diff options
| -rw-r--r-- | .golangci.yml | 29 | ||||
| -rw-r--r-- | Makefile | 2 | ||||
| -rw-r--r-- | cmd/podman/secrets/create.go | 2 | ||||
| -rw-r--r-- | contrib/spec/podman.spec.in | 23 | ||||
| -rw-r--r-- | dependencies/dependencies.go | 2 | ||||
| -rwxr-xr-x | hack/golangci-lint.sh | 2 | ||||
| -rw-r--r-- | pkg/api/handlers/compat/images_push.go | 41 | ||||
| -rw-r--r-- | pkg/domain/infra/abi/manifest.go | 2 | ||||
| -rw-r--r-- | test/apiv2/12-imagesMore.at | 18 | ||||
| -rw-r--r-- | test/system/600-completion.bats | 22 | ||||
| -rw-r--r-- | version/version.go | 2 |
11 files changed, 131 insertions, 14 deletions
diff --git a/.golangci.yml b/.golangci.yml index da22b7602..6e46d55cd 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -4,6 +4,7 @@ run: deadline: 5m skip-dirs-use-default: true skip-dirs: + - dependencies - contrib - dependencies - test @@ -17,6 +18,34 @@ linters: enable-all: true disable: # All these break for one reason or another + - nolintlint + - gocognit + - stylecheck + - testpackage + - goerr113 + - exhaustivestruct + - errorlint + - wrapcheck + - paralleltest + - wsl + - godox + - tparallel + - gomnd + - nlreturn + - noctx + - nestif + - predeclared + - thelper + - ifshort + - staticcheck + - forbidigo + - exhaustive + - whitespace + - unparam + - gofumpt + - gci + - godot + - makezero - dupl - funlen - gochecknoglobals @@ -619,7 +619,7 @@ endef .PHONY: .install.golangci-lint .install.golangci-lint: .gopathok - VERSION=1.18.0 GOBIN=$(GOBIN) sh ./hack/install_golangci.sh + VERSION=1.36.0 GOBIN=$(GOBIN) sh ./hack/install_golangci.sh .PHONY: .install.bats .install.bats: .gopathok diff --git a/cmd/podman/secrets/create.go b/cmd/podman/secrets/create.go index e58ab57cd..ef5d703ca 100644 --- a/cmd/podman/secrets/create.go +++ b/cmd/podman/secrets/create.go @@ -16,7 +16,7 @@ import ( var ( createCmd = &cobra.Command{ - Use: "create [options] SECRET FILE|-", + Use: "create [options] NAME FILE|-", Short: "Create a new secret", Long: "Create a secret. Input can be a path to a file or \"-\" (read from stdin). Default driver is file (unencrypted).", RunE: create, diff --git a/contrib/spec/podman.spec.in b/contrib/spec/podman.spec.in index db79ebede..662234f71 100644 --- a/contrib/spec/podman.spec.in +++ b/contrib/spec/podman.spec.in @@ -380,6 +380,29 @@ tar zxf %{SOURCE1} %build mkdir _build pushd _build + +# These flags should work for all rpm distros and arches +export CGO_CFLAGS="-O2 -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -ffat-lto-objects -fexceptions -fasynchronous-unwind-tables -fstack-protector-strong -fstack-clash-protection -D_GNU_SOURCE -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE" + +%if 0%{?fedora} || 0%{?rhel} +# This flag is only present on RH-family distros +export CGO_CFLAGS+=" -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1" +%endif + +%ifnarch %{ix86} +# Build fails on i686 with this flag +export CGO_CFLAGS+=" -D_FILE_OFFSET_BITS=64" +%endif + +%ifarch x86_64 +# Builds only on x86_64 with this flag +export CGO_CFLAGS+=" -m64 -mtune=generic" +%if 0%{?fedora} || 0%{?rhel} >= 8 +# Build fails on rhel7 and non-86_64 with this flag +export CGO_CFLAGS+=" -fcf-protection" +%endif +%endif + mkdir -p src/%{provider}.