diff options
57 files changed, 476 insertions, 153 deletions
diff --git a/cmd/podman-mac-helper/install.go b/cmd/podman-mac-helper/install.go index 7f623ecb6..a1b99e66c 100644 --- a/cmd/podman-mac-helper/install.go +++ b/cmd/podman-mac-helper/install.go @@ -197,7 +197,7 @@ func installExecutable(user string) (string, error) { // suffix. The goal is to help users harden against privilege escalation from loose // filesystem permissions. // - // Since userpsace package management tools, such as brew, delegate management of system + // Since userspace package management tools, such as brew, delegate management of system // paths to standard unix users, the daemon executable is copied into a separate more // restricted area of the filesystem. if err := verifyRootDeep(installPrefix); err != nil { diff --git a/cmd/podman/images/import.go b/cmd/podman/images/import.go index 47f2a798d..1910fef6d 100644 --- a/cmd/podman/images/import.go +++ b/cmd/podman/images/import.go @@ -118,14 +118,14 @@ func importCon(cmd *cobra.Command, args []string) error { if source == "-" { outFile, err := ioutil.TempFile("", "podman") if err != nil { - return errors.Errorf("error creating file %v", err) + return errors.Errorf("creating file %v", err) } defer os.Remove(outFile.Name()) defer outFile.Close() _, err = io.Copy(outFile, os.Stdin) if err != nil { - return errors.Errorf("error copying file %v", err) + return errors.Errorf("copying file %v", err) } source = outFile.Name() } diff --git a/cmd/podman/images/load.go b/cmd/podman/images/load.go index bbcfe93ce..30f88b02b 100644 --- a/cmd/podman/images/load.go +++ b/cmd/podman/images/load.go @@ -95,14 +95,14 @@ func load(cmd *cobra.Command, args []string) error { } outFile, err := ioutil.TempFile(util.Tmpdir(), "podman") if err != nil { - return errors.Errorf("error creating file %v", err) + return errors.Errorf("creating file %v", err) } defer os.Remove(outFile.Name()) defer outFile.Close() _, err = io.Copy(outFile, os.Stdin) if err != nil { - return errors.Errorf("error copying file %v", err) + return errors.Errorf("copying file %v", err) } loadOpts.Input = outFile.Name() } diff --git a/cmd/podman/images/scp.go b/cmd/podman/images/scp.go index 152275c68..51a9d1c4e 100644 --- a/cmd/podman/images/scp.go +++ b/cmd/podman/images/scp.go @@ -268,7 +268,7 @@ func saveToRemote(image, localFile string, tag string, uri *urlP.URL, iden strin } n, err := scpD.CopyFrom(dial, remoteFile, localFile) if _, conErr := connection.ExecRemoteCommand(dial, "rm "+remoteFile); conErr != nil { - logrus.Errorf("Error removing file on endpoint: %v", conErr) + logrus.Errorf("Removing file on endpoint: %v", conErr) } if err != nil { errOut := strconv.Itoa(int(n)) + " Bytes copied before error" diff --git a/cmd/podman/inspect/inspect.go b/cmd/podman/inspect/inspect.go index ef8a06163..b26b2d667 100644 --- a/cmd/podman/inspect/inspect.go +++ b/cmd/podman/inspect/inspect.go @@ -231,7 +231,7 @@ func (i *inspector) inspect(namesOrIDs []string) error { fmt.Fprintf(os.Stderr, "error inspecting object: %v\n", err) } } - return errors.Errorf("error inspecting object: %v", errs[0]) + return errors.Errorf("inspecting object: %v", errs[0]) } return nil } diff --git a/cmd/podman/machine/init.go b/cmd/podman/machine/init.go index e07b6fbfa..8fb17cf54 100644 --- a/cmd/podman/machine/init.go +++ b/cmd/podman/machine/init.go @@ -102,7 +102,7 @@ func init() { _ = initCmd.RegisterFlagCompletionFunc(IgnitionPathFlagName, completion.AutocompleteDefault) rootfulFlagName := "rootful" - flags.BoolVar(&initOpts.Rootful, rootfulFlagName, false, "Whether this machine should prefer rootful container exectution") + flags.BoolVar(&initOpts.Rootful, rootfulFlagName, false, "Whether this machine should prefer rootful container execution") } // TODO should we allow for a users to append to the qemu cmdline? diff --git a/cmd/podman/pods/create.go b/cmd/podman/pods/create.go index ab3a6d578..b45ed0d39 100644 --- a/cmd/podman/pods/create.go +++ b/cmd/podman/pods/create.go @@ -179,7 +179,7 @@ func create(cmd *cobra.Command, args []string) error { return errors.Errorf("pod id file exists. Ensure another pod is not using it or delete %s", podIDFile) } if err != nil { - return errors.Errorf("error opening pod-id-file %s", podIDFile) + return errors.Errorf("opening pod-id-file %s", podIDFile) } defer errorhandling.CloseQuiet(podIDFD) defer errorhandling.SyncQuiet(podIDFD) diff --git a/cmd/podman/secrets/inspect.go b/cmd/podman/secrets/inspect.go index 1948fef49..0977434f7 100644 --- a/cmd/podman/secrets/inspect.go +++ b/cmd/podman/secrets/inspect.go @@ -76,7 +76,7 @@ func inspect(cmd *cobra.Command, args []string) error { fmt.Fprintf(os.Stderr, "error inspecting secret: %v\n", err) } } - return errors.Errorf("error inspecting secret: %v", errs[0]) + return errors.Errorf("inspecting secret: %v", errs[0]) } return nil } diff --git a/cmd/podman/system/dial_stdio.go b/cmd/podman/system/dial_stdio.go index f3445a49d..8b665bedc 100644 --- a/cmd/podman/system/dial_stdio.go +++ b/cmd/podman/system/dial_stdio.go @@ -88,10 +88,10 @@ func runDialStdio() error { func copier(to halfWriteCloser, from halfReadCloser, debugDescription string) error { defer func() { if err := from.CloseRead(); err != nil { - logrus.Errorf("error while CloseRead (%s): %v", debugDescription, err) + logrus.Errorf("while CloseRead (%s): %v", debugDescription, err) } if err := to.CloseWrite(); err != nil { - logrus.Errorf("error while CloseWrite (%s): %v", debugDescription, err) + logrus.Errorf("while CloseWrite (%s): %v", debugDescription, err) } }() if _, err := io.Copy(to, from); err != nil { diff --git a/cmd/podman/utils/error.go b/cmd/podman/utils/error.go index b3b54876f..2aaa71373 100644 --- a/cmd/podman/utils/error.go +++ b/cmd/podman/utils/error.go @@ -41,5 +41,5 @@ func ExitCodeFromBuildError(errorMsg string) (int, error) { return buildahCLI.ExecErrorCodeGeneric, err } } - return buildahCLI.ExecErrorCodeGeneric, errors.New("error message does not contains a valid exit code") + return buildahCLI.ExecErrorCodeGeneric, errors.New("message does not contains a valid exit code") } diff --git a/contrib/cirrus/setup_environment.sh b/contrib/cirrus/setup_environment.sh index 864c78484..906a898b2 100755 --- a/contrib/cirrus/setup_environment.sh +++ b/contrib/cirrus/setup_environment.sh @@ -36,6 +36,8 @@ do fi done +cp hack/podman-registry /bin + # Make sure cni network plugins directory exists mkdir -p /etc/cni/net.d diff --git a/contrib/helloimage/README.md b/contrib/helloimage/README.md index ca69f87b4..528466f7b 100644 --- a/contrib/helloimage/README.md +++ b/contrib/helloimage/README.md @@ -12,7 +12,7 @@ Using this image is helpful to: * Prove that basic Podman operations are working on the host. * Shows that the image was pulled from the quay.io container registry. - * Container creation was successfuly accomplished. (`podman ps -a`) + * Container creation was successfully accomplished. (`podman ps -a`) * The created container was able to stream output to your terminal. ## Directory Contents diff --git a/docs/source/markdown/podman-generate-systemd.1.md b/docs/source/markdown/podman-generate-systemd.1.md index 32d5d2bc4..650ffa52f 100644 --- a/docs/source/markdown/podman-generate-systemd.1.md +++ b/docs/source/markdown/podman-generate-systemd.1.md @@ -224,7 +224,7 @@ To run the user services placed in `$HOME/.config/systemd/user` on first login o ``` $ systemctl --user enable <.service> ``` -The systemd user instance is killed after the last session for the user is closed. The systemd user instance can be kept running ever after the user logs out by enabling `lingering` using +The systemd user instance is killed after the last session for the user is closed. The systemd user instance can be started at boot and kept running even after the user logs out by enabling `lingering` using ``` $ loginctl enable-linger <username> diff --git a/docs/source/markdown/podman-images.1.md b/docs/source/markdown/podman-images.1.md index f81ea5a20..e28df840d 100644 --- a/docs/source/markdown/podman-images.1.md +++ b/docs/source/markdown/podman-images.1.md @@ -27,30 +27,45 @@ Show image digests Provide filter values. -The *filters* argument format is of `key=value`. If there is more than one *filter*, then pass multiple OPTIONS: **--filter** *foo=bar* **--filter** *bif=baz*. +The *filters* argument format is of `key=value` or `key!