAGS="seccomp selinux" -# sudo cp runc /usr/bin/runc +$ sudo cp runc /usr/bin/runc ``` ### Building and installing Podman @@ -77,7 +77,7 @@ tutorial. For this tutorial, the Ubuntu **artful-server-cloudimg** image was use # git clone https://github.com/projectatomic/libpod/ ~/src/github.com/projectatomic/libpod # cd ~/src/github.com/projectatomic/libpod # make -# sudo make install PREFIX=/usr +$ sudo make install PREFIX=/usr ``` ## Familiarizing yourself with Podman @@ -86,7 +86,7 @@ tutorial. For this tutorial, the Ubuntu **artful-server-cloudimg** image was use This sample container will run a very basic httpd server that serves only its index page. ``` -# sudo podman run -dt -e HTTPD_VAR_RUN=/var/run/httpd -e HTTPD_MAIN_CONF_D_PATH=/etc/httpd/conf.d \ +$ sudo podman run -dt -e HTTPD_VAR_RUN=/var/run/httpd -e HTTPD_MAIN_CONF_D_PATH=/etc/httpd/conf.d \ -e HTTPD_MAIN_CONF_PATH=/etc/httpd/conf \ -e HTTPD_CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/httpd/ \ registry.fedoraproject.org/f26/httpd /usr/bin/run-httpd @@ -97,7 +97,7 @@ will print the container ID after it has run. ### Listing running containers The Podman *ps* command is used to list creating and running containers. ``` -# sudo podman ps +$ sudo podman ps ``` Note: If you add *-a* to the *ps* command, Podman will show all containers. @@ -109,8 +109,8 @@ install *iproute* in the container. Notice here that we use the switch **--late created container. You could also use the container's ID listed during *podman ps* in the previous step or when you ran the container. ``` -# sudo podman exec --latest -t dnf -y install iproute -# sudo podman exec --latest -t ip a +$ sudo podman exec --latest -t dnf -y install iproute +$ sudo podman exec --latest -t ip a ``` Note the IP address of the *ethernet* device. @@ -126,30 +126,30 @@ containerized httpd server. ### Viewing the container's logs You can view the container's logs with Podman as well: ``` -# sudo podman logs --latest +$ sudo podman logs --latest ``` <!-- ( ### Viewing the container's pids And you can observe the httpd pid in the container with *top*. ``` -# sudo podman top <container_id> +$ sudo podman top <container_id> ``` ) --> ### Stopping the container To stop the httpd container: ``` -# sudo podman stop --latest +$ sudo podman stop --latest ``` You can also check the status of one or more containers using the *ps* subcommand. In this case, we should use the *-a* argument to list all containers. ``` -# sudo podman ps -a +$ sudo podman ps -a ``` ### Removing the container To remove the httpd container: ``` -# sudo podman rm --latest +$ sudo podman rm --latest ``` You can verify the deletion of the container by running *podman ps -a*. ## More information diff --git a/libpod/common/common.go b/libpod/common/common.go index 6af3cd232..932f1f6da 100644 --- a/libpod/common/common.go +++ b/libpod/common/common.go @@ -2,17 +2,9 @@ package common import ( "io" - "strings" - "syscall" cp "github.com/containers/image/copy" "github.com/containers/image/types" - "github.com/pkg/errors" -) - -var ( - // ErrNoPassword is returned if the user did not supply a password - ErrNoPassword = errors.Wrapf(syscall.EINVAL, "password was not supplied") ) // GetCopyOptions constructs a new containers/image/copy.Options{} struct from the given parameters @@ -60,23 +52,3 @@ func IsFalse(str string) bool { func IsValidBool(str string) bool { return IsTrue(str) || IsFalse(str) } - -// ParseRegistryCreds takes a credentials string in the form USERNAME:PASSWORD -// and returns a DockerAuthConfig -func ParseRegistryCreds(creds string) (*types.DockerAuthConfig, error) { - if creds == "" { - return nil, errors.New("no credentials supplied") - } - if !strings.Contains(creds, ":") { - return &types.DockerAuthConfig{ - Username: creds, - Password: "", - }, ErrNoPassword - } - v := strings.SplitN(creds, ":", 2) - cfg := &types.DockerAuthConfig{ - Username: v[0], - Password: v[1], - } - return cfg, nil -} diff --git a/libpod/container_api.go b/libpod/container_api.go index 05b3e89e6..3693ab78b 100644 --- a/libpod/container_api.go +++ b/libpod/container_api.go @@ -313,6 +313,11 @@ func (c *Container) Start() error { return errors.Wrapf(ErrCtrStateInvalid, "container %s must be in Created or Stopped state to be started", c.ID()) } + // TODO remove this when we patch conmon to support restarting containers + if c.state.State == ContainerStateStopped { + return errors.Wrapf(ErrNotImplemented, "restarting a stopped container is not yet supported") + } + // Mount storage for the container if err := c.mountStorage(); err != nil { return err @@ -519,8 +524,8 @@ func (c *Container) Pause() error { if c.state.State == ContainerStatePaused { return errors.Wrapf(ErrCtrStateInvalid, "%q is already paused", c.ID()) } - if c.state.State != ContainerStateRunning && c.state.State != ContainerStateCreated { - return errors.Wrapf(ErrCtrStateInvalid, "%q is not running/created, can't pause", c.state.State) + if c.state.State != ContainerStateRunning { + return errors.Wrapf(ErrCtrStateInvalid, "%q is not running, can't pause", c.state.State) } if err := c.runtime.ociRuntime.pauseContainer(c); err != nil { return err diff --git a/libpod/oci.go b/libpod/oci.go index 4ca0bfbef..86313a493 100644 --- a/libpod/oci.go +++ b/libpod/oci.go @@ -394,6 +394,7 @@ func (r *OCIRuntime) startContainer(ctr *Container) error { // killContainer sends the given signal to the given container func (r *OCIRuntime) killContainer(ctr *Container, signal uint) error { + logrus.Debugf("Sending signal %d to container %s", signal, ctr.ID()) if err := utils.ExecCmdWithStdStreams(os.Stdin, os.Stdout, os.Stderr, r.path, "kill", ctr.ID(), fmt.Sprintf("%d", signal)); err != nil { return errors.Wrapf(err, "error sending signal to container %s", ctr.ID()) } diff --git a/package_specs/podman.spec b/package_specs/podman.spec new file mode 100644 index 000000000..215e45e7b --- /dev/null +++ b/package_specs/podman.spec @@ -0,0 +1,464 @@ +# If any of the following macros should be set otherwise, +# you can wrap any of them with the following conditions: +# - %%if 0%%{centos} == 7 +# - %%if 0%%{?rhel} == 7 +# - %%if 0%%{?fedora} == 23 +# Or just test for particular distribution: +# - %%if 0%%{centos} +# - %%if 0%%{?rhel} +# - %%if 0%%{?fedora} +# +# Be aware, on centos, both %%rhel and %%centos are set. If you want to test +# rhel specific macros, you can use %%if 0%%{?rhel} && 0%%{?centos} == 0 condition. +# (Don't forget to replace double percentage symbol with single one in order to apply a condition) + +# Generate devel rpm +%global with_devel 0 +# Build project from bundled dependencies +%global with_bundled 1 +# Build with debug info rpm +%global with_debug 1 +# Run tests in check section +%global with_check 0 +# Generate unit-test rpm +%global with_unit_test 0 + +%if 0%{?with_debug} +%global _dwz_low_mem_die_limit 0 +%else +%global debug_package %{nil} +%endif + +# %if ! 