diff options
21 files changed, 112 insertions, 24 deletions
diff --git a/cmd/podman/machine/init.go b/cmd/podman/machine/init.go index ec44a707d..19f31d1a6 100644 --- a/cmd/podman/machine/init.go +++ b/cmd/podman/machine/init.go @@ -3,6 +3,8 @@ package machine import ( + "fmt" + "github.com/containers/common/pkg/completion" "github.com/containers/podman/v3/cmd/podman/registry" "github.com/containers/podman/v3/pkg/machine" @@ -26,6 +28,7 @@ var ( var ( initOpts = machine.InitOptions{} defaultMachineName = "podman-machine-default" + now bool ) func init() { @@ -61,6 +64,12 @@ func init() { ) _ = initCmd.RegisterFlagCompletionFunc(memoryFlagName, completion.AutocompleteNone) + flags.BoolVar( + &now, + "now", false, + "Start machine now", + ) + ImagePathFlagName := "image-path" flags.StringVar(&initOpts.ImagePath, ImagePathFlagName, cfg.Engine.MachineImage, "Path to qcow image") _ = initCmd.RegisterFlagCompletionFunc(ImagePathFlagName, completion.AutocompleteDefault) @@ -91,5 +100,15 @@ func initMachine(cmd *cobra.Command, args []string) error { if err != nil { return err } - return vm.Init(initOpts) + err = vm.Init(initOpts) + if err != nil { + return err + } + if now { + err = vm.Start(initOpts.Name, machine.StartOptions{}) + if err == nil { + fmt.Printf("Machine %q started successfully\n", initOpts.Name) + } + } + return err } diff --git a/docs/source/markdown/podman-machine-init.1.md b/docs/source/markdown/podman-machine-init.1.md index c864a87ef..1236db602 100644 --- a/docs/source/markdown/podman-machine-init.1.md +++ b/docs/source/markdown/podman-machine-init.1.md @@ -47,6 +47,10 @@ Defaults to `testing`. Memory (in MB). +#### **--now** + +Start the virtual machine immediately after it has been initialized. + #### **--help** Print usage statement. diff --git a/docs/source/markdown/podman-rmi.1.md b/docs/source/markdown/podman-rmi.1.md index e34b1964b..4f3ec5541 100644 --- a/docs/source/markdown/podman-rmi.1.md +++ b/docs/source/markdown/podman-rmi.1.md @@ -12,6 +12,8 @@ podman\-rmi - Removes one or more locally stored images Removes one or more locally stored images. Passing an argument _image_ deletes it, along with any of its dangling parent images. A dangling image is an image without a tag and without being referenced by another image. +Note: To delete an image from a remote registry, use the [**skopeo delete**](https://github.com/containers/skopeo/blob/main/docs/skopeo-delete.1.md) command. Some registries do not allow users to delete an image via a CLI remotely. + ## OPTIONS #### **--all**, **-a** @@ -51,7 +53,7 @@ $ podman rmi -a -f **125** The command fails for any other reason ## SEE ALSO -podman(1) +podman(1), skopeo-delete(1) ## HISTORY March 2017, Originally compiled by Dan Walsh <dwalsh@redhat.com> @@ -12,7 +12,7 @@ require ( github.com/containernetworking/cni v0.8.1 github.com/containernetworking/plugins v0.9.1 github.com/containers/buildah v1.23.0 - github.com/containers/common v0.44.1-0.20210914173811-fcaa2e0de285 + github.com/containers/common v0.44.1-0.20210920093543-bf187ada7d0e github.com/containers/conmon v2.0.20+incompatible github.com/containers/image/v5 v5.16.0 github.com/containers/ocicrypt v1.1.2 @@ -246,8 +246,8 @@ github.com/containernetworking/plugins v0.9.1/go.mod h1:xP/idU2ldlzN6m4p5LmGiwRD github.com/containers/buildah v1.23.0 h1:qGIeSNOczUHzvnaaOS29HSMiYAjw6JgIXYksAyvqnLs= github.com/containers/buildah v1.23.0/go.mod h1:K0iMKgy/MffkkgELBXhSXwTy2HTT6hM0X8qruDR1FwU= github.com/containers/common v0.44.0/go.mod h1:7sdP4vmI5Bm6FPFxb3lvAh1Iktb6tiO1MzjUzhxdoGo= -github.com/containers/common v0.44.1-0.20210914173811-fcaa2e0de285 h1:sXBzh8CcqR5cGGY9cM/AUIk58CJKHbyljVtFh8HYyLY= -github.com/containers/common v0.44.1-0.20210914173811-fcaa2e0de285/go.mod h1:7sdP4vmI5Bm6FPFxb3lvAh1Iktb6tiO1MzjUzhxdoGo= +github.com/containers/common