=value`. If there is more than one *filter*, then pass multiple OPTIONS: **--filter** *foo=bar* **--filter** *bif=baz*. Supported filters: | Filter | Description | | :----------------: | --------------------------------------------------------------------------------------------- | +| *id* | Filter by image id. | | *before* | Filter by images created before the given IMAGE (name or tag). | +| *containers* | Filter by images with a running container. | | *dangling* | Filter by dangling (unused) images. | +| *intermediate* | Filter by images that are dangling and have no children | | *label* | Filter by images with (or without, in the case of label!=[...] is used) the specified labels. | +| *manifest* | Filter by images that are manifest lists. | | *readonly* | Filter by read-only or read/write images. | | *reference* | Filter by image name. | -| *since* | Filter by images created after the given IMAGE (name or tag). | +| *after*/*since* | Filter by images created after the given IMAGE (name or tag). | +| *until* | Filter by images created until the given duration or time. | + +The `id` *filter* accepts the image id string. The `before` *filter* accepts formats: `<image-name>[:<tag>]`, `<image id>` or `<image@digest>`. +The `containers` *filter* shows images that have a running container based on that image. + The `dangling` *filter* shows images that are taking up disk space and serve no purpose. Dangling image is a file system layer that was used in a previous build of an image and is no longer referenced by any image. They are denoted with the `<none>` tag, consume disk space and serve no active purpose. +The `intermediate` *filter* shows images that are dangling and have no children. + The `label` *filter* accepts two formats. One is the `label`=*key* or `label`=*key*=*value*, which shows images with the specified labels. The other format is the `label!`=*key* or `label!`=*key*=*value*, which shows images without the specified labels. +The `manifest` *filter* shows images that are manifest lists. + The `readonly` *filter* shows, as a default, both read-only and read/write images. Read-only images can be configured by modifying the `additionalimagestores` in the `/etc/containers/storage.conf` file. The `reference` *filter* accepts the pattern of an image reference `<image-name>[:<tag>]`. -The `since` *filter* accepts formats: `<image-name>[:<tag>]`, `<image id>` or `<image@digest>`. +The `after` or `since` *filter* accepts formats: `<image-name>[:<tag>]`, `<image id>` or `<image@digest>`. + +The `until` *filter* accepts formats: golang duration, RFC3339 time, or a Unix timestamp and shows all images that are created until that time. #### **--format**=*format* @@ -12,7 +12,7 @@ require ( github.com/containernetworking/cni v1.0.1 github.com/containernetworking/plugins v1.1.1 github.com/containers/buildah v1.24.3-0.20220310160415-5ec70bf01ea5 - github.com/containers/common v0.47.5-0.20220318125043-0ededd18a1f9 + github.com/containers/common v0.47.5-0.20220323125147-7dc6e944d625 github.com/containers/conmon v2.0.20+incompatible github.com/containers/image/v5 v5.20.1-0.20220310094651-0d8056ee346f github.com/containers/ocicrypt v1.1.3 @@ -24,7 +24,7 @@ require ( github.com/davecgh/go-spew v1.1.1 github.com/digitalocean/go-qemu v0.0.0-20210326154740-ac9e0b687001 github.com/docker/distribution v2.8.1+incompatible - github.com/docker/docker v20.10.13+incompatible + github.com/docker/docker v20.10.14+incompatible github.com/docker/go-connections v0.4.1-0.20210727194412-58542c764a11 github.com/docker/go-plugins-helpers v0.0.0-20211224144127-6eecb7beb651 github.com/docker/go-units v0.4.0 @@ -355,8 +355,8 @@ github.com/containernetworking/plugins v1.1.1/go.mod h1:Sr5TH/eBsGLXK/h71HeLfX19 github.com/containers/buildah v1.24.3-0.20220310160415-5ec70bf01ea5 h1:RMJG1wCPQqZX7o9xGzpmR0U7NppgquSQunTi8qmP9Do= github.com/containers/buildah v1.24.3-0.20220310160415-5ec70bf01ea5/go.mod h1:C5+kt1nmYVf1N+/pk4WepycLD+m4lEIRgJQ0eXqhADo= github.com/containers/common v0.47.4/go.mod h1:HgX0mFXyB0Tbe2REEIp9x9CxET6iSzmHfwR6S/t2LZc= -github.com/containers/common v0.47.5-0.20220318125043-0ededd18a1f9 h1:+uNhZTl7nBm4GLCKb4Np8BDhw2uMmC8+D/KuH8nIjGA= -github.com/containers/common v0.47.5-0.20220318125043-0ededd18a1f9/go.mod h1:j1nTHtSRoBgVqAoV6X13EGIrTU5jP1GYyEsE4N9DXng= +github.com/containers/common v0.47.5-0.20220323125147-7dc6e944d625 h1:5DjLA4CnjyBKyNgmzB1TDV2Rd3uTBPrLdlSQM0/Fw9c= +github.com/containers/common v0.47.5-0.20220323125147-7dc6e944d625/go.mod h1:2BKzvlHRLfsdBTCu5IvIxhHS+RcH3J53UDh/DpWInJg= github.com/containers/conmon v2.0.20+incompatible h1:YbCVSFSCqFjjVwHTPINGdMX1F6JXHGTUje2ZYobNrkg= github.com/containers/conmon v2.0.20+incompatible/go.mod h1:hgwZ2mtuDrppv78a/cOBNiCm6O0UMWGx1mu7P00nu5I= github.com/containers/image/v5 v5.19.1/go.mod h1:ewoo3u+TpJvGmsz64XgzbyTHwHtM94q7mgK/pX+v2SE= @@ -448,8 +448,9 @@ github.com/docker/distribution v2.8.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4Kfc github.com/docker/docker v1.4.2-0.20190924003213-a8608b5b67c7/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker v20.10.3-0.20220208084023-a5c757555091+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker v20.10.12+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= -github.com/docker/docker v20.10.13+incompatible h1:5s7uxnKZG+b8hYWlPYUi6x1Sjpq2MSt96d15eLZeHyw= github.com/docker/docker v20.10.13+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/docker v20.10.14+incompatible h1:+T9/PRYWNDo5SZl5qS1r9Mo/0Q8AwxKKPtu9S1yxM0w= +github.com/docker/docker v20.10.14+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker-credential-helpers v0.6.3/go.mod h1:WRaJzqw3CTB9bk10avuGsjVBZsD05qeibJ1/TYlvc0Y= github.com/docker/docker-credential-helpers v0.6.4 h1:axCks+yV+2MR3/kZhAmy07yC56WZ2Pwu/fKWtKuZB0o= github.com/docker/docker-credential-helpers v0.6.4/go.mod h1:ofX3UI0Gz1TteYBjtgs07O36Pyasyp66D2uKT7H8W1c= diff --git a/hack/xref-helpmsgs-manpages b/hack/xref-helpmsgs-manpages index 33ba43e9b..1f022531e 100755 --- a/hack/xref-helpmsgs-manpages +++ b/hack/xref-helpmsgs-manpages @@ -298,7 +298,7 @@ sub podman_man { $previous_flag = ''; } elsif ($line =~ /^###\s+\w+\s+OPTIONS/) { - # poaman image trust has sections for set & show + # podman image trust has sections for set & show $section = 'flags'; $previous_flag = ''; } diff --git a/libpod/networking_linux.go b/libpod/networking_linux.go index 20c8059a5..db36ac75d 100644 --- a/libpod/networking_linux.go +++ b/libpod/networking_linux.go @@ -1002,7 +1002,7 @@ func (c *Container) getContainerNetworkInfo() (*define.InspectNetworkSettings, e } } // do not propagate error inspecting a joined network ns - logrus.Errorf("Error inspecting network namespace: %s of container %s: %v", networkNSPath, c.ID(), err) + logrus.Errorf("Inspecting network namespace: %s of container %s: %v", networkNSPath, c.ID(), err) } // We can't do more if the network is down. diff --git a/libpod/networking_slirp4netns.go b/libpod/networking_slirp4netns.go index a7a002657..b0247dc5c 100644 --- a/libpod/networking_slirp4netns.go +++ b/libpod/networking_slirp4netns.go @@ -338,7 +338,7 @@ func (r *Runtime) setupSlirp4netns(ctr *Container, netns ns.NetNS) error { return err } - // wait until slirp4nets is ready before reseting this value + // wait until slirp4nets is ready before resetting this