0% {?gobuild:1} +%define gobuild(o:) go build -tags="$BUILDTAGS selinux seccomp" -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n')" -a -v -x %{?**}; +#% endif + +%global provider github +%global provider_tld com +%global project projectatomic +%global repo libpod +# https://github.com/projectatomic/libpod +%global provider_prefix %{provider}.%{provider_tld}/%{project}/%{repo} +%global import_path %{provider_prefix} +%global commit 367213a3943961126c6f7c1dce45c7fafea9e6b2 +%global shortcommit %(c=%{commit}; echo ${c:0:7}) + +Name: podman +Version: 0 +Release: 0.3.git%{shortcommit}%{?dist} +Summary: Manage Pods, Containers and Container Images +License: ASL 2.0 +URL: https://%{provider_prefix} +Source0: https://%{provider_prefix}/archive/%{commit}/%{repo}-%{shortcommit}.tar.gz + +# e.g. el6 has ppc64 arch without gcc-go, so EA tag is required +#ExclusiveArch: %%{?go_arches:%%{go_arches}}%%{!?go_arches:%%{ix86} x86_64 aarch64 %%{arm}} +ExclusiveArch: x86_64 +# If go_compiler is not set to 1, there is no virtual provide. Use golang instead. +BuildRequires: %{?go_compiler:compiler(go-compiler)}%{!?go_compiler:golang} +BuildRequires: btrfs-progs-devel +BuildRequires: device-mapper-devel +BuildRequires: glib2-devel +BuildRequires: glibc-devel +BuildRequires: glibc-static +BuildRequires: git +BuildRequires: go-md2man +BuildRequires: gpgme-devel +BuildRequires: libassuan-devel +BuildRequires: libgpg-error-devel +BuildRequires: libseccomp-devel +BuildRequires: libselinux-devel +BuildRequires: pkgconfig +BuildRequires: runc +BuildRequires: skopeo-containers +Requires: runc +Requires: skopeo-containers +Requires: conmon + +# vendored libraries +# awk '{print "Provides: bundled(golang("$1")) = "$2}' containerd-*/vendor.conf | sort +# [thanks to Carl George <carl@george.computer> for containerd.spec] +Provides: bundled(golang(github.com/asaskevich/govalidator)) = v6 +Provides: bundled(golang(github.com/Azure/go-ansiterm)) = 19f72df4d05d31cbe1c56bfc8045c96babff6c7e +Provides: bundled(golang(github.com/beorn7/perks)) = 3ac7bf7a47d159a033b107610db8a1b6575507a4 +Provides: bundled(golang(github.com/blang/semver)) = v3.5.0 +Provides: bundled(golang(github.com/buger/goterm)) = 2f8dfbc7dbbff5dd1d391ed91482c24df243b2d3 +Provides: bundled(golang(github.com/BurntSushi/toml)) = v0.2.0 +Provides: bundled(golang(github.com/containerd/cgroups)) = 7a5fdd8330119dc70d850260db8f3594d89d6943 +Provides: bundled(golang(github.com/containerd/continuity)) = master +Provides: bundled(golang(github.com/containernetworking/cni)) = v0.4.0 +Provides: bundled(golang(github.com/containers/image)) = 9b4510f6d1627c8e53c3303a8fe48ca7842c2ace +Provides: bundled(golang(github.com/containers/storage)) = 1824cf917a6b42d8c41179e807bb20a5fd6c0f0a +Provides: bundled(golang(github.com/coreos/go-systemd)) = v14 +Provides: bundled(golang(github.com/coreos/pkg)) = v3 +Provides: bundled(golang(github.com/davecgh/go-spew)) = v1.1.0 +Provides: bundled(golang(github.com/dgrijalva/jwt-go)) = v3.0.0 +Provides: bundled(golang(github.com/docker/distribution)) = 7a8efe719e55bbfaff7bc5718cdf0ed51ca821df +Provides: bundled(golang(github.com/docker/docker)) = ce452fb72ffcdb7605ce98bde9302238f47c63c5 +Provides: bundled(golang(github.com/docker/docker-credential-helpers)) = d68f9aeca33f5fd3f08eeae5e9d175edf4e731d1 +Provides: bundled(golang(github.com/docker/go-connections)) = 3ede32e2033de7505e6500d6c868c2b9ed9f169d +Provides: bundled(golang(github.com/docker/go-units)) = v0.3.2 +Provides: bundled(golang(github.com/docker/libtrust)) = aabc10ec26b754e797f9028f4589c5b7bd90dc20 +Provides: bundled(golang(github.com/docker/spdystream)) = ed496381df8283605c435b86d4fdd6f4f20b8c6e +Provides: bundled(golang(github.com/emicklei/go-restful)) = ff4f55a206334ef123e4f79bbf348980da81ca46 +Provides: bundled(golang(github.com/emicklei/go-restful-swagger12)) = 1.0.1 +Provides: bundled(golang(github.com/exponent-io/jsonpath)) = d6023ce2651d8eafb5c75bb0c7167536102ec9f5 +Provides: bundled(golang(github.com/fatih/camelcase)) = f6a740d52f961c60348ebb109adde9f4635d7540 +Provides: bundled(golang(github.com/ghodss/yaml)) = 04f313413ffd65ce25f2541bfd2b2ceec5c0908c +Provides: bundled(golang(github.com/godbus/dbus)) = a389bdde4dd695d414e47b755e95e72b7826432c +Provides: bundled(golang(github.com/gogo/protobuf)) = v0.3 +Provides: bundled(golang(github.com/golang/glog)) = 23def4e6c14b4da8ac2ed8007337bc5eb5007998 +Provides: bundled(golang(github.com/golang/groupcache)) = b710c8433bd175204919eb38776e944233235d03 +Provides: bundled(golang(github.com/golang/protobuf)) = 748d386b5c1ea99658fd69fe9f03991ce86a90c1 +Provides: bundled(golang(github.com/google/gofuzz)) = 44d81051d367757e1c7c6a5a86423ece9afcf63c +Provides: bundled(golang(github.com/go-openapi/analysis)) = b44dc874b601d9e4e2f6e19140e794ba24bead3b +Provides: bundled(golang(github.com/go-openapi/errors)) = d24ebc2075bad502fac3a8ae27aa6dd58e1952dc +Provides: bundled(golang(github.com/go-openapi/jsonpointer)) = 779f45308c19820f1a69e9a4cd965f496e0da10f +Provides: bundled(golang(github.com/go-openapi/jsonreference)) = 36d33bfe519efae5632669801b180bf1a245da3b +Provides: bundled(golang(github.com/go-openapi/loads)) = 18441dfa706d924a39a030ee2c3b1d8d81917b38 +Provides: bundled(golang(github.com/go-openapi/spec)) = 6aced65f8501fe1217321abf0749d354824ba2ff +Provides: bundled(golang(github.com/go-openapi/strfmt)) = 93a31ef21ac23f317792fff78f9539219dd74619 +Provides: bundled(golang(github.com/go-openapi/swag)) = 1d0bd113de87027671077d3c71eb3ac5d7dbba72 +Provides: bundled(golang(github.com/gorilla/context)) = v1.1 +Provides: bundled(golang(github.com/gorilla/mux)) = v1.3.0 +Provides: bundled(golang(github.com/hashicorp/errwrap)) = 7554cd9344cec97297fa6649b055a8c98c2a1e55 +Provides: bundled(golang(github.com/hashicorp/golang-lru)) = 0a025b7e63adc15a622f29b0b2c4c3848243bbf6 +Provides: bundled(golang(github.com/hashicorp/go-multierror)) = 83588e72410abfbe4df460eeb6f30841ae47d4c4 +Provides: bundled(golang(github.com/hpcloud/tail)) = v1.0.0 +Provides: bundled(golang(github.com/imdario/mergo)) = 0.2.2 +Provides: bundled(golang(github.com/juju/ratelimit)) = 5b9ff866471762aa2ab2dced63c9fb6f53921342 +Provides: bundled(golang(github.com/kr/pty)) = v1.0.0 +Provides: bundled(golang(github.com/mailru/easyjson)) = 99e922cf9de1bc0ab38310c277cff32c2147e747 +Provides: bundled(golang(github.com/mattn/go-runewidth)) = v0.0.1 +Provides: bundled(golang(github.com/matttproud/golang_protobuf_extensions)) = fc2b8d3a73c4867e51861bbdd5ae3c1f0869dd6a +Provides: bundled(golang(github.com/Microsoft/go-winio)) = 78439966b38d69bf38227fbf57ac8a6fee70f69a +Provides: bundled(golang(github.com/Microsoft/hcsshim)) = 43f9725307998e09f2e3816c2c0c36dc98f0c982 +Provides: bundled(golang(github.com/mistifyio/go-zfs)) = v2.1.1 +Provides: bundled(golang(github.com/mitchellh/mapstructure)) = d0303fe809921458f417bcf828397a65db30a7e4 +Provides: bundled(golang(github.com/mrunalp/fileutils)) = master +Provides: bundled(golang(github.com/mtrmac/gpgme)) = b2432428689ca58c2b8e8dea9449d3295cf96fc9 +Provides: bundled(golang(github.com/opencontainers/go-digest)) = v1.0.0-rc0 +Provides: bundled(golang(github.com/opencontainers/image-spec)) = v1.0.0 +Provides: bundled(golang(github.com/opencontainers/runc)) = 45bde006ca8c90e089894508708bcf0e2cdf9e13 +Provides: bundled(golang(github.com/opencontainers/runtime-spec)) = v1.0.0 +Provides: bundled(golang(github.com/opencontainers/runtime-tools)) = 625e2322645b151a7cbb93a8b42920933e72167f +Provides: bundled(golang(github.com/opencontainers/selinux)) = b29023b86e4a69d1b46b7e7b4e2b6fda03f0b9cd +Provides: bundled(golang(github.com/ostreedev/ostree-go)) = master +Provides: bundled(golang(github.com/pkg/errors)) = v0.8.0 +Provides: bundled(golang(github.com/pmezard/go-difflib)) = 792786c7400a136282c1664665ae0a8db921c6c2 +Provides: bundled(golang(github.com/pquerna/ffjson)) = d49c2bc1aa135aad0c6f4fc2056623ec78f5d5ac +Provides: bundled(golang(github.com/prometheus/client_golang)) = e7e903064f5e9eb5da98208bae10b475d4db0f8c +Provides: bundled(golang(github.com/prometheus/client_model)) = fa8ad6fec33561be4280a8f0514318c79d7f6cb6 +Provides: bundled(golang(github.com/prometheus/common)) = 13ba4ddd0caa9c28ca7b7bffe1dfa9ed8d5ef207 +Provides: bundled(golang(github.com/prometheus/procfs)) = 65c1f6f8f0fc1e2185eb9863a3bc751496404259 +Provides: bundled(golang(github.com/PuerkitoBio/purell)) = v1.1.0 +Provides: bundled(golang(github.com/PuerkitoBio/urlesc)) = 5bd2802263f21d8788851d5305584c82a5c75d7e +Provides: bundled(golang(github.com/renstrom/dedent)) = v1.0.0 +Provides: bundled(golang(github.com/seccomp/libseccomp-golang)) = v0.9.0 +Provides: bundled(golang(github.com/sirupsen/logrus)) = v1.0.0 +Provides: bundled(golang(github.com/spf13/pflag)) = 9ff6c6923cfffbcd502984b8e0c80539a94968b7 +Provides: bundled(golang(github.com/stretchr/testify)) = 4d4bfba8f1d1027c4fdbe371823030df51419987 +Provides: bundled(golang(github.com/syndtr/gocapability)) = e7cb7fa329f456b3855136a2642b197bad7366ba +Provides: bundled(golang(github.com/tchap/go-patricia)) = v2.2.6 +Provides: bundled(golang(github.com/ugorji/go)) = d23841a297e5489e787e72fceffabf9d2994b52a +Provides: bundled(golang(github.com/urfave/cli)) = 39908eb08fee7c10d842622a114a5c133fb0a3c6 +Provides: bundled(golang(github.com/vbatts/tar-split)) = v0.10.2 +Provides: bundled(golang(github.com/vishvananda/netlink)) = master +Provides: bundled(golang(github.com/vishvananda/netns)) = master +Provides: bundled(golang(github.com/xeipuuv/gojsonpointer)) = master +Provides: bundled(golang(github.com/xeipuuv/gojsonreference)) = master +Provides: bundled(golang(github.com/xeipuuv/gojsonschema)) = master +Provides: bundled(golang(golang.org/x/crypto)) = 3fbbcd23f1cb824e69491a5930cfeff09b12f4d2 +Provides: bundled(golang(golang.org/x/net)) = c427ad74c6d7a814201695e9ffde0c5d400a7674 +Provides: bundled(golang(golang.org/x/sys)) = 9aade4d3a3b7e6d876cd3823ad20ec45fc035402 +Provides: bundled(golang(golang.org/x/text)) = f72d8390a633d5dfb0cc84043294db9f6c935756 +Provides: bundled(golang(google.golang.org/grpc)) = v1.0.4 +Provides: bundled(golang(gopkg.in/cheggaaa/pb.v1)) = v1.0.7 +Provides: bundled(golang(gopkg.in/fsnotify.v1)) = v1.4.2 +Provides: bundled(golang(gopkg.in/inf.v0)) = v0.9.0 +Provides: bundled(golang(gopkg.in/mgo.v2)) = v2 +Provides: bundled(golang(gopkg.in/tomb.v1)) = v1 +Provides: bundled(golang(gopkg.in/yaml.v2)) = v2 + +%description +%{summary} +libpod provides a library for applications looking to use +the Container Pod concept popularized by Kubernetes. + +%if 0%{?with_devel} +%package -n libpod-devel +Summary: Library for applications looking to use Container Pods +BuildArch: noarch + +%if 0%{?with_check} && ! 0%{?with_bundled} +BuildRequires: golang(github.com/BurntSushi/toml) +BuildRequires: golang(github.com/containerd/cgroups) +BuildRequires: golang(github.com/containernetworking/plugins/pkg/ns) +BuildRequires: golang(github.com/containers/image/copy) +BuildRequires: golang(github.com/containers/image/directory) +BuildRequires: golang(github.com/containers/image/docker) +BuildRequires: golang(github.com/containers/image/docker/archive) +BuildRequires: golang(github.com/containers/image/docker/reference) +BuildRequires: golang(github.com/containers/image/docker/tarfile) +BuildRequires: golang(github.com/containers/image/image) +BuildRequires: golang(github.com/containers/image/oci/archive) +BuildRequires: golang(github.com/containers/image/pkg/strslice) +BuildRequires: golang(github.com/containers/image/pkg/sysregistries) +BuildRequires: golang(github.com/containers/image/signature) +BuildRequires: golang(github.com/containers/image/storage) +BuildRequires: golang(github.com/containers/image/tarball) +BuildRequires: golang(github.com/containers/image/transports/alltransports) +BuildRequires: golang(github.com/containers/image/types) +BuildRequires: golang(github.com/containers/storage) +BuildRequires: golang(github.com/containers/storage/pkg/archive) +BuildRequires: golang(github.com/containers/storage/pkg/idtools) +BuildRequires: golang(github.com/containers/storage/pkg/reexec) +BuildRequires: golang(github.com/coreos/go-systemd/dbus) +BuildRequires: golang(github.com/cri-o/ocicni/pkg/ocicni) +BuildRequires: golang(github.com/docker/distribution/reference) +BuildRequires: golang(github.com/docker/docker/daemon/caps) +BuildRequires: golang(github.com/docker/docker/pkg/mount) +BuildRequires: golang(github.com/docker/docker/pkg/namesgenerator) +BuildRequires: golang(github.com/docker/docker/pkg/stringid) +BuildRequires: golang(github.com/docker/docker/pkg/system) +BuildRequires: golang(github.com/docker/docker/pkg/term) +BuildRequires: golang(github.com/docker/docker/pkg/truncindex) +BuildRequires: golang(github.com/ghodss/yaml) +BuildRequires: golang(github.com/godbus/dbus) +BuildRequires: golang(github.com/mattn/go-sqlite3) +BuildRequires: golang(github.com/mrunalp/fileutils) +BuildRequires: golang(github.com/opencontainers/go-digest) +BuildRequires: golang(github.com/opencontainers/image-spec/specs-go/v1) +BuildRequires: golang(github.com/opencontainers/runc/libcontainer) +BuildRequires: golang(github.com/opencontainers/runtime-spec/specs-go) +BuildRequires: golang(github.com/opencontainers/runtime-tools/generate) +BuildRequires: golang(github.com/opencontainers/selinux/go-selinux) +BuildRequires: golang(github.com/opencontainers/selinux/go-selinux/label) +BuildRequires: golang(github.com/pkg/errors) +BuildRequires: golang(github.com/sirupsen/logrus) +BuildRequires: golang(github.com/ulule/deepcopier) +BuildRequires: golang(golang.org/x/crypto/ssh/terminal) +BuildRequires: golang(golang.org/x/sys/unix) +BuildRequires: golang(k8s.io/apimachinery/pkg/util/wait) +BuildRequires: golang(k8s.io/client-go/tools/remotecommand) +BuildRequires: golang(k8s.io/kubernetes/pkg/kubelet/container) +%endif + +Requires: golang(github.com/BurntSushi/toml) +Requires: golang(github.com/containerd/cgroups) +Requires: golang(github.com/containernetworking/plugins/pkg/ns) +Requires: golang(github.com/containers/image/copy) +Requires: golang(github.com/containers/image/directory) +Requires: golang(github.com/containers/image/docker) +Requires: golang(github.com/containers/image/docker/archive) +Requires: golang(github.com/containers/image/docker/reference) +Requires: golang(github.com/containers/image/docker/tarfile) +Requires: golang(github.com/containers/image/image) +Requires: golang(github.com/containers/image/oci/archive) +Requires: golang(github.com/containers/image/pkg/strslice) +Requires: golang(github.com/containers/image/pkg/sysregistries) +Requires: golang(github.com/containers/image/signature) +Requires: golang(github.com/containers/image/storage) +Requires: golang(github.com/containers/image/tarball) +Requires: golang(github.com/containers/image/transports/alltransports) +Requires: golang(github.com/containers/image/types) +Requires: golang(github.com/containers/storage) +Requires: golang(github.com/containers/storage/pkg/archive) +Requires: golang(github.com/containers/storage/pkg/idtools) +Requires: golang(github.com/containers/storage/pkg/reexec) +Requires: golang(github.com/coreos/go-systemd/dbus) +Requires: golang(github.com/cri-o/ocicni/pkg/ocicni) +Requires: golang(github.com/docker/distribution/reference) +Requires: golang(github.com/docker/docker/daemon/caps) +Requires: golang(github.com/docker/docker/pkg/mount) +Requires: golang(github.com/docker/docker/pkg/namesgenerator) +Requires: golang(github.com/docker/docker/pkg/stringid) +Requires: golang(github.com/docker/docker/pkg/system) +Requires: golang(github.com/docker/docker/pkg/term) +Requires: golang(github.com/docker/docker/pkg/truncindex) +Requires: golang(github.com/ghodss/yaml) +Requires: golang(github.com/godbus/dbus) +Requires: golang(github.com/mattn/go-sqlite3) +Requires: golang(github.com/mrunalp/fileutils) +Requires: golang(github.com/opencontainers/go-digest) +Requires: golang(github.com/opencontainers/image-spec/specs-go/v1) +Requires: golang(github.com/opencontainers/runc/libcontainer) +Requires: golang(github.com/opencontainers/runtime-spec/specs-go) +Requires: golang(github.com/opencontainers/runtime-tools/generate) +Requires: golang(github.com/opencontainers/selinux/go-selinux) +Requires: golang(github.com/opencontainers/selinux/go-selinux/label) +Requires: golang(github.com/pkg/errors) +Requires: golang(github.com/sirupsen/logrus) +Requires: golang(github.com/ulule/deepcopier) +Requires: golang(golang.org/x/crypto/ssh/terminal) +Requires: golang(golang.org/x/sys/unix) +Requires: golang(k8s.io/apimachinery/pkg/util/wait) +Requires: golang(k8s.io/client-go/tools/remotecommand) +Requires: golang(k8s.io/kubernetes/pkg/kubelet/container) + +Provides: golang(%{import_path}/cmd/%{name}/docker) = %{version}-%{release} +Provides: golang(%{import_path}/cmd/%{name}/formats) = %{version}-%{release} +Provides: golang(%{import_path}/libkpod) = %{version}-%{release} +Provides: golang(%{import_path}/libpod) = %{version}-%{release} +Provides: golang(%{import_path}/libpod/common) = %{version}-%{release} +Provides: golang(%{import_path}/libpod/driver) = %{version}-%{release} +Provides: golang(%{import_path}/libpod/layers) = %{version}-%{release} +Provides: golang(%{import_path}/pkg/annotations) = %{version}-%{release} +Provides: golang(%{import_path}/pkg/chrootuser) = %{version}-%{release} +Provides: golang(%{import_path}/pkg/registrar) = %{version}-%{release} +Provides: golang(%{import_path}/pkg/storage) = %{version}-%{release} +Provides: golang(%{import_path}/utils) = %{version}-%{release} + +%description -n libpod-devel +%{summary} + +This package contains library source intended for +building other packages which use import path with +%{import_path} prefix. +%endif + +%if 0%{?with_unit_test} && 0%{?with_devel} +%package unit-test-devel +Summary: Unit tests for %{name} package +%if 0%{?with_check} +#Here comes all BuildRequires: PACKAGE the unit tests +#in %%check section need for running +%endif + +# test subpackage tests code from devel subpackage +Requires: %{name}-devel = %{version}-%{release} + +%if 0%{?with_check} && ! 0%{?with_bundled} +BuildRequires: golang(github.com/stretchr/testify/assert) +BuildRequires: golang(github.com/urfave/cli) +%endif + +Requires: golang(github.com/stretchr/testify/assert) +Requires: golang(github.com/urfave/cli) + +%description unit-test-devel +%{summary} +libpod provides a library for applications looking to use the Container Pod concept popularized by Kubernetes. + +This package contains unit tests for project +providing packages with %{import_path} prefix. +%endif + +%prep +%autosetup -Sgit -n %{repo}-%{commit} +sed -i '/\/bin\/bash/d' completions/bash/%{name} + +%build +mkdir _build +pushd _build +mkdir -p src/%{provider}.%{provider_tld}/%{project} +ln -s ../../../../ src/%{import_path} +popd +ln -s vendor src +export GOPATH=$(pwd)/_build:$(pwd):$(pwd):%{gopath} +export BUILDTAGS="selinux seccomp $(hack/btrfs_installed_tag.sh) $(hack/btrfs_tag.sh) $(hack/libdm_tag.sh) containers_image_ostree_stub" + +GOPATH=$GOPATH BUILDTAGS=$BUILDTAGS %gobuild -o bin/%{name} %{import_path}/cmd/%{name} +BUILDTAGS=$BUILDTAGS make docs + +%install +%make_install PREFIX=%{buildroot}%{_prefix} install install.completions + +# source codes for building projects +%if 0%{?with_devel} +install -d -p %{buildroot}/%{gopath}/src/%{import_path}/ + +echo "%%dir %%{gopath}/src/%%{import_path}/." >> devel.file-list +# find all *.go but no *_test.go files and generate devel.file-list +for file in $(find . \( -iname "*.go" -or -iname "*.s" \) \! -iname "*_test.go" | grep -v "vendor") ; do + dirprefix=$(dirname $file) + install -d -p %{buildroot}/%{gopath}/src/%{import_path}/$dirprefix + cp -pav $file %{buildroot}/%{gopath}/src/%{import_path}/$file + echo "%%{gopath}/src/%%{import_path}/$file" >> devel.file-list + + while [ "$dirprefix" != "." ]; do + echo "%%dir %%{gopath}/src/%%{import_path}/$dirprefix" >> devel.file-list + dirprefix=$(dirname $dirprefix) + done +done +%endif + +# testing files for this project +%if 0%{?with_unit_test} && 0%{?with_devel} +install -d -p %{buildroot}/%{gopath}/src/%{import_path}/ +# find all *_test.go files and generate unit-test-devel.file-list +for file in $(find . -iname "*_test.go" | grep -v "vendor") ; do + dirprefix=$(dirname $file) + install -d -p %{buildroot}/%{gopath}/src/%{import_path}/$dirprefix + cp -pav $file %{buildroot}/%{gopath}/src/%{import_path}/$file + echo "%%{gopath}/src/%%{import_path}/$file" >> unit-test-devel.file-list + + while [ "$dirprefix" != "." ]; do + echo "%%dir %%{gopath}/src/%%{import_path}/$dirprefix" >> devel.file-list + dirprefix=$(dirname $dirprefix) + done +done +%endif + +%if 0%{?with_devel} +sort -u -o devel.file-list devel.file-list +%endif + +%check +%if 0%{?with_check} && 0%{?with_unit_test} && 0%{?with_devel} +%if ! 