v0.44.1-0.20210920093543-bf187ada7d0e h1:p21+CJSeryr0Vb3dottjXRNYTaRND1QSPm36NogQ7cQ= +github.com/containers/common v0.44.1-0.20210920093543-bf187ada7d0e/go.mod h1:zxv7KjdYddSGoWuLUVp6eSb++Ow1zmSMB2jwxuNB4cU= github.com/containers/conmon v2.0.20+incompatible h1:YbCVSFSCqFjjVwHTPINGdMX1F6JXHGTUje2ZYobNrkg= github.com/containers/conmon v2.0.20+incompatible/go.mod h1:hgwZ2mtuDrppv78a/cOBNiCm6O0UMWGx1mu7P00nu5I= github.com/containers/image/v5 v5.16.0 h1:WQcNSzb7+ngS2cfynx0vUwhk+scpgiKlldVcsF8GPbI= @@ -652,8 +652,9 @@ github.com/mitchellh/gox v0.4.0/go.mod h1:Sd9lOJ0+aimLBi73mGofS1ycjY8lL3uZM3JPS4 github.com/mitchellh/iochan v1.0.0/go.mod h1:JwYml1nuB7xOzsp52dPpHFffvOCDupsG0QubkSMEySY= github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= -github.com/mitchellh/mapstructure v1.4.1 h1:CpVNEelQCZBooIPDn+AR3NpivK/TIKU8bDxdASFVQag= github.com/mitchellh/mapstructure v1.4.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= +github.com/mitchellh/mapstructure v1.4.2 h1:6h7AQ0yhTcIsmFmnAwQls75jp2Gzs4iB8W7pjMO+rqo= +github.com/mitchellh/mapstructure v1.4.2/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mitchellh/osext v0.0.0-20151018003038-5e2d6d41470f/go.mod h1:OkQIRizQZAeMln+1tSwduZz7+Af5oFlKirV/MSYes2A= github.com/moby/locker v1.0.1/go.mod h1:S7SDdo5zpBK84bzzVlKr2V0hz+7x9hWbYC/kq7oQppc= github.com/moby/spdystream v0.2.0/go.mod h1:f7i0iNDQJ059oMTcWxx8MA/zKFIuD/lY+0GqbN2Wy8c= diff --git a/pkg/api/handlers/types.go b/pkg/api/handlers/types.go index b82c586ea..fedab3bb3 100644 --- a/pkg/api/handlers/types.go +++ b/pkg/api/handlers/types.go @@ -183,7 +183,8 @@ func ImageToImageSummary(l *libimage.Image) (*entities.ImageSummary, error) { } is := entities.ImageSummary{ - ID: l.ID(), + // docker adds sha256: in front of the ID + ID: "sha256:" + l.ID(), ParentId: imageData.Parent, RepoTags: imageData.RepoTags, RepoDigests: imageData.RepoDigests, diff --git a/pkg/autoupdate/autoupdate.go b/pkg/autoupdate/autoupdate.go index 894178bb9..29c234ce9 100644 --- a/pkg/autoupdate/autoupdate.go +++ b/pkg/autoupdate/autoupdate.go @@ -404,7 +404,8 @@ func newerRemoteImageAvailable(ctx context.Context, runtime *libpod.Runtime, img if err != nil { return false, err } - return img.HasDifferentDigest(ctx, remoteRef) + options := &libimage.HasDifferentDigestOptions{AuthFilePath: authfile} + return img.HasDifferentDigest(ctx, remoteRef, options) } // newerLocalImageAvailable returns true if the container and local image have different digests diff --git a/pkg/domain/infra/tunnel/images.go b/pkg/domain/infra/tunnel/images.go index db4e14aba..9a746d68c 100644 --- a/pkg/domain/infra/tunnel/images.go +++ b/pkg/domain/infra/tunnel/images.go @@ -165,6 +165,9 @@ func (ir *ImageEngine) Untag(ctx context.Context, nameOrID string, tags []string if t, ok := ref.(reference.Tagged); ok { tag = t.Tag() } + if t, ok := ref.(reference.Digested); ok { + tag += "@" + t.Digest().String() + } if r, ok := ref.(reference.Named); ok { repo = r.Name() } diff --git a/test/apiv2/python/rest_api/test_v2_0_0_image.py b/test/apiv2/python/rest_api/test_v2_0_0_image.py index bcacaa935..58d03b149 100644 --- a/test/apiv2/python/rest_api/test_v2_0_0_image.py +++ b/test/apiv2/python/rest_api/test_v2_0_0_image.py @@ -32,6 +32,9 @@ class ImageTestCase(APITestCase): for k in required_keys: self.assertIn(k, item) + # Id should be prefixed with sha256: (#11645) + self.assertIn("sha256:",item['Id']) + def test_inspect(self): r = requests.get(self.podman_url + "/v1.40/images/alpine/json") self.assertEqual(r.status_code, 200, r.text) @@ -59,6 +62,8 @@ class ImageTestCase(APITestCase): for item in required_keys: self.assertIn(item, image) _ = parse(image["Created"]) + # Id should be prefixed with sha256: (#11645) + self.assertIn("sha256:",image['Id']) def test_delete(self): r = requests.delete(self.podman_url + "/v1.40/images/alpine?force=true") diff --git a/test/system/001-basic.bats b/test/system/001-basic.bats index 963c89281..888c075b8 100644 --- a/test/system/001-basic.bats +++ b/test/system/001-basic.bats @@ -57,6 +57,9 @@ function setup() { # Now untag the digest reference again. run_podman untag $IMAGE $IMAGE@$digest + + # Make sure the original image is still present (#11557). + run_podman image exists $IMAGE } # PR #7212: allow --remote anywhere before subcommand, not just as 1st flag diff --git a/utils/utils.go b/utils/utils.go index 185ac4865..b08630d2f 100644 --- a/utils/utils.go +++ b/utils/utils.go @@ -12,6 +12,7 @@ import ( "sync" "github.com/containers/podman/v3/libpod/define" + "github.com/containers/podman/v3/pkg/cgroups" "github.com/containers/storage/pkg/archive" "github.com/pkg/errors" "github.com/sirupsen/logrus" @@ -190,7 +191,11 @@ func moveProcessToScope(pidPath, slice, scope string) error { func MovePauseProcessToScope(pausePidPath string) { err := moveProcessToScope(pausePidPath, "user.slice", "podman-pause.scope") if err != nil { - if RunsOnSystemd() { + unified, err := cgroups.IsCgroup2UnifiedMode() + if err != nil { + logrus.Warnf("Failed to detect if running with cgroup unified: %v", err) + } + if RunsOnSystemd() && unified { logrus.Warnf("Failed to add pause process to systemd sandbox cgroup: %v", err) } else { logrus.Debugf("Failed to add pause process to systemd sandbox cgroup: %v", err) diff --git a/utils/utils_supported.go b/utils/utils_supported.go index ebc870d26..1404e3194 100644 --- a/utils/utils_supported.go +++ b/utils/utils_supported.go @@ -47,10 +47,10 @@ func RunUnderSystemdScope(pid int, slice string, unitName string) error { // On errors check if the cgroup already exists, if it does move the process there if props, err := conn.GetUnitTypeProperties(unitName, "Scope"); err == nil { if cgroup, ok := props["ControlGroup"].(string); ok && cgroup != "" { - if err := moveUnderCgroup(cgroup, "", []uint32{uint32(pid)}); err != nil { - return err + if err := moveUnderCgroup(cgroup, "", []uint32{uint32(pid)}); err == nil { + return nil } - return nil + // On errors return the original error message we got from StartTransientUnit. } } return err diff --git a/vendor/github.com/containers/common/libimage/image.go b/vendor/github.com/containers/common/libimage/image.go index ff7d546e9..8456d5280 100644 --- a/vendor/github.com/containers/common/libimage/image.go +++ b/vendor/github.com/containers/common/libimage/image.go @@ -715,10 +715,18 @@ func (i *Image) Size() (int64, error) { return i.runtime.store.ImageSize(i.ID()) } +// HasDifferentDigestOptions allows for customizing the check if another +// (remote) image has a different digest. +type HasDifferentDigestOptions struct { + // containers-auth.json(5) file to use when authenticating against + // container registries. + AuthFilePath string +} + // HasDifferentDigest returns true if the image specified by `remoteRef` has a // different digest than the local one. This check can be useful to check for // updates on remote registries. -func (i *Image) HasDifferentDigest(ctx context.Context, remoteRef types.ImageReference) (bool, error) { +func (i *Image) HasDifferentDigest(ctx context.Context, remoteRef types.ImageReference, options *HasDifferentDigestOptions) (bool, error) { // We need to account for the arch that the image uses. It seems // common on ARM to tweak this option to pull the correct image. See // github.com/containers/podman/issues/6613. @@ -738,6 +746,14 @@ func (i *Image) HasDifferentDigest(ctx context.Context, remoteRef types.ImageRef sys.VariantChoice = inspectInfo.Variant } + if options != nil && options.AuthFilePath != "" { + sys.AuthFilePath = options.AuthFilePath + } + + return i.hasDifferentDigestWithSystemContext(ctx, remoteRef, sys) +} + +func (i *Image) hasDifferentDigestWithSystemContext(ctx