diff options
| -rw-r--r-- | .golangci.yml | 29 | ||||
| -rw-r--r-- | Makefile | 2 | ||||
| -rw-r--r-- | contrib/spec/podman.spec.in | 23 | ||||
| -rw-r--r-- | dependencies/dependencies.go | 2 | ||||
| -rwxr-xr-x | hack/golangci-lint.sh | 2 | ||||
| -rw-r--r-- | pkg/api/handlers/compat/images_push.go | 41 | ||||
| -rw-r--r-- | pkg/domain/infra/abi/manifest.go | 2 | ||||
| -rw-r--r-- | test/apiv2/12-imagesMore.at | 18 |
8 files changed, 108 insertions, 11 deletions
diff --git a/.golangci.yml b/.golangci.yml index da22b7602..6e46d55cd 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -4,6 +4,7 @@ run: deadline: 5m skip-dirs-use-default: true skip-dirs: + - dependencies - contrib - dependencies - test @@ -17,6 +18,34 @@ linters: enable-all: true disable: # All these break for one reason or another + - nolintlint + - gocognit + - stylecheck + - testpackage + - goerr113 + - exhaustivestruct + - errorlint + - wrapcheck + - paralleltest + - wsl + - godox + - tparallel + - gomnd + - nlreturn + - noctx + - nestif + - predeclared + - thelper + - ifshort + - staticcheck + - forbidigo + - exhaustive + - whitespace + - unparam + - gofumpt + - gci + - godot + - makezero - dupl - funlen - gochecknoglobals @@ -619,7 +619,7 @@ endef .PHONY: .install.golangci-lint .install.golangci-lint: .gopathok - VERSION=1.18.0 GOBIN=$(GOBIN) sh ./hack/install_golangci.sh + VERSION=1.36.0 GOBIN=$(GOBIN) sh ./hack/install_golangci.sh .PHONY: .install.bats .install.bats: .gopathok diff --git a/contrib/spec/podman.spec.in b/contrib/spec/podman.spec.in index db79ebede..662234f71 100644 --- a/contrib/spec/podman.spec.in +++ b/contrib/spec/podman.spec.in @@ -380,6 +380,29 @@ tar zxf %{SOURCE1} %build mkdir _build pushd _build + +# These flags should work for all rpm distros and arches +export CGO_CFLAGS="-O2 -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -ffat-lto-objects -fexceptions -fasynchronous-unwind-tables -fstack-protector-strong -fstack-clash-protection -D_GNU_SOURCE -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE" + +%if 0%{?fedora} || 0%{?rhel} +# This flag is only present on RH-family distros +export CGO_CFLAGS+=" -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1" +%endif + +%ifnarch %{ix86} +# Build fails on i686 with this flag +export CGO_CFLAGS+=" -D_FILE_OFFSET_BITS=64" +%endif + +%ifarch x86_64 +# Builds only on x86_64 with this flag +export CGO_CFLAGS+=" -m64 -mtune=generic" +%if 0%{?fedora} || 0%{?rhel} >= 8 +# Build fails on rhel7 and non-86_64 with this flag +export CGO_CFLAGS+=" -fcf-protection" +%endif +%endif + mkdir -p src/%{provider}.%{provider_tld}/%{project} ln -s ../../../../ src/%{import_path} popd diff --git a/dependencies/dependencies.go b/dependencies/dependencies.go index b03ab149b..b1b0aee08 100644 --- a/dependencies/dependencies.go +++ b/dependencies/dependencies.go @@ -1,3 +1,5 @@ +// +build !linter + package dependencies import ( diff --git a/hack/golangci-lint.sh b/hack/golangci-lint.sh index 5be750129..bcb83a2fd 100755 --- a/hack/golangci-lint.sh +++ b/hack/golangci-lint.sh @@ -5,7 +5,7 @@ set -e declare -A BUILD_TAGS # TODO: add systemd tag -BUILD_TAGS[default]="apparmor,seccomp,selinux" +BUILD_TAGS[default]="apparmor,seccomp,selinux,linter" BUILD_TAGS[abi]="${BUILD_TAGS[default]},!remoteclient" BUILD_TAGS[tunnel]="${BUILD_TAGS[default]},remote,remoteclient" diff --git a/pkg/api/handlers/compat/images_push.go b/pkg/api/handlers/compat/images_push.go index 34b53f34e..77d891546 100644 --- a/pkg/api/handlers/compat/images_push.go +++ b/pkg/api/handlers/compat/images_push.go @@ -1,6 +1,8 @@ package compat import ( + "fmt" + "io/ioutil" "net/http" "strings" @@ -19,6 +21,14 @@ import ( func PushImage(w http.ResponseWriter, r *http.Request) { decoder := r.Context().Value("decoder").