0%{?with_bundled} +export GOPATH=%{buildroot}/%{gopath}:%{gopath} +%else +# Since we aren't packaging up the vendor directory we need to link +# back to it somehow. Hack it up so that we can add the vendor +# directory from BUILD dir as a gopath to be searched when executing +# tests from the BUILDROOT dir. +ln -s ./ ./vendor/src # ./vendor/src -> ./vendor + +export GOPATH=%{buildroot}/%{gopath}:$(pwd)/vendor:%{gopath} +%endif + +%if ! 0%{?gotest:1} +%global gotest go test +%endif + +%gotest %{import_path}/cmd/%{name} +%gotest %{import_path}/libkpod +%gotest %{import_path}/libpod +%gotest %{import_path}/pkg/registrar +%endif + +#define license tag if not already defined +%{!?_licensedir:%global license %doc} + +%files +%license LICENSE +%doc README.md CONTRIBUTING.md hooks.md install.md code-of-conduct.md transfer.md +%{_bindir}/%{name} +%{_mandir}/man1/*.1* +%{_datadir}/bash-completion/completions/* +%config(noreplace) %{_sysconfdir}/cni/net.d/87-%{name}-bridge.conflist + +%if 0%{?with_devel} +%files -n libpod-devel -f devel.file-list +%license LICENSE +%doc README.md CONTRIBUTING.md hooks.md install.md code-of-conduct.md transfer.md +%dir %{gopath}/src/%{provider}.%{provider_tld}/%{project} +%endif + +%if 0%{?with_unit_test} && 0%{?with_devel} +%files unit-test-devel -f unit-test-devel.file-list +%license LICENSE +%doc README.md CONTRIBUTING.md hooks.md install.md code-of-conduct.md transfer.md +%endif + +%changelog +* Tue Feb 06 2018 Lokesh Mandvekar <lsm5@fedoraproject.org> - 0-0.3.git367213a +- Resolves: #1541554 - first official build +- built commit 367213a + +* Fri Feb 02 2018 Lokesh Mandvekar <lsm5@fedoraproject.org> - 0-0.2.git0387f69 +- built commit 0387f69 + +* Wed Jan 10 2018 Frantisek Kluknavsky <fkluknav@redhat.com> - 0-0.1.gitc1b2278 +- First package for Fedora diff --git a/pkg/inspect/inspect.go b/pkg/inspect/inspect.go index 9e7137560..11a252535 100644 --- a/pkg/inspect/inspect.go +++ b/pkg/inspect/inspect.go @@ -12,9 +12,9 @@ import ( // ContainerData holds the podman inspect data for a container type ContainerData struct { - CtrInspectData *ContainerInspectData `json:"CtrInspectData"` - HostConfig *HostConfig `json:"HostConfig"` - Config *CtrConfig `json:"Config"` + *ContainerInspectData + HostConfig *HostConfig `json:"HostConfig"` + Config *CtrConfig `json:"Config"` } // HostConfig represents the host configuration for the container diff --git a/pkg/util/utils.go b/pkg/util/utils.go new file mode 100644 index 000000000..9a93021e4 --- /dev/null +++ b/pkg/util/utils.go @@ -0,0 +1,46 @@ +package util + +import ( + "fmt" + "strings" + + "github.com/containers/image/types" + "github.com/pkg/errors" + "golang.org/x/crypto/ssh/terminal" +) + +// Helper function to determine the username/password passed +// in the creds string. It could be either or both. +func parseCreds(creds string) (string, string) { + if creds == "" { + return "", "" + } + up := strings.SplitN(creds, ":", 2) + if len(up) == 1 { + return up[0], "" + } + return up[0], up[1] +} + +// ParseRegistryCreds takes a credentials string in the form USERNAME:PASSWORD +// and returns a DockerAuthConfig +func ParseRegistryCreds(creds string) (*types.DockerAuthConfig, error) { + username, password := parseCreds(creds) + if username == "" { + fmt.Print("Username: ") + fmt.Scanln(&username) + } + if password == "" { + fmt.Print("Password: ") + termPassword, err := terminal.ReadPassword(0) + if err != nil { + return nil, errors.Wrapf(err, "could not read password from terminal") + } + password = string(termPassword) + } + + return &types.DockerAuthConfig{ + Username: username, + Password: password, + }, nil +} diff --git a/test/demos.sh b/test/demos.sh new file mode 100755 index 000000000..4ce29e160 --- /dev/null +++ b/test/demos.sh @@ -0,0 +1,93 @@ +#!/bin/bash + +echo "This is a demo of the podman search command." +echo "" + +read -p "--> cat /etc/containers/registries.conf" +cat /etc/containers/registries.conf +echo "" + +read -p "--> podman search fedora" +podman search fedora +echo "" + +read -p "--> podman search --filter stars=34 fedora" +podman search --filter stars=34 fedora +echo "" + +read -p "--> podman search --filter is-automated=false --filter stars=34 --filter is-official fedora" +podman search --filter is-automated=false --filter stars=34 --filter is-official fedora +echo "" + +read -p "--> podman search --no-trunc --limit 3 fedora" +podman search --no-trunc --limit 3 fedora +echo "" + +read -p "--> podman search --registry registry.access.redhat.com rhel7" +podman search --registry registry.access.redhat.com rhel7 +echo "" + +read -p "--> podman search --format \"table {{.Name}} {{.Description}}\" fedora" +podman search --format "table {{.Name}} {{.Description}}" fedora +echo "" + +read -p "Demo of a few podman run and create options" +echo "" + +read -p "--> podman run --memory 80m fedora cat /sys/fs/cgroup/memory/memory.limit_in_bytes" +podman run --rm --memory 80m fedora cat /sys/fs/cgroup/memory/memory.limit_in_bytes +echo "" + +read -p "--> podman run --memory 80m --memory-reservation 40m fedora cat /sys/fs/cgroup/memory/memory.soft_limit_in_bytes" +podman run --rm --memory 80m --memory-reservation 40m fedora cat /sys/fs/cgroup/memory/memory.soft_limit_in_bytes +echo "" + +read -p "--> podman run --memory 40m --memory-reservation 80m fedora cat /sys/fs/cgroup/memory/memory.soft_limit_in_bytes" +podman run --rm --memory 40m --memory-reservation 80m fedora cat /sys/fs/cgroup/memory/memory.soft_limit_in_bytes +echo "" + +read -p "--> podman run --memory-swappiness 15 fedora cat /sys/fs/cgroup/memory/memory.swappiness" +podman run --rm --memory-swappiness 15 fedora cat /sys/fs/cgroup/memory/memory.swappiness +echo "" + +read -p "--> podman run --kernel-memory 40m fedora cat /sys/fs/cgroup/memory/memory.kmem.limit_in_bytes" +podman run --rm --kernel-memory 40m fedora cat /sys/fs/cgroup/memory/memory.kmem.limit_in_bytes +echo "" + +read -p "--> podman run --cpu-period 5000 fedora cat /sys/fs/cgroup/cpu/cpu.cfs_period_us" +podman run --rm --cpu-period 5000 fedora cat /sys/fs/cgroup/cpu/cpu.cfs_period_us +echo "" + +read -p "--> podman run --cpu-quota 15000 --cpu-period 5000 fedora cat /sys/fs/cgroup/cpu/cpu.cfs_quota_us" +podman run --rm --cpu-quota 15000 --cpu-period 5000 fedora cat /sys/fs/cgroup/cpu/cpu.cfs_quota_us +echo "" + +read -p "--> podman run --cpus 0.5 fedora /bin/bash" +read -p "cat /sys/fs/cgroup/cpu/cpu.cfs_period_us" +podman run --rm --cpus 0.5 fedora cat /sys/fs/cgroup/cpu/cpu.cfs_period_us +read -p "cat /sys/fs/cgroup/cpu/cpu.cfs_quota_us" +podman run --rm --cpus 0.5 fedora cat /sys/fs/cgroup/cpu/cpu.cfs_quota_us +echo "" + +read -p "--> podman run --cpu-shares 2 fedora cat /sys/fs/cgroup/cpu/cpu.shares" +podman run --rm --cpu-shares 2 fedora cat /sys/fs/cgroup/cpu/cpu.shares +echo "" + +read -p "--> podman run --cpuset-cpus=0,2 fedora cat /sys/fs/cgroup/cpuset/cpuset.cpus" +podman run --rm --cpuset-cpus=0,2 fedora cat /sys/fs/cgroup/cpuset/cpuset.cpus +echo "" + +read -p "--> podman run --sysctl net.core.somaxconn=65535 alpine sysctl net.core.somaxconn" +podman run --rm --sysctl net.core.somaxconn=65535 alpine sysctl net.core.somaxconn +echo "" + +read -p "--> podman run --ulimit nofile=1024:1028 fedora ulimit -n" +podman run --rm --ulimit nofile=1024:1028 fedora ulimit -n +echo "" + +read -p "--> podman run --blkio-weight 15 fedora cat /sys/fs/cgroup/blkio/blkio.weight" +podman run --rm --blkio-weight 15 fedora cat /sys/fs/cgroup/blkio/blkio.weight +echo "" + +read -p "End of Demo." +echo "Thank you!"
\ No newline at end of file diff --git a/test/e2e/create_test.go b/test/e2e/create_test.go index c116cea7d..e54e35761 100644 --- a/test/e2e/create_test.go +++ b/test/e2e/create_test.go @@ -38,7 +38,7 @@ var _ = Describe("Podman create", func() { check := podmanTest.Podman([]string{"inspect", "-l"}) check.WaitWithDefaultTimeout() data := check.InspectContainerToJSON() - Expect(data.CtrInspectData.ID).To(ContainSubstring(cid)) + Expect(data.ID).To(ContainSubstring(cid)) }) It("podman create container based on a remote image", func() { diff --git a/test/e2e/inspect_test.go b/test/e2e/inspect_test.go index b22774575..b6020f53b 100644 --- a/test/e2e/inspect_test.go +++ b/test/e2e/inspect_test.go @@ -3,9 +3,10 @@ package integration import ( "os" + "strings" + . "github.com/onsi/ginkgo" . "github.com/onsi/gomega" - "strings" ) var _ = Describe("Podman inspect", func() { @@ -69,6 +70,6 @@ var _ = Describe("Podman inspect", func() { result.WaitWithDefaultTimeout() Expect(result.ExitCode()).To(Equal(0)) conData := result.InspectContainerToJSON() - Expect(conData.CtrInspectData.SizeRootFs).To(BeNumerically(">", 0)) + Expect(conData.SizeRootFs).To(BeNumerically(">", 0)) }) }) diff --git a/test/podman_search.bats b/test/podman_search.bats new file mode 100644 index 000000000..07621d722 --- /dev/null +++ b/test/podman_search.bats @@ -0,0 +1,43 @@ +#!/usr/bin/env bats + +load helpers + +function teardown() { + cleanup_test +} + +@test "podman search" { + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} search alpine + echo "$output" + [ "$status" -eq 0 ] +} + +@test "podman search registry flag" { + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} search --registry registry.fedoraproject.org fedora + echo "$output" + [ "$status" -eq 0 ] +} + +@test "podman search filter flag" { + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} search --filter=is-official alpine + echo "$output" + [ "$status" -eq 0 ] +} + +@test "podman search format flag" { + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} search --format "table {{.Index}} {{.Name}}" alpine + echo "$output" + [ "$status" -eq 0 ] +} + +@test "podman search no-trunc flag" { + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} search --no-trunc alpine + echo "$output" + [ "$status" -eq 0 ] +} + +@test "podman search limit flag" { + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} search --limit 3 alpine + echo "$output" + [ "$status" -eq 0 ] +}
\ No newline at end of file diff --git a/transfer.md b/transfer.md index 30e277a86..53d6c472c 100644 --- a/transfer.md +++ b/transfer.md @@ -60,6 +60,7 @@ There are other equivalents for these tools | `docker rmi` | [`podman rmi`](./docs/podman-rmi.1.md) | | `docker run` | [`podman run`](./docs/podman-run.1.md) | | `docker save` | [`podman save`](./docs/podman-save.1.md) | +| `docker search` | [`podman search`](./docs/podman-search.1.md) | | `docker start` | [`podman start`](./docs/podman-start.1.md) | | `docker stop` | [`podman stop`](./docs/podman-stop.1.md) | | `docker tag` | [`podman tag`](./docs/podman-tag.1.md) | @@ -85,7 +86,6 @@ Those Docker commands currently do not have equivalents in `podman`: | `docker port` || | `docker rename` | podman does not support rename, you need to use `podman rm` and `podman create` to rename a container.| | `docker restart` | podman does not support restart. We recommend that you put your podman containers into a systemd unit file and use it for restarting applications.| -| `docker search` || | `docker secret` || | `docker service` || | `docker stack` || diff --git a/vendor.conf b/vendor.conf index 4ce659199..ea659eab8 100644 --- a/vendor.conf +++ b/vendor.conf @@ -1,6 +1,6 @@ # github.com/sirupsen/logrus v1.0.0 -github.com/containers/image 9b4510f6d1627c8e53c3303a8fe48ca7842c2ace +github.com/containers/image 3ab2e31e6ff9fc2b21b81188c1f6cf545658ff4a github.com/docker/docker-credential-helpers d68f9aeca33f5fd3f08eeae5e9d175edf4e731d1 github.com/ostreedev/ostree-go master github.com/containers/storage 1824cf917a6b42d8c41179e807bb20a5fd6c0f0a diff --git a/vendor/github.com/containers/image/directory/directory_dest.go b/vendor/github.com/containers/image/directory/directory_dest.go index 47d59d9fe..5f7443fa0 100644 --- a/vendor/github.com/containers/image/directory/directory_dest.go +++ b/vendor/github.com/containers/image/directory/directory_dest.go @@ -70,7 +70,7 @@ func newImageDestination(ref dirReference, compress bool) (types.ImageDestinatio } } // create version file - err = ioutil.WriteFile(d.ref.versionPath(), []byte(version), 0755) + err = ioutil.WriteFile(d.ref.versionPath(), []byte(version), 0644) if err != nil { return nil, errors.Wrapf(err, "error creating version file %q", d.ref.versionPath()) } diff --git a/vendor/github.com/containers/image/docker/docker_client.go b/vendor/github.com/containers/image/docker/docker_client.go index 217e9dcbf..ff1af8f65 100644 --- a/vendor/github.com/containers/image/docker/docker_client.go +++ b/vendor/github.com/containers/image/docker/docker_client.go @@ -8,7 +8,10 @@ import ( "io" "io/ioutil" "net/http" + "net/url" + "os" "path/filepath" + "strconv" "strings" "time" @@ -24,10 +27,9 @@ import ( ) const ( - dockerHostname = "docker.io" - dockerRegistry = "registry-1.docker.io" - - systemPerHostCertDirPath = "/etc/docker/certs.d" + dockerHostname = "docker.io" + dockerV1Hostname = "index.docker.io" + dockerRegistry = "registry-1.docker.io" resolvedPingV2URL = "%s://%s/v2/" resolvedPingV1URL = "%s://%s/v1/_ping" @@ -49,6 +51,7 @@ var ( ErrV1NotSupported = errors.New("can't talk to a V1 docker registry") // ErrUnauthorizedForCredentials is returned when the status code returned is 401 ErrUnauthorizedForCredentials = errors.New("unable to retrieve auth token: invalid username/password") + systemPerHostCertDirPaths = [2]string{"/etc/containers/certs.d", "/etc/docker/certs.d"} ) // extensionSignature and extensionSignatureList come from github.com/openshift/origin/pkg/dockerregistry/server/signaturedispatcher.go: @@ -66,9 +69,10 @@ type extensionSignatureList struct { } type bearerToken struct { - Token string `json:"token"` - ExpiresIn int `json:"expires_in"` - IssuedAt time.Time `json:"issued_at"` + Token string `json:"token"` + AccessToken string `json:"access_token"` + ExpiresIn int `json:"expires_in"` + IssuedAt time.Time `json:"issued_at"` } // dockerClient is configuration for dealing with a single Docker registry. @@ -96,6 +100,24 @@ type authScope struct { actions string } +func newBearerTokenFromJSONBlob(blob []byte) (*bearerToken, error) { + token := new(bearerToken) + if err := json.Unmarshal(blob, &token); err != nil { + return nil, err + } + if token.Token == "" { + token.Token = token.AccessToken + } + if token.ExpiresIn < minimumTokenLifetimeSeconds { + token.ExpiresIn = minimumTokenLifetimeSeconds + logrus.Debugf("Increasing token expiration to: %d seconds", token.ExpiresIn) + } + if token.IssuedAt.IsZero() { + token.IssuedAt = time.Now().UTC() + } + return token, nil +} + // this is cloned from docker/go-connections because upstream docker has changed // it and make deps here fails otherwise. // We'll drop this once we upgrade to docker 1.13.x deps. @@ -109,19 +131,42 @@ func serverDefault() *tls.Config { } // dockerCertDir returns a path to a directory to be consumed by tlsclientconfig.SetupCertificates() depending on ctx and hostPort. -func dockerCertDir(ctx *types.SystemContext, hostPort string) string { +func dockerCertDir(ctx *types.SystemContext, hostPort string) (string, error) { if ctx != nil && ctx.DockerCertPath != "" { - return ctx.DockerCertPath + return ctx.DockerCertPath, nil } - var hostCertDir string if ctx != nil && ctx.DockerPerHostCertDirPath != "" { - hostCertDir = ctx.DockerPerHostCertDirPath - } else if ctx != nil && ctx.RootForImplicitAbsolutePaths != "" { - hostCertDir = filepath.Join(ctx.RootForImplicitAbsolutePaths, systemPerHostCertDirPath) - } else { - hostCertDir = systemPerHostCertDirPath + return filepath.Join(ctx.DockerPerHostCertDirPath, hostPort), nil + } + + var ( + hostCertDir string + fullCertDirPath string + ) + for _, systemPerHostCertDirPath := range systemPerHostCertDirPaths { + if ctx != nil && ctx.RootForImplicitAbsolutePaths != "" { + hostCertDir = filepath.Join(ctx.RootForImplicitAbsolutePaths, systemPerHostCertDirPath) + } else { + hostCertDir = systemPerHostCertDirPath + } + + fullCertDirPath = filepath.Join(hostCertDir, hostPort) + _, err := os.Stat(fullCertDirPath) + if err == nil { + break + } + if os.IsNotExist(err) { + continue + } + if os.IsPermission(err) { + logrus.Debugf("error accessing certs directory due to permissions: %v", err) + continue + } + if err != nil { + return "", err + } } - return filepath.Join(hostCertDir, hostPort) + return fullCertDirPath, nil } // newDockerClientFromRef returns a new dockerClient instance for refHostname (a host a specified in the Docker image reference, not canonicalized to dockerRegistry) @@ -155,7 +200,10 @@ func newDockerClientWithDetails(ctx *types.SystemContext, registry, username, pa // dockerHostname here, because it is more symmetrical to read the configuration in that case as well, and because // generally the UI hides the existence of the different dockerRegistry. But note that this behavior is // undocumented and may change if docker/docker changes. - certDir := dockerCertDir(ctx, hostName) + certDir, err := dockerCertDir(ctx, hostName) + if err != nil { + return nil, err + } if err := tlsclientconfig.SetupCertificates(certDir, tr.TLSClientConfig); err != nil { return nil, err } @@ -202,6 +250,100 @@ func CheckAuth(ctx context.Context, sCtx *types.SystemContext, username, passwor } } +// SearchResult holds the information of each matching image +// It matches the output returned by the v1 endpoint +type SearchResult struct { + Name string `json:"name"` + Description string `json:"description"` + // StarCount states the number of stars the image has + StarCount int `json:"star_count"` + IsTrusted bool `json:"is_trusted"` + // IsAutomated states whether the image is an automated build + IsAutomated bool `json:"is_automated"` + // IsOfficial states whether the image is an official build + IsOfficial bool `json:"is_official"` +} + +// SearchRegistry queries a registry for images that contain "image" in their name +// The limit is the max number of results desired +// Note: The limit value doesn't work with all registries +// for example registry.access.redhat.com returns all the results without limiting it to the limit value +func SearchRegistry(ctx context.Context, sCtx *types.SystemContext, registry, image string, limit int) ([]SearchResult, error) { + type V2Results struct { + // Repositories holds the results returned by the /v2/_catalog endpoint + Repositories []string `json:"repositories"` + } + type V1Results struct { + // Results holds the results returned by the /v1/search endpoint + Results []SearchResult `json:"results"` + } + v2Res := &V2Results{} + v1Res := &V1Results{} + + // The /v2/_catalog endpoint has been disabled for docker.io therefore the call made to that endpoint will fail + // So using the v1 hostname for docker.io for simplicity of implementation and the fact that it returns search results + if registry == dockerHostname { + registry = dockerV1Hostname + } + + client, err := newDockerClientWithDetails(sCtx, registry, "", "", "", nil, "") + if err != nil { + return nil, errors.Wrapf(err, "error creating new docker client") + } + + logrus.Debugf("trying to talk to v2 search endpoint\n") + resp, err := client.makeRequest(ctx, "GET", "/v2/_catalog", nil, nil) + if err != nil { + logrus.Debugf("error getting search results from v2 endpoint %q: %v", registry, err) + } else { + defer resp.Body.Close() + if resp.StatusCode != http.StatusOK { + logrus.Debugf("error getting search results from v2 endpoint %q, status code %q", registry, resp.StatusCode) + } else { + if err := json.NewDecoder(resp.Body).Decode(v2Res); err != nil { + return nil, err + } + searchRes := []SearchResult{} + for _, repo := range v2Res.Repositories { + if strings.Contains(repo, image) { + res := SearchResult{ + Name: repo, + } + searchRes = append(searchRes, res) + } + } + return searchRes, nil + } + } + + // set up the query values for the v1 endpoint + u := url.URL{ + Path: "/v1/search", + } + q := u.Query() + q.Set("q", image) + q.Set("n", strconv.Itoa(limit)) + u.RawQuery = q.Encode() + + logrus.Debugf("trying to talk to v1 search endpoint\n") + resp, err = client.makeRequest(ctx, "GET", u.String(), nil, nil) + if err != nil { + logrus.Debugf("error getting