%{provider_tld}/%{project} ln -s ../../../../ src/%{import_path} popd diff --git a/dependencies/dependencies.go b/dependencies/dependencies.go index b03ab149b..b1b0aee08 100644 --- a/dependencies/dependencies.go +++ b/dependencies/dependencies.go @@ -1,3 +1,5 @@ +// +build !linter + package dependencies import ( diff --git a/hack/golangci-lint.sh b/hack/golangci-lint.sh index 5be750129..bcb83a2fd 100755 --- a/hack/golangci-lint.sh +++ b/hack/golangci-lint.sh @@ -5,7 +5,7 @@ set -e declare -A BUILD_TAGS # TODO: add systemd tag -BUILD_TAGS[default]="apparmor,seccomp,selinux" +BUILD_TAGS[default]="apparmor,seccomp,selinux,linter" BUILD_TAGS[abi]="${BUILD_TAGS[default]},!remoteclient" BUILD_TAGS[tunnel]="${BUILD_TAGS[default]},remote,remoteclient" diff --git a/pkg/api/handlers/compat/images_push.go b/pkg/api/handlers/compat/images_push.go index 34b53f34e..77d891546 100644 --- a/pkg/api/handlers/compat/images_push.go +++ b/pkg/api/handlers/compat/images_push.go @@ -1,6 +1,8 @@ package compat import ( + "fmt" + "io/ioutil" "net/http" "strings" @@ -19,6 +21,14 @@ import ( func PushImage(w http.ResponseWriter, r *http.Request) { decoder := r.Context().Value("decoder").(*schema.Decoder) runtime := r.Context().Value("runtime").(*libpod.Runtime) + + digestFile, err := ioutil.TempFile("", "digest.txt") + if err != nil { + utils.Error(w, "unable to create digest tempfile", http.StatusInternalServerError, errors.Wrap(err, "unable to create tempfile")) + return + } + defer digestFile.Close() + // Now use the ABI implementation to prevent us from having duplicate // code. imageEngine := abi.ImageEngine{Libpod: runtime} @@ -65,12 +75,13 @@ func PushImage(w http.ResponseWriter, r *http.Request) { password = authconf.Password } options := entities.ImagePushOptions{ - All: query.All, - Authfile: authfile, - Compress: query.Compress, - Format: query.Format, - Password: password, - Username: username, + All: query.All, + Authfile: authfile, + Compress: query.Compress, + Format: query.Format, + Password: password, + Username: username, + DigestFile: digestFile.Name(), } if _, found := r.URL.Query()["tlsVerify"]; found { options.SkipTLSVerify = types.NewOptionalBool(!query.TLSVerify) @@ -93,5 +104,21 @@ func PushImage(w http.ResponseWriter, r *http.Request) { return } - utils.WriteResponse(w, http.StatusOK, "") + digestBytes, err := ioutil.ReadAll(digestFile) + if err != nil { + utils.Error(w, "Something went wrong.", http.StatusInternalServerError, errors.Wrap(err, "failed to read digest tmp file")) + return + } + + tag := query.Tag + if tag == "" { + tag = "latest" + } + respData := struct { + Status string `json:"status"` + }{ + Status: fmt.Sprintf("%s: digest: %s size: null", tag, string(digestBytes)), + } + + utils.WriteJSON(w, http.StatusOK, &respData) } diff --git a/pkg/domain/infra/abi/manifest.go b/pkg/domain/infra/abi/manifest.go index 626f1f7bf..da7482407 100644 --- a/pkg/domain/infra/abi/manifest.go +++ b/pkg/domain/infra/abi/manifest.go @@ -1,5 +1,3 @@ -// +build !remote - package abi import ( diff --git a/test/apiv2/12-imagesMore.at b/test/apiv2/12-imagesMore.at index fe6a271ce..4f3ddf925 100644 --- a/test/apiv2/12-imagesMore.at +++ b/test/apiv2/12-imagesMore.at @@ -3,6 +3,9 @@ # Tests for more image-related endpoints # +red='\e[31m' +nc='\e[0m' + podman pull -q $IMAGE t GET libpod/images/json 200 \ @@ -26,6 +29,17 @@ t GET libpod/images/$IMAGE/json 200 \ podman run -d --name registry -p 5000:5000 quay.io/libpod/registry:2.6 /entrypoint.sh /etc/docker/registry/config.yml wait_for_port localhost 5000 +# Push to local registry and check output +while read -r LINE +do + if echo "${LINE}" | jq --exit-status 'select( .status != null) | select ( .status | contains("digest: sha256:"))' &>/dev/null; then + GOT_DIGEST="1" + fi +done < <(curl -sL "http://$HOST:$PORT/images/localhost:5000/myrepo/push?tlsVerify=false&tag=mytag" -XPOST) +if [ -z "${GOT_DIGEST}" ] ; then + echo -e "${red}not ok: did not found digest in output${nc}" 1>&2; +fi + # Push to local registry t POST "images/localhost:5000/myrepo/push?tlsVerify=false&tag=mytag" '' 200 @@ -43,3 +57,7 @@ t DELETE libpod/images/$IMAGE 200 \ .ExitCode=0 t DELETE libpod/images/quay.io/libpod/registry:2.6 200 \ .ExitCode=0 + +if [ -z "${GOT_DIGEST}" ] ; then + exit 1; +fi diff --git a/test/system/600-completion.bats b/test/system/600-completion.bats index 8cac2c9aa..fbb0da231 100644 --- a/test/system/600-completion.bats +++ b/test/system/600-completion.bats @@ -157,7 +157,17 @@ function check_shell_completion() { # resume ;;& - *PATH* | *CONTEXT* | *KUBEFILE* | *COMMAND* | *ARG...* | *URI*) + *SECRET*) + run_completion "$@" $cmd "${extra_args[@]}" "" + is "$output" ".*$random_secret_name${nl}" \ + "$* $cmd: actual secret listed in suggestions" + _check_completion_end NoFileComp + + match=true + # resume + ;;& + + *PATH* | *CONTEXT* | *FILE* | *COMMAND* | *ARG...* | *URI*) # default shell completion should be done for everything which accepts a path run_completion "$@" $cmd "${extra_args[@]}" "" @@ -232,6 +242,11 @@ function _check_completion_end() { random_image_tag=$(random_string 5) random_network_name=$(random_string 30) random_volume_name=$(random_string 30) + random_secret_name=$(random_string 30) + random_secret_content=$(random_string 30) + secret_file=$PODMAN_TMPDIR/$(random_string 10) + + echo $random_secret_content > $secret_file # create a container for each state since some commands are only suggesting running container for example run_podman create --name created-$random_container_name $IMAGE @@ -263,6 +278,8 @@ function _check_completion_end() { # create volume run_podman volume create $random_volume_name + # create secret + run_podman secret create $random_secret_name $secret_file # $PODMAN may be a space-separated string, e.g. if we include a --url. local -a podman_as_array=($PODMAN) @@ -274,6 +291,9 @@ function _check_completion_end() { check_shell_completion # cleanup + run_podman secret rm $random_secret_name + rm -f $secret_file + run_podman volume rm $random_volume_name run_podman network rm $random_network_name diff --git a/version/version.go b/version/version.go index 0bba0147b..520014bb7 100644 --- a/version/version.go +++ b/version/version.go @@ -8,7 +8,7 @@ import ( // NOTE: remember to bump the version at the top // of the top-level README.md file when this is // bumped. -var Version = semver.MustParse("3.0.0-dev") +var Version = semver.MustParse("3.1.0-dev") // APIVersion is the version for the remote // client API. It is used to determine compatibility |