(*schema.Decoder) runtime := r.Context().Value("runtime").(*libpod.Runtime) + + digestFile, err := ioutil.TempFile("", "digest.txt") + if err != nil { + utils.Error(w, "unable to create digest tempfile", http.StatusInternalServerError, errors.Wrap(err, "unable to create tempfile")) + return + } + defer digestFile.Close() + // Now use the ABI implementation to prevent us from having duplicate // code. imageEngine := abi.ImageEngine{Libpod: runtime} @@ -65,12 +75,13 @@ func PushImage(w http.ResponseWriter, r *http.Request) { password = authconf.Password } options := entities.ImagePushOptions{ - All: query.All, - Authfile: authfile, - Compress: query.Compress, - Format: query.Format, - Password: password, - Username: username, + All: query.All, + Authfile: authfile, + Compress: query.Compress, + Format: query.Format, + Password: password, + Username: username, + DigestFile: digestFile.Name(), } if _, found := r.URL.Query()["tlsVerify"]; found { options.SkipTLSVerify = types.NewOptionalBool(!query.TLSVerify) @@ -93,5 +104,21 @@ func PushImage(w http.ResponseWriter, r *http.Request) { return } - utils.WriteResponse(w, http.StatusOK, "") + digestBytes, err := ioutil.ReadAll(digestFile) + if err != nil { + utils.Error(w, "Something went wrong.", http.StatusInternalServerError, errors.Wrap(err, "failed to read digest tmp file")) + return + } + + tag := query.Tag + if tag == "" { + tag = "latest" + } + respData := struct { + Status string `json:"status"` + }{ + Status: fmt.Sprintf("%s: digest: %s size: null", tag, string(digestBytes)), + } + + utils.WriteJSON(w, http.StatusOK, &respData) } diff --git a/pkg/domain/infra/abi/manifest.go b/pkg/domain/infra/abi/manifest.go index 626f1f7bf..da7482407 100644 --- a/pkg/domain/infra/abi/manifest.go +++ b/pkg/domain/infra/abi/manifest.go @@ -1,5 +1,3 @@ -// +build !remote - package abi import ( diff --git a/test/apiv2/12-imagesMore.at b/test/apiv2/12-imagesMore.at index fe6a271ce..4f3ddf925 100644 --- a/test/apiv2/12-imagesMore.at +++ b/test/apiv2/12-imagesMore.at @@ -3,6 +3,9 @@ # Tests for more image-related endpoints # +red='\e[31m' +nc='\e[0m' + podman pull -q $IMAGE t GET libpod/images/json 200 \ @@ -26,6 +29,17 @@ t GET libpod/images/$IMAGE/json 200 \ podman run -d --name registry -p 5000:5000 quay.io/libpod/registry:2.6 /entrypoint.sh /etc/docker/registry/config.yml wait_for_port localhost 5000 +# Push to local registry and check output +while read -r LINE +do + if echo "${LINE}" | jq --exit-status 'select( .status != null) | select ( .status | contains("digest: sha256:"))' &>/dev/null; then + GOT_DIGEST="1" + fi +done < <(curl -sL "http://$HOST:$PORT/images/localhost:5000/myrepo/push?tlsVerify=false&tag=mytag" -XPOST) +if [ -z "${GOT_DIGEST}" ] ; then + echo -e "${red}not ok: did not found digest in output${nc}" 1>&2; +fi + # Push to local registry t POST "images/localhost:5000/myrepo/push?tlsVerify=false&tag=mytag" '' 200 @@ -43,3 +57,7 @@ t DELETE libpod/images/$IMAGE 200 \ .ExitCode=0 t DELETE libpod/images/quay.io/libpod/registry:2.6 200 \ .ExitCode=0 + +if [ -z "${GOT_DIGEST}" ] ; then + exit 1; +fi |