value slirpReadyWg.Wait() return ioutil.WriteFile(ipv6ConfDefaultAcceptDadSysctl, orgValue, 0644) }) @@ -662,7 +662,7 @@ func (r *Runtime) setupRootlessPortMappingViaSlirp(ctr *Container, cmd *exec.Cmd return errors.Wrapf(err, "error parsing error status from slirp4netns") } if e, found := y["error"]; found { - return errors.Errorf("error from slirp4netns while setting up port redirection: %v", e) + return errors.Errorf("from slirp4netns while setting up port redirection: %v", e) } } logrus.Debug("slirp4netns port-forwarding setup via add_hostfwd is ready") diff --git a/pkg/api/handlers/libpod/manifests.go b/pkg/api/handlers/libpod/manifests.go index ad662f32c..b823a56b6 100644 --- a/pkg/api/handlers/libpod/manifests.go +++ b/pkg/api/handlers/libpod/manifests.go @@ -162,13 +162,35 @@ func ManifestAdd(w http.ResponseWriter, r *http.Request) { // Wrapper to support 3.x with 4.x libpod query := struct { entities.ManifestAddOptions - Images []string + Images []string + TLSVerify bool `schema:"tlsVerify"` }{} if err := json.NewDecoder(r.Body).Decode(&query); err != nil { utils.Error(w, http.StatusInternalServerError, errors.Wrap(err, "Decode()")) return } + authconf, authfile, err := auth.GetCredentials(r) + if err != nil { + utils.Error(w, http.StatusBadRequest, err) + return + } + defer auth.RemoveAuthfile(authfile) + var username, password string + if authconf != nil { + username = authconf.Username + password = authconf.Password + } + query.ManifestAddOptions.Authfile = authfile + query.ManifestAddOptions.Username = username + query.ManifestAddOptions.Password = password + if sys := runtime.SystemContext(); sys != nil { + query.ManifestAddOptions.CertDir = sys.DockerCertPath + } + if _, found := r.URL.Query()["tlsVerify"]; found { + query.SkipTLSVerify = types.NewOptionalBool(!query.TLSVerify) + } + name := utils.GetName(r) if _, err := runtime.LibimageRuntime().LookupManifestList(name); err != nil { utils.Error(w, http.StatusNotFound, err) @@ -271,7 +293,7 @@ func ManifestPushV3(w http.ResponseWriter, r *http.Request) { utils.Error(w, http.StatusBadRequest, errors.Wrapf(err, "error pushing image %q", query.Destination)) return } - utils.WriteResponse(w, http.StatusOK, digest) + utils.WriteResponse(w, http.StatusOK, handlers.IDResponse{ID: digest}) } // ManifestPush push image to registry @@ -350,6 +372,24 @@ func ManifestModify(w http.ResponseWriter, r *http.Request) { return } + authconf, authfile, err := auth.GetCredentials(r) + if err != nil { + utils.Error(w, http.StatusBadRequest, err) + return + } + defer auth.RemoveAuthfile(authfile) + var username, password string + if authconf != nil { + username = authconf.Username + password = authconf.Password + } + body.ManifestAddOptions.Authfile = authfile + body.ManifestAddOptions.Username = username + body.ManifestAddOptions.Password = password + if sys := runtime.SystemContext(); sys != nil { + body.ManifestAddOptions.CertDir = sys.DockerCertPath + } + var report entities.ManifestModifyReport switch { case strings.EqualFold("update", body.Operation): diff --git a/pkg/bindings/containers/attach.go b/pkg/bindings/containers/attach.go index 0c6ebdd2f..80702ea98 100644 --- a/pkg/bindings/containers/attach.go +++ b/pkg/bindings/containers/attach.go @@ -242,7 +242,7 @@ func Attach(ctx context.Context, nameOrID string, stdin io.Reader, stdout io.Wri } } case fd == 3: - return fmt.Errorf("error from service from stream: %s", frame) + return fmt.Errorf("from service from stream: %s", frame) default: return fmt.Errorf("unrecognized channel '%d' in header, 0-3 supported", fd) } @@ -562,7 +562,7 @@ func ExecStartAndAttach(ctx context.Context, sessionID string, options *ExecStar } } case fd == 3: - return fmt.Errorf("error from service from stream: %s", frame) + return fmt.Errorf("from service from stream: %s", frame) default: return fmt.Errorf("unrecognized channel '%d' in header, 0-3 supported", fd) } diff --git a/pkg/bindings/containers/logs.go b/pkg/bindings/containers/logs.go index 7f7f07395..8ea8ed7fa 100644 --- a/pkg/bindings/containers/logs.go +++ b/pkg/bindings/containers/logs.go @@ -57,7 +57,7 @@ func Logs(ctx context.Context, nameOrID string, options *LogOptions, stdoutChan, case 2: stderrChan <- string(frame) case 3: - return errors.New("error from service in stream: " + string(frame)) + return errors.New("from service in stream: " + string(frame)) default: return fmt.Errorf("unrecognized input header: %d", fd) } diff --git a/pkg/bindings/errors.go b/pkg/bindings/errors.go index 44973eb41..eb95764ba 100644 --- a/pkg/bindings/errors.go +++ b/pkg/bindings/errors.go @@ -54,6 +54,6 @@ func CheckResponseCode(inError error) (int, error) { case *errorhandling.PodConflictErrorModel: return e.Code(), nil default: - return -1, errors.New("error is not type ErrorModel") + return -1, errors.New("is not type ErrorModel") } } diff --git a/pkg/bindings/images/build.go b/pkg/bindings/images/build.go index 1ed3f19de..e1b427742 100644 --- a/pkg/bindings/images/build.go +++ b/pkg/bindings/images/build.go @@ -575,7 +575,7 @@ func nTar(excludes []string, sources ...string) (io.ReadCloser, error) { if err != io.EOF { return nil // non empty root dir, need to return } else if err != nil { - logrus.Errorf("Error while reading directory %v: %v", path, err) + logrus.Errorf("While reading directory %v: %v", path, err) } } name := filepath.ToSlash(strings.TrimPrefix(path, s+string(filepath.Separator))) diff --git a/pkg/bindings/manifests/manifests.go b/pkg/bindings/manifests/manifests.go index f7cd0d262..70b3819f5 100644 --- a/pkg/bindings/manifests/manifests.go +++ b/pkg/bindings/manifests/manifests.go @@ -10,7 +10,9 @@ import ( "github.com/blang/semver" "github.com/containers/image/v5/manifest" + imageTypes "github.com/containers/image/v5/types" "github.com/containers/podman/v4/pkg/api/handlers" + "github.com/containers/podman/v4/pkg/auth" "github.com/containers/podman/v4/pkg/bindings" "github.com/containers/podman/v4/pkg/bindings/images" "github.com/containers/podman/v4/pkg/domain/entities" @@ -95,15 +97,19 @@ func Add(ctx context.Context, name string, options *AddOptions) (string, error) if bindings.ServiceVersion(ctx).GTE(semver.MustParse("4.0.0")) { optionsv4 := ModifyOptions{ - All: options.All, - Annotations: options.Annotation, - Arch: options.Arch, - Features: options.Features, - Images: options.Images, - OS: options.OS, - OSFeatures: nil, - OSVersion: options.OSVersion, - Variant: options.Variant, + All: options.All, + Annotations: options.Annotation, + Arch: options.Arch, + Features: options.Features, + Images: options.Images, + OS: options.OS, + OSFeatures: nil, + OSVersion: options.OSVersion, + Variant: options.Variant, + Username: options.Username, + Password: options.Password, + Authfile: options.Authfile, + SkipTLSVerify: options.SkipTLSVerify, } optionsv4.WithOperation("update") return Modify(ctx, name, options.Images, &optionsv4) @@ -120,11 +126,27 @@ func Add(ctx context.Context, name string, options *AddOptions) (string, error) } reader := strings.NewReader(opts) - headers := make(http.Header) + header, err := auth.MakeXRegistryAuthHeader(&imageTypes.SystemContext{AuthFilePath: options.GetAuthfile()}, options.GetUsername(), options.GetPassword()) + if err != nil { + return "", err + } + + params, err := options.ToParams() + if err != nil { + return "", err + } + // SkipTLSVerify is special. We need to delete the param added by + // ToParams() and change the key and flip the bool + if options.SkipTLSVerify != nil { + params.Del("SkipTLSVerify") + params.Set("tlsVerify", strconv.FormatBool(!options.GetSkipTLSVerify())) + } + v := version.APIVersion[version.Libpod][version.MinimalAPI] - headers.Add("API-Version", + header.Add("API-Version", fmt.Sprintf("%d.%d.