search results from v1 endpoint %q: %v", registry, err) + } else { + defer resp.Body.Close() + if resp.StatusCode != http.StatusOK { + logrus.Debugf("error getting search results from v1 endpoint %q, status code %q", registry, resp.StatusCode) + } else { + if err := json.NewDecoder(resp.Body).Decode(v1Res); err != nil { + return nil, err + } + return v1Res.Results, nil + } + } + + return nil, errors.Wrapf(err, "couldn't search registry %q", registry) +} + // makeRequest creates and executes a http.Request with the specified parameters, adding authentication and TLS options for the Docker client. // The host name and schema is taken from the client or autodetected, and the path is relative to it, i.e. the path usually starts with /v2/. func (c *dockerClient) makeRequest(ctx context.Context, method, path string, headers map[string][]string, stream io.Reader) (*http.Response, error) { @@ -332,18 +474,8 @@ func (c *dockerClient) getBearerToken(ctx context.Context, realm, service, scope if err != nil { return nil, err } - var token bearerToken - if err := json.Unmarshal(tokenBlob, &token); err != nil { - return nil, err - } - if token.ExpiresIn < minimumTokenLifetimeSeconds { - token.ExpiresIn = minimumTokenLifetimeSeconds - logrus.Debugf("Increasing token expiration to: %d seconds", token.ExpiresIn) - } - if token.IssuedAt.IsZero() { - token.IssuedAt = time.Now().UTC() - } - return &token, nil + + return newBearerTokenFromJSONBlob(tokenBlob) } // detectProperties detects various properties of the registry. diff --git a/vendor/github.com/containers/image/docker/docker_image_dest.go b/vendor/github.com/containers/image/docker/docker_image_dest.go index 79c386225..2f3b6c2c3 100644 --- a/vendor/github.com/containers/image/docker/docker_image_dest.go +++ b/vendor/github.com/containers/image/docker/docker_image_dest.go @@ -131,7 +131,7 @@ func (d *dockerImageDestination) PutBlob(stream io.Reader, inputInfo types.BlobI defer res.Body.Close() if res.StatusCode != http.StatusAccepted { logrus.Debugf("Error initiating layer upload, response %#v", *res) - return types.BlobInfo{}, errors.Errorf("Error initiating layer upload to %s, status %d", uploadPath, res.StatusCode) + return types.BlobInfo{}, errors.Wrapf(client.HandleErrorResponse(res), "Error initiating layer upload to %s", uploadPath) } uploadLocation, err := res.Location() if err != nil { @@ -167,7 +167,7 @@ func (d *dockerImageDestination) PutBlob(stream io.Reader, inputInfo types.BlobI defer res.Body.Close() if res.StatusCode != http.StatusCreated { logrus.Debugf("Error uploading layer, response %#v", *res) - return types.BlobInfo{}, errors.Errorf("Error uploading layer to %s, status %d", uploadLocation, res.StatusCode) + return types.BlobInfo{}, errors.Wrapf(client.HandleErrorResponse(res), "Error uploading layer to %s", uploadLocation) } logrus.Debugf("Upload of layer %s complete", computedDigest) @@ -196,7 +196,7 @@ func (d *dockerImageDestination) HasBlob(info types.BlobInfo) (bool, int64, erro return true, getBlobSize(res), nil case http.StatusUnauthorized: logrus.Debugf("... not authorized") - return false, -1, errors.Errorf("not authorized to read from destination repository %s", reference.Path(d.ref.ref)) + return false, -1, client.HandleErrorResponse(res) case http.StatusNotFound: logrus.Debugf("... not present") return false, -1, nil @@ -447,7 +447,7 @@ sigExists: logrus.Debugf("Error body %s", string(body)) } logrus.Debugf("Error uploading signature, status %d, %#v", res.StatusCode, res) - return errors.Errorf("Error uploading signature to %s, status %d", path, res.StatusCode) + return errors.Wrapf(client.HandleErrorResponse(res), "Error uploading signature to %s", path) } } diff --git a/vendor/github.com/containers/image/image/oci.go b/vendor/github.com/containers/image/image/oci.go index 3c03e49bb..e7780c5a6 100644 --- a/vendor/github.com/containers/image/image/oci.go +++ b/vendor/github.com/containers/image/image/oci.go @@ -149,6 +149,16 @@ func (m *manifestOCI1) UpdatedImage(options types.ManifestUpdateOptions) (types. switch options.ManifestMIMEType { case "": // No conversion, OK + case manifest.DockerV2Schema1MediaType, manifest.DockerV2Schema1SignedMediaType: + // We can't directly convert to V1, but we can transitively convert via a V2 image + m2, err := copy.convertToManifestSchema2() + if err != nil { + return nil, err + } + return m2.UpdatedImage(types.ManifestUpdateOptions{ + ManifestMIMEType: options.ManifestMIMEType, + InformationOnly: options.InformationOnly, + }) case manifest.DockerV2Schema2MediaType: return copy.convertToManifestSchema2() default: diff --git a/vendor/github.com/containers/image/ostree/ostree_dest.go b/vendor/github.com/containers/image/ostree/ostree_dest.go index 8154c9851..d5f0ff80c 100644 --- a/vendor/github.com/containers/image/ostree/ostree_dest.go +++ b/vendor/github.com/containers/image/ostree/ostree_dest.go @@ -14,6 +14,7 @@ import ( "os/exec" "path/filepath" "strconv" + "strings" "syscall" "time" "unsafe" @@ -175,7 +176,10 @@ func fixFiles(selinuxHnd *C.struct_selabel_handle, root string, dir string, user if err != nil { return err } - relPath = fmt.Sprintf("/%s", relPath) + // Handle /exports/hostfs as a special case. Files under this directory are copied to the host, + // thus we benefit from maintaining the same SELinux label they would have on the host as we could + // use hard links instead of copying the files. + relPath = fmt.Sprintf("/%s", strings.TrimPrefix(relPath, "exports/hostfs/")) relPathC := C.CString(relPath) defer C.free(unsafe.Pointer(relPathC)) @@ -237,7 +241,7 @@ func generateTarSplitMetadata(output *bytes.Buffer, file string) error { } defer stream.Close() - gzReader, err := gzip.NewReader(stream) + gzReader, err := archive.DecompressStream(stream) if err != nil { return err } @@ -383,7 +387,7 @@ func (d *ostreeImageDestination) Commit() error { var selinuxHnd *C.struct_selabel_handle if os.Getuid() == 0 && selinux.GetEnabled() { - selinuxHnd, err := C.selabel_open(C.SELABEL_CTX_FILE, nil, 0) + selinuxHnd, err = C.selabel_open(C.SELABEL_CTX_FILE, nil, 0) if selinuxHnd == nil { return errors.Wrapf(err, "cannot open the SELinux DB") } diff --git a/vendor/github.com/containers/image/tarball/tarball_reference.go b/vendor/github.com/containers/image/tarball/tarball_reference.go index 4ccfb4063..a0819ac58 100644 --- a/vendor/github.com/containers/image/tarball/tarball_reference.go +++ b/vendor/github.com/containers/image/tarball/tarball_reference.go @@ -89,5 +89,5 @@ func (r *tarballReference) DeleteImage(ctx *types.SystemContext) error { } func (r *tarballReference) NewImageDestination(ctx *types.SystemContext) (types.ImageDestination, error) { - return nil, fmt.Errorf("destination not implemented yet") + return nil, fmt.Errorf(`"tarball:" locations can only be read from, not written to`) } |