context.Context, remoteRef types.ImageReference, sys *types.SystemContext) (bool, error) { remoteImg, err := remoteRef.NewImage(ctx, sys) if err != nil { return false, err diff --git a/vendor/github.com/containers/common/libimage/pull.go b/vendor/github.com/containers/common/libimage/pull.go index 8712a13fd..1c322c37e 100644 --- a/vendor/github.com/containers/common/libimage/pull.go +++ b/vendor/github.com/containers/common/libimage/pull.go @@ -561,7 +561,7 @@ func (r *Runtime) copySingleImageFromRegistry(ctx context.Context, imageName str } if pullPolicy == config.PullPolicyNewer && localImage != nil { - isNewer, err := localImage.HasDifferentDigest(ctx, srcRef) + isNewer, err := localImage.hasDifferentDigestWithSystemContext(ctx, srcRef, c.systemContext) if err != nil { pullErrors = append(pullErrors, err) continue diff --git a/vendor/github.com/containers/common/pkg/config/config.go b/vendor/github.com/containers/common/pkg/config/config.go index b982aa552..c1f63577a 100644 --- a/vendor/github.com/containers/common/pkg/config/config.go +++ b/vendor/github.com/containers/common/pkg/config/config.go @@ -335,7 +335,7 @@ type EngineConfig struct { // ActiveService index to Destinations added v2.0.3 ActiveService string `toml:"active_service,omitempty"` - // Destinations mapped by service Names + // ServiceDestinations mapped by service Names ServiceDestinations map[string]Destination `toml:"service_destinations,omitempty"` // RuntimePath is the path to OCI runtime binary for launching containers. @@ -379,6 +379,10 @@ type EngineConfig struct { // containers/storage. As such this is not exposed via the config file. StateType RuntimeStateStore `toml:"-"` + // ServiceTimeout is the number of seconds to wait without a connection + // before the `podman system service` times out and exits + ServiceTimeout uint `toml:"service_timeout,omitempty"` + // StaticDir is the path to a persistent directory to store container // files. StaticDir string `toml:"static_dir,omitempty"` diff --git a/vendor/github.com/containers/common/pkg/config/containers.conf b/vendor/github.com/containers/common/pkg/config/containers.conf index dc38f8ec6..7c72ec79f 100644 --- a/vendor/github.com/containers/common/pkg/config/containers.conf +++ b/vendor/github.com/containers/common/pkg/config/containers.conf @@ -422,7 +422,7 @@ default_sysctls = [ # Default options to pass to the slirp4netns binary. # For example "allow_host_loopback=true" # -#network_cmd_options = [] +#network_cmd_options = ["enable_ipv6=true",] # Whether to use chroot instead of pivot_root in the runtime # @@ -466,6 +466,11 @@ default_sysctls = [ # container/storage tmp directory will be used. # image_copy_tmp_dir="/var/tmp" +# Number of seconds to wait without a connection +# before the `podman system service` times out and exits +# +#service_timeout = 5 + # Directory for persistent engine files (database, etc) # By default, this will be configured relative to where the containers/storage # stores containers diff --git a/vendor/github.com/containers/common/pkg/config/default.go b/vendor/github.com/containers/common/pkg/config/default.go index 5ce73bd2a..a3fdc9529 100644 --- a/vendor/github.com/containers/common/pkg/config/default.go +++ b/vendor/github.com/containers/common/pkg/config/default.go @@ -257,8 +257,11 @@ func defaultConfigFromMemory() (*EngineConfig, error) { c.ImageBuildFormat = "oci" c.CgroupManager = defaultCgroupManager() + c.ServiceTimeout = uint(5) c.StopTimeout = uint(10) - + c.NetworkCmdOptions = []string{ + "enable_ipv6=true", + } c.Remote = isRemote() c.OCIRuntimes = map[string][]string{ "crun": { diff --git a/vendor/github.com/mitchellh/mapstructure/CHANGELOG.md b/vendor/github.com/mitchellh/mapstructure/CHANGELOG.md index 1955f2878..9fe803a5e 100644 --- a/vendor/github.com/mitchellh/mapstructure/CHANGELOG.md +++ b/vendor/github.com/mitchellh/mapstructure/CHANGELOG.md @@ -1,6 +1,12 @@ -## unreleased +## 1.4.2 -* Fix regression where `*time.Time` value would be set to empty and not be sent +* Custom name matchers to support any sort of casing, formatting, etc. for + field names. [GH-250] +* Fix possible panic in ComposeDecodeHookFunc [GH-251] + +## 1.4.1 + +* Fix regression where `*time.Time` value would be set to empty and not be sent to decode hooks properly [GH-232] ## 1.4.0 diff --git a/vendor/github.com/mitchellh/mapstructure/decode_hooks.go b/vendor/github.com/mitchellh/mapstructure/decode_hooks.go index 92e6f76ff..4d4bbc733 100644 --- a/vendor/github.com/mitchellh/mapstructure/decode_hooks.go +++ b/vendor/github.com/mitchellh/mapstructure/decode_hooks.go @@ -62,7 +62,8 @@ func DecodeHookExec( func ComposeDecodeHookFunc(fs ...DecodeHookFunc) DecodeHookFunc { return func(f reflect.Value, t reflect.Value) (interface{}, error) { var err error - var data interface{} + data := f.Interface() + newFrom := f for _, f1 := range fs { data, err = DecodeHookExec(f1, newFrom, t) diff --git a/vendor/github.com/mitchellh/mapstructure/mapstructure.go b/vendor/github.com/mitchellh/mapstructure/mapstructure.go index 3643901f5..dcee0f2d6 100644 --- a/vendor/github.com/mitchellh/mapstructure/mapstructure.go +++ b/vendor/github.com/mitchellh/mapstructure/mapstructure.go @@ -192,7 +192,7 @@ type DecodeHookFuncType func(reflect.Type, reflect.Type, interface{}) (interface // source and target types. type DecodeHookFuncKind func(reflect.Kind, reflect.Kind, interface{}) (interface{}, error) -// DecodeHookFuncRaw is a DecodeHookFunc which has complete access to both the source and target +// DecodeHookFuncValue is a DecodeHookFunc which has complete access to both the source and target // values. type DecodeHookFuncValue func(from reflect.Value, to reflect.Value) (interface{}, error) @@ -258,6 +258,11 @@ type DecoderConfig struct { // The tag name that mapstructure reads for field names. This // defaults to "mapstructure" TagName string + + // MatchName is the function used to match the map key to the struct + // field name or tag. Defaults to `strings.EqualFold`. This can be used + // to implement case-sensitive tag values, support snake casing, etc. + MatchName func(mapKey, fieldName string) bool } // A Decoder takes a raw interface value and turns it into structured @@ -376,6 +381,10 @@ func NewDecoder(config *DecoderConfig) (*Decoder, error) { config.TagName = "mapstructure" } + if config.MatchName == nil { + config.MatchName = strings.EqualFold + } + result := &Decoder{ config: config, } @@ -1340,7 +1349,7 @@ func (d *Decoder) decodeStructFromMap(name string, dataVal, val reflect.Value) e continue } - if strings.EqualFold(mK, fieldName) { + if d.config.MatchName(mK, fieldName) { rawMapKey = dataValKey rawMapVal = dataVal.MapIndex(dataValKey) break diff --git a/vendor/modules.txt b/vendor/modules.txt index 324487b7c..5e82b9977 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -94,7 +94,7 @@ github.com/containers/buildah/pkg/rusage github.com/containers/buildah/pkg/sshagent github.com/containers/buildah/pkg/util github.com/containers/buildah/util -# github.com/containers/common v0.44.1-0.20210914173811-fcaa2e0de285 +# github.com/containers/common v0.44.1-0.20210920093543-bf187ada7d0e github.com/containers/common/libimage github.com/containers/common/libimage/manifests github.com/containers/common/pkg/apparmor @@ -432,7 +432,7 @@ github.com/matttproud/golang_protobuf_extensions/pbutil github.com/miekg/pkcs11 # github.com/mistifyio/go-zfs v2.1.2-0.20190413222219-f784269be439+incompatible github.com/mistifyio/go-zfs -# github.com/mitchellh/mapstructure v1.4.1 +# github.com/mitchellh/mapstructure v1.4.2 github.com/mitchellh/mapstructure # github.com/moby/sys/mount v0.2.0 github.com/moby/sys/mount |