%d", v.Major, v.Minor, v.Patch)) - response, err := conn.DoRequest(ctx, reader, http.MethodPost, "/manifests/%s/add", nil, headers, name) + + response, err := conn.DoRequest(ctx, reader, http.MethodPost, "/manifests/%s/add", params, header, name) if err != nil { return "", err } @@ -159,6 +181,14 @@ func Push(ctx context.Context, name, destination string, options *images.PushOpt return "", err } + header, err := auth.MakeXRegistryAuthHeader(&imageTypes.SystemContext{AuthFilePath: options.GetAuthfile()}, options.GetUsername(), options.GetPassword()) + if err != nil { + return "", err + } + v := version.APIVersion[version.Libpod][version.MinimalAPI] + header.Add("API-Version", + fmt.Sprintf("%d.%d.%d", v.Major, v.Minor, v.Patch)) + params, err := options.ToParams() if err != nil { return "", err @@ -172,18 +202,18 @@ func Push(ctx context.Context, name, destination string, options *images.PushOpt var response *bindings.APIResponse if bindings.ServiceVersion(ctx).GTE(semver.MustParse("4.0.0")) { - response, err = conn.DoRequest(ctx, nil, http.MethodPost, "/manifests/%s/registry/%s", params, nil, name, destination) + response, err = conn.DoRequest(ctx, nil, http.MethodPost, "/manifests/%s/registry/%s", params, header, name, destination) } else { params.Set("image", name) params.Set("destination", destination) - response, err = conn.DoRequest(ctx, nil, http.MethodPost, "/manifests/%s/push", params, nil, name) + response, err = conn.DoRequest(ctx, nil, http.MethodPost, "/manifests/%s/push", params, header, name) } if err != nil { return "", err } defer response.Body.Close() - return idr.ID, err + return idr.ID, response.Process(&idr) } // Modify modifies the given manifest list using options and the optional list of images @@ -203,7 +233,23 @@ func Modify(ctx context.Context, name string, images []string, options *ModifyOp } reader := strings.NewReader(opts) - response, err := conn.DoRequest(ctx, reader, http.MethodPut, "/manifests/%s", nil, nil, name) + header, err := auth.MakeXRegistryAuthHeader(&imageTypes.SystemContext{AuthFilePath: options.GetAuthfile()}, options.GetUsername(), options.GetPassword()) + if err != nil { + return "", err + } + + params, err := options.ToParams() + if err != nil { + return "", err + } + // SkipTLSVerify is special. We need to delete the param added by + // ToParams() and change the key and flip the bool + if options.SkipTLSVerify != nil { + params.Del("SkipTLSVerify") + params.Set("tlsVerify", strconv.FormatBool(!options.GetSkipTLSVerify())) + } + + response, err := conn.DoRequest(ctx, reader, http.MethodPut, "/manifests/%s", params, header, name) if err != nil { return "", err } diff --git a/pkg/bindings/manifests/types.go b/pkg/bindings/manifests/types.go index 5ff28ee30..d0b0b2e71 100644 --- a/pkg/bindings/manifests/types.go +++ b/pkg/bindings/manifests/types.go @@ -20,14 +20,18 @@ type ExistsOptions struct { //go:generate go run ../generator/generator.go AddOptions // AddOptions are optional options for adding manifest lists type AddOptions struct { - All *bool - Annotation map[string]string - Arch *string - Features []string - Images []string - OS *string - OSVersion *string - Variant *string + All *bool + Annotation map[string]string + Arch *string + Features []string + Images []string + OS *string + OSVersion *string + Variant *string + Authfile *string + Password *string + Username *string + SkipTLSVerify *bool } //go:generate go run ../generator/generator.go RemoveOptions @@ -40,15 +44,18 @@ type RemoveOptions struct { type ModifyOptions struct { // Operation values are "update", "remove" and "annotate". This allows the service to // efficiently perform each update on a manifest list. - Operation *string - All *bool // All when true, operate on all images in a manifest list that may be included in Images - Annotations map[string]string // Annotations to add to manifest list - Arch *string // Arch overrides the architecture for the image - Features []string // Feature list for the image - Images []string // Images is an optional list of images to add/remove to/from manifest list depending on operation - OS *string // OS overrides the operating system for the image - OSFeatures []string // OS features for the image - OSVersion *string // OSVersion overrides the operating system for the image - Variant *string // Variant overrides the operating system variant for the image - + Operation *string + All *bool // All when true, operate on all images in a manifest list that may be included in Images + Annotations map[string]string // Annotations to add to manifest list + Arch *string // Arch overrides the architecture for the image + Features []string // Feature list for the image + Images []string // Images is an optional list of images to add/remove to/from manifest list depending on operation + OS *string // OS overrides the operating system for the image + OSFeatures []string // OS features for the image + OSVersion *string // OSVersion overrides the operating system for the image + Variant *string // Variant overrides the operating system variant for the image + Authfile *string + Password *string + Username *string + SkipTLSVerify *bool } diff --git a/pkg/bindings/manifests/types_add_options.go b/pkg/bindings/manifests/types_add_options.go index 0696a69b6..5ba1cc5fa 100644 --- a/pkg/bindings/manifests/types_add_options.go +++ b/pkg/bindings/manifests/types_add_options.go @@ -136,3 +136,63 @@ func (o *AddOptions) GetVariant() string { } return *o.Variant } + +// WithAuthfile set field Authfile to given value +func (o *AddOptions) WithAuthfile(value string) *AddOptions { + o.Authfile = &value + return o +} + +// GetAuthfile returns value of field Authfile +func (o *AddOptions) GetAuthfile() string { + if o.Authfile == nil { + var z string + return z + } + return *o.Authfile +} + +// WithPassword set field Password to given value +func (o *AddOptions) WithPassword(value string) *AddOptions { + o.Password = &value + return o +} + +// GetPassword returns value of field Password +func (o *AddOptions) GetPassword() string { + if o.Password == nil { + var z string + return z + } + return *o.Password +} + +// WithUsername set field Username to given value +func (o *AddOptions) WithUsername(value string) *AddOptions { + o.Username = &value + return o +} + +// GetUsername returns value of field Username +func (o *AddOptions) GetUsername() string { + if o.Username == nil { + var z string + return z + } + return *o.Username +} + +// WithSkipTLSVerify set field SkipTLSVerify to given value +func (o *AddOptions) WithSkipTLSVerify(value bool) *AddOptions { + o.SkipTLSVerify = &value + return o +} + +// GetSkipTLSVerify returns value of field SkipTLSVerify +func (o *AddOptions) GetSkipTLSVerify() bool { + if o.SkipTLSVerify == nil { + var z bool + return z + } + return *o.SkipTLSVerify +} diff --git a/pkg/bindings/manifests/types_modify_options.go b/pkg/bindings/manifests/types_modify_options.go index 6d75c1e5f..9d2ed2613 100644 --- a/pkg/bindings/manifests/types_modify_options.go +++ b/pkg/bindings/manifests/types_modify_options.go @@ -166,3 +166,63 @@ func (o *ModifyOptions) GetVariant() string { } return *o.Variant } + +// WithAuthfile set field Authfile to given value +func (o *ModifyOptions) WithAuthfile(value string) *ModifyOptions { + o.Authfile = &value + return o +} + +// GetAuthfile returns value of field Authfile +func (o *ModifyOptions) GetAuthfile() string { + if o.Authfile == nil { + var z string + return z + } + return *o.Authfile +} + +// WithPassword set field Password to given value +func (o *ModifyOptions) WithPassword(value string) *ModifyOptions { + o.Password = &value + return o +} + +// GetPassword returns value of field Password +func (o *ModifyOptions) GetPassword() string { + if o.Password == nil { + var z string + return z + } + return *o.Password +} + +// WithUsername set field Username to given value +func (o *ModifyOptions) WithUsername(value string) *ModifyOptions { + o.Username = &value + return o +} + +// GetUsername returns value of field Username +func (o *ModifyOptions) GetUsername() string { + if o.Username == nil { + var z string + return z + } + return *o.Username +} + +// WithSkipTLSVerify set field SkipTLSVerify to given value +func (o *ModifyOptions) WithSkipTLSVerify(value bool) *ModifyOptions { + o.SkipTLSVerify = &value + return o +} + +// GetSkipTLSVerify returns value of field SkipTLSVerify +func (o *ModifyOptions) GetSkipTLSVerify() bool { + if o.SkipTLSVerify == nil { + var z bool + return z + } + return *o.SkipTLSVerify +} diff --git a/pkg/domain/infra/abi/images_test.go b/pkg/domain/infra/abi/images_test.go index e38b9390d..311ab3ed7 100644 --- a/pkg/domain/infra/abi/images_test.go +++ b/pkg/domain/infra/abi/images_test.go @@ -48,7 +48,7 @@ func TestToDomainHistoryLayer(t *testing.T) { // r := DirectImageRuntime{m} // err := r.Delete(context.TODO(), actual, "fedora") // if err != nil { -// t.Errorf("error should be nil, got: %v", err) +// t.Errorf("should be nil, got: %v", err) // } // m.AssertExpectations(t) // } diff --git a/pkg/domain/infra/tunnel/manifest.go b/pkg/domain/infra/tunnel/manifest.go index d2efed8d3..9ac3fdb83 100644 --- a/pkg/domain/infra/tunnel/manifest.go +++ b/pkg/domain/infra/tunnel/manifest.go @@ -50,6 +50,7 @@ func (ir *ImageEngine) ManifestInspect(_ context.Context, name string) ([]byte, func (ir *ImageEngine) ManifestAdd(_ context.Context, name string, imageNames []string, opts entities.ManifestAddOptions) (string, error) { options := new(manifests.AddOptions).WithAll(opts.All).WithArch(opts.Arch).WithVariant(opts.Variant) options.WithFeatures(opts.Features).WithImages(imageNames).WithOS(opts.OS).WithOSVersion(opts.OSVersion) + options.WithUsername(opts.Username).WithPassword(opts.Password).WithAuthfile(opts.Authfile) if len(opts.Annotation) != 0 { annotations := make(map[string]string) for _, annotationSpec := range opts.Annotation { @@ -61,6 +62,13 @@ func (ir *ImageEngine) ManifestAdd(_ context.Context, name string, imageNames [] } options.WithAnnotation(annotations) } + if s := opts.SkipTLSVerify; s != types.OptionalBoolUndefined { + if s == types.OptionalBoolTrue { + options.WithSkipTLSVerify(true) + } else { + options.WithSkipTLSVerify(false) + } + } id, err := manifests.Add(ir.ClientCtx, name, options) if err != nil { diff --git a/pkg/k8s.io/api/core/v1/types.go b/pkg/k8s.io/api/core/v1/types.go index 833814bc6..a488e5f28 100644 --- a/pkg/k8s.io/api/core/v1/types.go +++ b/pkg/k8s.io/api/core/v1/types.go @@ -2024,7 +2024,7 @@ type TopologySpreadConstraint struct { // but giving higher precedence to topologies that would help reduce the // skew. // A constraint is considered "Unsatisfiable" for an incoming pod - // if and only if every possible node assigment for that pod would violate + // if and only if every possible node assignment for that pod would violate // "MaxSkew" on some topology. // For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same // labelSelector spread as 3/1/1: diff --git a/pkg/machine/pull.go b/pkg/machine/pull.go index 26abedfcd..7e6f01bad 100644 --- a/pkg/machine/pull.go +++ b/pkg/machine/pull.go @@ -129,7 +129,7 @@ func DownloadVMImage(downloadURL *url2.URL, localImagePath string) error { }() if resp.StatusCode != http.StatusOK { - return fmt.Errorf("error downloading VM image %s: %s", downloadURL, resp.Status) + return fmt.Errorf("downloading VM image %s: %s", downloadURL, resp.Status) } size := resp.ContentLength urlSplit := strings.Split(downloadURL.Path, "/") diff --git a/pkg/machine/qemu/machine.go b/pkg/machine/qemu/machine.go index 287b93612..ffc90b2a0 100644 --- a/pkg/machine/qemu/machine.go +++ b/pkg/machine/qemu/machine.go @@ -317,7 +317,7 @@ func (v *MachineVM) Init(opts machine.InitOptions) (bool, error) { resize.Stdout = os.Stdout resize.Stderr = os.Stderr if err := resize.Run(); err != nil { - return false, errors.Errorf("error resizing image: %q", err) + return false, errors.Errorf("resizing image: %q", err) } } // If the user provides an ignition file, we need to @@ -1078,7 +1078,7 @@ func (v *MachineVM) isIncompatible() bool { func (v *MachineVM) getForwardSocketPath() (string, error) { path, err := machine.GetDataDir(v.Name) if err != nil { - logrus.Errorf("Error resolving data dir: %s", err.Error()) + logrus.Errorf("Resolving data dir: %s", err.Error()) return "", nil } return filepath.Join(path, "podman.sock"), nil diff --git a/pkg/namespaces/namespaces.go b/pkg/namespaces/namespaces.go index a7736aee0..a264a5a0f 100644 --- a/pkg/namespaces/namespaces.go +++ b/pkg/namespaces/namespaces.go @@ -254,7 +254,7 @@ func (n IpcMode) IsHost() bool { return n == hostType } -// IsShareable indicates whether the container's ipc namespace can be shared with another container. +// IsShareable indicates whether the container uses its own shareable ipc namespace which can be shared. func (n IpcMode) IsShareable() bool { return n == shareableType } diff --git a/pkg/rootless/rootless.go b/pkg/rootless/rootless.go index 13f8078e2..d7143f549 100644 --- a/pkg/rootless/rootless.go +++ b/pkg/rootless/rootless.go @@ -35,7 +35,7 @@ func TryJoinPauseProcess(pausePidPath string) (bool, int, error) { if os.IsNotExist(err) { return false, -1, nil } - return false, -1, fmt.Errorf("error acquiring lock on %s: %w", pausePidPath, err) + return false, -1, fmt.Errorf("acquiring lock on %s: %w", pausePidPath, err) } pidFileLock.Lock() diff --git a/pkg/rootless/rootless_linux.go b/pkg/rootless/rootless_linux.go index 786e28093..cff6de5a3 100644 --- a/pkg/rootless/rootless_linux.go +++ b/pkg/rootless/rootless_linux.go @@ -146,7 +146,7 @@ func tryMappingTool(uid bool, pid int, hostID int, mappings []idtools.IDMap) err } if output, err := cmd.CombinedOutput(); err != nil { - logrus.Errorf("error running `%s`: %s", strings.Join(args, " "), output) + logrus.Errorf("running `%s`: %s", strings.Join(args, " "), output) return errors.Wrapf(err, "cannot setup namespace using %q", path) } return nil @@ -174,7 +174,7 @@ func joinUserAndMountNS(pid uint, pausePid string) (bool, int, error) { ret := C.reexec_in_user_namespace_wait(pidC, 0) if ret < 0 { - return false, -1, errors.New("error waiting for the re-exec process") + return false, -1, errors.New("waiting for the re-exec process") } return true, int(ret), nil @@ -374,7 +374,7 @@ func becomeRootInUserNS(pausePid, fileToRead string, fileOutput *os.File) (_ boo if fileOutput != nil { ret := C.reexec_in_user_namespace_wait(pidC, 0) if ret < 0 { - return false, -1, errors.New("error waiting for the re-exec process") + return false, -1, errors.New("waiting for the re-exec process") } return true, 0, nil @@ -391,11 +391,11 @@ func becomeRootInUserNS(pausePid, fileToRead string, fileOutput *os.File) (_ boo return joinUserAndMountNS(uint(pid), "") } } - return false, -1, errors.New("error setting up the process") + return false, -1, errors.New("setting up the process") } if b[0] != '0' { - return false, -1, errors.New("error setting up the process") + return false, -1, errors.New("setting up the process") } signals := []os.Signal{} @@ -425,7 +425,7 @@ func becomeRootInUserNS(pausePid, fileToRead string, fileOutput *os.File) (_ boo ret := C.reexec_in_user_namespace_wait(pidC, 0) if ret < 0 { - return false, -1, errors.New("error waiting for the re-exec process") + return false, -1, errors.New("waiting for the re-exec process") } return true, int(ret), nil diff --git a/pkg/specgen/container_validate.go b/pkg/specgen/container_validate.go index a279b8a62..e71eafb75 100644 --- a/pkg/specgen/container_validate.go +++ b/pkg/specgen/container_validate.go @@ -76,8 +76,8 @@ func (s *SpecGenerator) Validate() error { s.ContainerStorageConfig.ImageVolumeMode, strings.Join(ImageVolumeModeValues, ",")) } // shmsize conflicts with IPC namespace - if s.ContainerStorageConfig.ShmSize != nil && !s.ContainerStorageConfig.IpcNS.IsPrivate() { - return errors.New("cannot set shmsize when running in the host IPC Namespace") + if s.ContainerStorageConfig.ShmSize != nil && (s.ContainerStorageConfig.IpcNS.IsHost() || s.ContainerStorageConfig.IpcNS.IsNone()) { + return errors.Errorf("cannot set shmsize when running in the %s IPC Namespace", s.ContainerStorageConfig.IpcNS) } // @@ -166,7 +166,7 @@ func (s *SpecGenerator) Validate() error { if err := s.UtsNS.validate(); err != nil { return err } - if err := s.IpcNS.validate(); err != nil { + if err := validateIPCNS(&s.IpcNS); err != nil { return err } if err := s.PidNS.validate(); err != nil { diff --git a/pkg/specgen/generate/container.go b/pkg/specgen/generate/container.go index 0e9d33dd8..118d80e2c 100644 --- a/pkg/specgen/generate/container.go +++ b/pkg/specgen/generate/container.go @@ -337,7 +337,7 @@ func FinishThrottleDevices(s *specgen.SpecGenerator) error { return nil } -// ConfigToSpec takes a completed container config and converts it back into a specgenerator for purposes of cloning an exisiting container +// ConfigToSpec takes a completed container config and converts it back into a specgenerator for purposes of cloning an existing container func ConfigToSpec(rt *libpod.Runtime, specg *specgen.SpecGenerator, containerID string) (*libpod.Container, error) { c, err := rt.LookupContainer(containerID) if err != nil { diff --git a/pkg/specgen/generate/kube/volume.go b/pkg/specgen/generate/kube/volume.go index d57cb5685..987f11569 100644 --- a/pkg/specgen/generate/kube/volume.go +++ b/pkg/specgen/generate/kube/volume.go @@ -76,7 +76,7 @@ func VolumeFromHostPath(hostPath *v1.HostPathVolumeSource) (*KubeVolume, error) return nil, errors.Wrap(err, "error checking HostPathSocket") } if st.Mode()&os.ModeSocket != os.ModeSocket { - return nil, errors.Errorf("error checking HostPathSocket: path %s is not a socket", hostPath.Path) + return nil, errors.Errorf("checking HostPathSocket: path %s is not a socket", hostPath.Path) } case v1.HostPathDirectory: diff --git a/pkg/specgen/generate/namespaces.go b/pkg/specgen/generate/namespaces.go index 3f77cbe76..9ce45aaf0 100644 --- a/pkg/specgen/generate/namespaces.go +++ b/pkg/specgen/generate/namespaces.go @@ -59,7 +59,7 @@ func GetDefaultNamespaceMode(nsType string, cfg *config.Config, pod *libpod.Pod) case "pid": return specgen.ParseNamespace(cfg.Containers.PidNS) case "ipc": - return specgen.ParseNamespace(cfg.Containers.IPCNS) + return specgen.ParseIPCNamespace(cfg.Containers.IPCNS) case "uts": return specgen.ParseNamespace(cfg.Containers.UTSNS) case "user": diff --git a/pkg/specgen/generate/storage.go b/pkg/specgen/generate/storage.go index 6dcc1b7bf..f30fc4671 100644 --- a/pkg/specgen/generate/storage.go +++ b/pkg/specgen/generate/storage.go @@ -292,7 +292,7 @@ func getVolumesFrom(volumesFrom []string, runtime *libpod.Runtime) (map[string]s // and append them in if we can find them. spec := ctr.Spec() if spec == nil { - return nil, nil, errors.Errorf("error retrieving container %s spec for volumes-from", ctr.ID()) + return nil, nil, errors.Errorf("retrieving container %s spec for volumes-from", ctr.ID()) } for _, mnt := range spec.Mounts { if mnt.Type != define.TypeBind { diff --git a/pkg/specgen/namespaces.go b/pkg/specgen/namespaces.go index e672bc65f..4412eff29 100644 --- a/pkg/specgen/namespaces.go +++ b/pkg/specgen/namespaces.go @@ -35,6 +35,10 @@ const ( FromPod NamespaceMode = "pod" // Private indicates the namespace is private Private NamespaceMode = "private" + // Shareable indicates the namespace is shareable + Shareable NamespaceMode = "shareable" + // None indicates the IPC namespace is created without mounting /dev/shm + None NamespaceMode = "none" // NoNetwork indicates no network namespace should // be joined. loopback should still exists. // Only used with the network namespace, invalid otherwise. @@ -77,6 +81,11 @@ func (n *Namespace) IsHost() bool { return n.NSMode == Host } +// IsNone returns a bool if the namespace is set to none +func (n *Namespace) IsNone() bool { + return n.NSMode == None +} + // IsBridge returns a bool if the namespace is a Bridge func (n *Namespace) IsBridge() bool { return n.NSMode == Bridge @@ -158,6 +167,17 @@ func validateNetNS(n *Namespace) error { return nil } +func validateIPCNS(n *Namespace) error { + if n == nil { + return nil + } + switch n.NSMode { + case Shareable, None: + return nil + } + return n.validate() +} + // Validate perform simple validation on the namespace to make sure it is not // invalid from the get-go func (n *Namespace) validate() error { @@ -237,7 +257,7 @@ func ParseCgroupNamespace(ns string) (Namespace, error) { case "private", "": toReturn.NSMode = Private default: - return toReturn, errors.Errorf("unrecognized namespace mode %s passed", ns) + return toReturn, errors.Errorf("unrecognized cgroup namespace mode %s passed", ns) } } else { toReturn.NSMode = Host @@ -245,6 +265,21 @@ func ParseCgroupNamespace(ns string) (Namespace, error) { return toReturn, nil } +// ParseIPCNamespace parses a ipc namespace specification in string +// form. +func ParseIPCNamespace(ns string) (Namespace, error) { + toReturn := Namespace{} + switch { + case ns == "shareable", ns == "": + toReturn.NSMode = Shareable + return toReturn, nil + case ns == "none": + toReturn.NSMode = None + return toReturn, nil + } + return ParseNamespace(ns) +} + // ParseUserNamespace parses a user namespace specification in string // form. func ParseUserNamespace(ns string) (Namespace, error) { diff --git a/pkg/specgenutil/specgen.go b/pkg/specgenutil/specgen.go index 688cc2337..186d3862b 100644 --- a/pkg/specgenutil/specgen.go +++ b/pkg/specgenutil/specgen.go @@ -976,7 +976,7 @@ func parseThrottleIOPsDevices(iopsDevices []string) (map[string]specs.LinuxThrot } func parseSecrets(secrets []string) ([]specgen.Secret, map[string]string, error) { - secretParseError := errors.New("error parsing secret") + secretParseError := errors.New("parsing secret") var mount []specgen.Secret envs := make(map[string]string) for _, val := range secrets { diff --git a/pkg/systemd/generate/pods.go b/pkg/systemd/generate/pods.go index 15b598ae8..cd1486a82 100644 --- a/pkg/systemd/generate/pods.go +++ b/pkg/systemd/generate/pods.go @@ -141,7 +141,7 @@ func PodUnits(pod *libpod.Pod, options entities.GenerateSystemdOptions) (map[str // Error out if the pod has no infra container, which we require to be the // main service. if !pod.HasInfraContainer() { - return nil, errors.Errorf("error generating systemd unit files: Pod %q has no infra container", pod.Name()) + return nil, errors.Errorf("generating systemd unit files: Pod %q has no infra container", pod.Name()) } podInfo, err := generatePodInfo(pod, options) @@ -160,7 +160,7 @@ func PodUnits(pod *libpod.Pod, options entities.GenerateSystemdOptions) (map[str return nil, err } if len(containers) == 0 { - return nil, errors.Errorf("error generating systemd unit files: Pod %q has no containers", pod.Name()) + return nil, errors.Errorf("generating systemd unit files: Pod %q has no containers", pod.Name()) } graph, err := libpod.BuildContainerGraph(containers) if err != nil { diff --git a/pkg/util/utils.go b/pkg/util/utils.go index 1beb3b28e..334a44a88 100644 --- a/pkg/util/utils.go +++ b/pkg/util/utils.go @@ -656,7 +656,7 @@ func CreateCidFile(cidfile string, id string) error { if os.IsExist(err) { return errors.Errorf("container id file exists. Ensure another container is not using it or delete %s", cidfile) } - return errors.Errorf("error opening cidfile %s", cidfile) + return errors.Errorf("opening cidfile %s", cidfile) } if _, err = cidFile.WriteString(id); err != nil { logrus.Error(err) diff --git a/test/buildah-bud/apply-podman-deltas b/test/buildah-bud/apply-podman-deltas index 26d7fc075..cb8357e89 100755 --- a/test/buildah-bud/apply-podman-deltas +++ b/test/buildah-bud/apply-podman-deltas @@ -143,7 +143,7 @@ skip "N/A under podman" \ # TODO # Some of the podman tests in CI expects exit code 125, which might not be true # since exit code from runtime is relayed as it is without any modification both -# in `buildah` and `podman`. Following behviour is seen when PR https://github.com/containers/buildah/pull/3809 +# in `buildah` and `podman`. Following behaviour is seen when PR https://github.com/containers/buildah/pull/3809 # added a test here https://github.com/containers/buildah/blob/main/tests/bud.bats#L3183 # which relays exit code from runtime as it is, in case of both `podman` and `buildah`. # However apart from this test case no other test case was able to trigger this behavior diff --git a/test/e2e/manifest_test.go b/test/e2e/manifest_test.go index eaa9cdae6..6e029d3a4 100644 --- a/test/e2e/manifest_test.go +++ b/test/e2e/manifest_test.go @@ -5,6 +5,7 @@ import ( "path/filepath" "strings" + podmanRegistry "github.com/containers/podman/v4/hack/podman-registry-go" . "github.com/containers/podman/v4/test/utils" . "github.com/onsi/ginkgo" . "github.com/onsi/gomega" @@ -272,6 +273,42 @@ var _ = Describe("Podman manifest", func() { )) }) + It("authenticated push", func() { + registry, err := podmanRegistry.Start() + Expect(err).To(BeNil()) + + session := podmanTest.Podman([]string{"manifest", "create", "foo"}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + + session = podmanTest.Podman([]string{"pull", ALPINE}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + + session = podmanTest.Podman([]string{"tag", ALPINE, "localhost:" + registry.Port + "/alpine:latest"}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + + push := podmanTest.Podman([]string{"push", "--tls-verify=false", "--creds=" + registry.User + ":" + registry.Password, "--format=v2s2", "localhost:" + registry.Port + "/alpine:latest"}) + push.WaitWithDefaultTimeout() + Expect(push).Should(Exit(0)) + + session = podmanTest.Podman([]string{"manifest", "add", "--tls-verify=false", "--creds=" + registry.User + ":" + registry.Password, "foo", "localhost:" + registry.Port + "/alpine:latest"}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + + push = podmanTest.Podman([]string{"manifest", "push", "--tls-verify=false", "--creds=" + registry.User + ":" + registry.Password, "foo", "localhost:" + registry.Port + "/credstest"}) + push.WaitWithDefaultTimeout() + Expect(push).Should(Exit(0)) + + push = podmanTest.Podman([]string{"manifest", "push", "--tls-verify=false", "--creds=podmantest:wrongpasswd", "foo", "localhost:" + registry.Port + "/credstest"}) + push.WaitWithDefaultTimeout() + Expect(push).To(ExitWithError()) + + err = registry.Stop() + Expect(err).To(BeNil()) + }) + It("push --rm", func() { SkipIfRemote("remote does not support --rm") session := podmanTest.Podman([]string{"manifest", "create", "foo"}) diff --git a/test/e2e/run_networking_test.go b/test/e2e/run_networking_test.go index 2202cadd8..faf4db753 100644 --- a/test/e2e/run_networking_test.go +++ b/test/e2e/run_networking_test.go @@ -766,7 +766,7 @@ EXPOSE 2004-2005/tcp`, ALPINE) } - It("podman run newtork inspect fails gracefully on non-reachable network ns", func() { + It("podman run network inspect fails gracefully on non-reachable network ns", func() { SkipIfRootless("ip netns is not supported for rootless users") networkNSName := RandomString(12) diff --git a/test/e2e/run_test.go b/test/e2e/run_test.go index 81dcc4342..1a93296b7 100644 --- a/test/e2e/run_test.go +++ b/test/e2e/run_test.go @@ -1537,7 +1537,7 @@ USER mail`, BB) session := podmanTest.Podman([]string{"run", "--tz", badTZFile, "--rm", ALPINE, "date"}) session.WaitWithDefaultTimeout() Expect(session).To(ExitWithError()) - Expect(session.ErrorToString()).To(ContainSubstring("error finding timezone for container")) + Expect(session.ErrorToString()).To(ContainSubstring("finding timezone for container")) err = os.Remove(tzFile) Expect(err).To(BeNil()) diff --git a/test/system/005-info.bats b/test/system/005-info.bats index 0f7e8b2e4..1d84ede9b 100644 --- a/test/system/005-info.bats +++ b/test/system/005-info.bats @@ -89,7 +89,7 @@ host.slirp4netns.executable | $expr_path } @test "podman info netavark " { - # Confirm netavark in use when explicitely required by execution environment. + # Confirm netavark in use when explicitly required by execution environment. if [[ "$NETWORK_BACKEND" == "netavark" ]]; then if ! is_netavark; then # Assume is_netavark() will provide debugging feedback. diff --git a/test/system/500-networking.bats b/test/system/500-networking.bats index 4b1a22981..a95561635 100644 --- a/test/system/500-networking.bats +++ b/test/system/500-networking.bats @@ -614,7 +614,7 @@ EOF " CONTAINERS_CONF=$containersconf run_podman run --rm $IMAGE cat /etc/resolv.conf - is "$output" "search example.com$nl.*" "correct seach domain" + is "$output" "search example.com$nl.*" "correct search domain" is "$output" ".*nameserver 1.1.1.1${nl}nameserver $searchIP${nl}nameserver 1.0.0.1${nl}nameserver 8.8.8.8" "nameserver order is correct" # create network with dns @@ -623,12 +623,12 @@ EOF run_podman network create --subnet "$subnet.0/24" $netname # custom server overwrites the network dns server CONTAINERS_CONF=$containersconf run_podman run --network $netname --rm $IMAGE cat /etc/resolv.conf - is "$output" "search example.com$nl.*" "correct seach domain" + is "$output" "search example.com$nl.*" "correct search domain" is "$output" ".*nameserver 1.1.1.1${nl}nameserver $searchIP${nl}nameserver 1.0.0.1${nl}nameserver 8.8.8.8" "nameserver order is correct" # we should use the integrated dns server run_podman run --network $netname --rm $IMAGE cat /etc/resolv.conf - is "$output" "search dns.podman.*" "correct seach domain" + is "$output" "search dns.podman.*" "correct search domain" is "$output" ".*nameserver $subnet.1.*" "integrated dns nameserver is set" } diff --git a/vendor/github.com/containers/common/libimage/filters.go b/vendor/github.com/containers/common/libimage/filters.go index 063f07149..f9f73f527 100644 --- a/vendor/github.com/containers/common/libimage/filters.go +++ b/vendor/github.com/containers/common/libimage/filters.go @@ -95,9 +95,15 @@ func (r *Runtime) compileImageFilters(ctx context.Context, options *ListImagesOp for _, f := range options.Filters { var key, value string var filter filterFunc - split := strings.SplitN(f, "=", 2) - if len(split) != 2 { - return nil, errors.Errorf("invalid image filter %q: must be in the format %q", f, "filter=value") + negate := false + split := strings.SplitN(f, "!=", 2) + if len(split) == 2 { + negate = true + } else { + split = strings.SplitN(f, "=", 2) + if len(split) != 2 { + return nil, errors.Errorf("invalid image filter %q: must be in the format %q", f, "filter=value or filter!=value") + } } key = split[0] @@ -182,12 +188,22 @@ func (r *Runtime) compileImageFilters(ctx context.Context, options *ListImagesOp default: return nil, errors.Errorf("unsupported image filter %q", key) } + if negate { + filter = negateFilter(filter) + } filters[key] = append(filters[key], filter) } return filters, nil } +func negateFilter(f filterFunc) filterFunc { + return func(img *Image) (bool, error) { + b, err := f(img) + return !b, err + } +} + func (r *Runtime) containers(duplicate map[string]string, key, value string, externalFunc IsExternalContainerFunc) error { if exists, ok := duplicate[key]; ok && exists != value { return errors.Errorf("specifying %q filter more than once with different values is not supported", key) diff --git a/vendor/github.com/containers/common/pkg/config/containers.conf b/vendor/github.com/containers/common/pkg/config/containers.conf index 1db2d704a..48ea8263b 100644 --- a/vendor/github.com/containers/common/pkg/config/containers.conf +++ b/vendor/github.com/containers/common/pkg/config/containers.conf @@ -133,10 +133,12 @@ default_sysctls = [ # Default way to to create an IPC namespace (POSIX SysV IPC) for the container # Options are: -# `private` Create private IPC Namespace for the container. -# `host` Share host IPC Namespace with the container. +# "host" Share host IPC Namespace with the container. +# "none" Create shareable IPC Namespace for the container without a private /dev/shm. +# "private" Create private IPC Namespace for the container, other containers are not allowed to share it. +# "shareable" Create shareable IPC Namespace for the container. # -#ipcns = "private" +#ipcns = "shareable" # keyring tells the container engine whether to create # a kernel keyring for use within the container. diff --git a/vendor/github.com/containers/common/pkg/config/default.go b/vendor/github.com/containers/common/pkg/config/default.go index 3255cff9d..14858e967 100644 --- a/vendor/github.com/containers/common/pkg/config/default.go +++ b/vendor/github.com/containers/common/pkg/config/default.go @@ -205,7 +205,7 @@ func DefaultConfig() (*Config, error) { HTTPProxy: true, Init: false, InitPath: "", - IPCNS: "private", + IPCNS: "shareable", LogDriver: defaultLogDriver(), LogSizeMax: DefaultLogSizeMax, NetNS: "private", diff --git a/vendor/github.com/containers/common/pkg/seccomp/default_linux.go b/vendor/github.com/containers/common/pkg/seccomp/default_linux.go index fbf10ca31..3712afc71 100644 --- a/vendor/github.com/containers/common/pkg/seccomp/default_linux.go +++ b/vendor/github.com/containers/common/pkg/seccomp/default_linux.go @@ -169,6 +169,7 @@ func DefaultProfile() *Seccomp { "futex", "futex_time64", "futimesat", + "get_mempolicy", "get_robust_list", "get_thread_area", "getcpu", @@ -184,7 +185,6 @@ func DefaultProfile() *Seccomp { "getgroups", "getgroups32", "getitimer", - "get_mempolicy", "getpeername", "getpgid", "getpgrp", @@ -274,9 +274,9 @@ func DefaultProfile() *Seccomp { "nanosleep", "newfstatat", "open", + "open_tree", "openat", "openat2", - "open_tree", "pause", "pidfd_getfd", "pidfd_open", @@ -296,8 +296,11 @@ func DefaultProfile() *Seccomp { "preadv2", "prlimit64", "process_mrelease", + "process_vm_readv", + "process_vm_writev", "pselect6", "pselect6_time64", + "ptrace", "pwrite64", "pwritev", "pwritev2", @@ -356,7 +359,6 @@ func DefaultProfile() *Seccomp { "sendmmsg", "sendmsg", "sendto", - "setns", "set_mempolicy", "set_robust_list", "set_thread_area", @@ -370,6 +372,7 @@ func DefaultProfile() *Seccomp { "setgroups", "setgroups32", "setitimer", + "setns", "setpgid", "setpriority", "setregid", @@ -527,10 +530,10 @@ func DefaultProfile() *Seccomp { Names: []string{ "arm_fadvise64_64", "arm_sync_file_range", - "sync_file_range2", "breakpoint", "cacheflush", "set_tls", + "sync_file_range2", }, Action: ActAllow, Args: []*Arg{}, @@ -653,8 +656,8 @@ func DefaultProfile() *Seccomp { { Names: []string{ "delete_module", - "init_module", "finit_module", + "init_module", "query_module", }, Action: ActAllow, @@ -666,8 +669,8 @@ func DefaultProfile() *Seccomp { { Names: []string{ "delete_module", - "init_module", "finit_module", + "init_module", "query_module", }, Action: ActErrno, @@ -704,9 +707,6 @@ func DefaultProfile() *Seccomp { Names: []string{ "kcmp", "process_madvise", - "process_vm_readv", - "process_vm_writev", - "ptrace", }, Action: ActAllow, Args: []*Arg{}, @@ -718,9 +718,6 @@ func DefaultProfile() *Seccomp { Names: []string{ "kcmp", "process_madvise", - "process_vm_readv", - "process_vm_writev", - "ptrace", }, Action: ActErrno, Errno: "EPERM", @@ -732,8 +729,8 @@ func DefaultProfile() *Seccomp { }, { Names: []string{ - "iopl", "ioperm", + "iopl", }, Action: ActAllow, Args: []*Arg{}, @@ -743,8 +740,8 @@ func DefaultProfile() *Seccomp { }, { Names: []string{ - "iopl", "ioperm", + "iopl", }, Action: ActErrno, Errno: "EPERM", @@ -756,10 +753,10 @@ func DefaultProfile() *Seccomp { }, { Names: []string{ - "settimeofday", - "stime", "clock_settime", "clock_settime64", + "settimeofday", + "stime", }, Action: ActAllow, Args: []*Arg{}, @@ -769,10 +766,10 @@ func DefaultProfile() *Seccomp { }, { Names: []string{ - "settimeofday", - "stime", "clock_settime", "clock_settime64", + "settimeofday", + "stime", }, Action: ActErrno, Errno: "EPERM", diff --git a/vendor/github.com/containers/common/pkg/seccomp/seccomp.json b/vendor/github.com/containers/common/pkg/seccomp/seccomp.json index 793f9bdac..442632e7d 100644 --- a/vendor/github.com/containers/common/pkg/seccomp/seccomp.json +++ b/vendor/github.com/containers/common/pkg/seccomp/seccomp.json @@ -176,6 +176,7 @@ "futex", "futex_time64", "futimesat", + "get_mempolicy", "get_robust_list", "get_thread_area", "getcpu", @@ -191,7 +192,6 @@ "getgroups", "getgroups32", "getitimer", - "get_mempolicy", "getpeername", "getpgid", "getpgrp", @@ -281,9 +281,9 @@ "nanosleep", "newfstatat", "open", + "open_tree", "openat", "openat2", - "open_tree", "pause", "pidfd_getfd", "pidfd_open", @@ -303,8 +303,11 @@ "preadv2", "prlimit64", "process_mrelease", + "process_vm_readv", + "process_vm_writev", "pselect6", "pselect6_time64", + "ptrace", "pwrite64", "pwritev", "pwritev2", @@ -363,7 +366,6 @@ "sendmmsg", "sendmsg", "sendto", - "setns", "set_mempolicy", "set_robust_list", "set_thread_area", @@ -377,6 +379,7 @@ "setgroups", "setgroups32", "setitimer", + "setns", "setpgid", "setpriority", "setregid", @@ -571,10 +574,10 @@ "names": [ "arm_fadvise64_64", "arm_sync_file_range", - "sync_file_range2", "breakpoint", "cacheflush", - "set_tls" + "set_tls", + "sync_file_range2" ], "action": "SCMP_ACT_ALLOW", "args": [], @@ -742,8 +745,8 @@ { "names": [ "delete_module", - "init_module", "finit_module", + "init_module", "query_module" ], "action": "SCMP_ACT_ALLOW", @@ -759,8 +762,8 @@ { "names": [ "delete_module", - "init_module", "finit_module", + "init_module", "query_module" ], "action": "SCMP_ACT_ERRNO", @@ -808,10 +811,7 @@ { "names": [ "kcmp", - "process_madvise", - "process_vm_readv", - "process_vm_writev", - "ptrace" + "process_madvise" ], "action": "SCMP_ACT_ALLOW", "args": [], @@ -826,10 +826,7 @@ { "names": [ "kcmp", - "process_madvise", - "process_vm_readv", - "process_vm_writev", - "ptrace" + "process_madvise" ], "action": "SCMP_ACT_ERRNO", "args": [], @@ -845,8 +842,8 @@ }, { "names": [ - "iopl", - "ioperm" + "ioperm", + "iopl" ], "action": "SCMP_ACT_ALLOW", "args": [], @@ -860,8 +857,8 @@ }, { "names": [ - "iopl", - "ioperm" + "ioperm", + "iopl" ], "action": "SCMP_ACT_ERRNO", "args": [], @@ -877,10 +874,10 @@ }, { "names": [ - "settimeofday", - "stime", "clock_settime", - "clock_settime64" + "clock_settime64", + "settimeofday", + "stime" ], "action": "SCMP_ACT_ALLOW", "args": [], @@ -894,10 +891,10 @@ }, { "names": [ - "settimeofday", - "stime", "clock_settime", - "clock_settime64" + "clock_settime64", + "settimeofday", + "stime" ], "action": "SCMP_ACT_ERRNO", "args": [], diff --git a/vendor/modules.txt b/vendor/modules.txt index 3663d178e..57b4e917f 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -109,7 +109,7 @@ github.com/containers/buildah/pkg/rusage github.com/containers/buildah/pkg/sshagent github.com/containers/buildah/pkg/util github.com/containers/buildah/util -# github.com/containers/common v0.47.5-0.20220318125043-0ededd18a1f9 +# github.com/containers/common v0.47.5-0.20220323125147-7dc6e944d625 ## explicit github.com/containers/common/libimage github.com/containers/common/libimage/manifests @@ -326,7 +326,7 @@ github.com/docker/distribution/registry/client/auth/challenge github.com/docker/distribution/registry/client/transport github.com/docker/distribution/registry/storage/cache github.com/docker/distribution/registry/storage/cache/memory -# github.com/docker/docker v20.10.13+incompatible +# github.com/docker/docker v20.10.14+incompatible ## explicit github.com/docker/docker/api github.com/docker/docker/api/types |