diff options
| -rw-r--r-- | docs/source/markdown/podman-create.1.md | 1 | ||||
| -rw-r--r-- | docs/source/markdown/podman-run.1.md | 1 | ||||
| -rw-r--r-- | go.mod | 2 | ||||
| -rw-r--r-- | go.sum | 4 | ||||
| -rw-r--r-- | libpod/container_exec.go | 2 | ||||
| -rw-r--r-- | libpod/container_internal.go | 6 | ||||
| -rw-r--r-- | libpod/define/errors.go | 4 | ||||
| -rw-r--r-- | libpod/image/image.go | 3 | ||||
| -rw-r--r-- | libpod/oci.go | 4 | ||||
| -rw-r--r-- | libpod/oci_conmon_exec_linux.go | 13 | ||||
| -rw-r--r-- | libpod/oci_conmon_linux.go | 13 | ||||
| -rw-r--r-- | libpod/oci_missing.go | 5 | ||||
| -rw-r--r-- | libpod/runtime.go | 113 | ||||
| -rw-r--r-- | libpod/runtime_img.go | 3 | ||||
| -rw-r--r-- | pkg/domain/infra/abi/images.go | 4 | ||||
| -rw-r--r-- | test/e2e/run_apparmor_test.go | 1 | ||||
| -rw-r--r-- | test/system/330-corrupt-images.bats | 134 | ||||
| -rw-r--r-- | vendor/github.com/containers/image/v5/copy/copy.go | 8 | ||||
| -rw-r--r-- | vendor/github.com/containers/image/v5/oci/layout/oci_src.go | 2 | ||||
| -rw-r--r-- | vendor/github.com/containers/image/v5/storage/storage_image.go | 2 | ||||
| -rw-r--r-- | vendor/github.com/containers/image/v5/version/version.go | 2 | ||||
| -rw-r--r-- | vendor/modules.txt | 2 |
22 files changed, 280 insertions, 49 deletions
diff --git a/docs/source/markdown/podman-create.1.md b/docs/source/markdown/podman-create.1.md index 11a2410a8..059a09ae1 100644 --- a/docs/source/markdown/podman-create.1.md +++ b/docs/source/markdown/podman-create.1.md @@ -1014,6 +1014,7 @@ The first mapping step is derived by Podman from the contents of the file _/etc/subuid_ and the UID of the user calling Podman. First mapping step: + | host UID | intermediate UID | | - | - | | UID for the user starting Podman | 0 | diff --git a/docs/source/markdown/podman-run.1.md b/docs/source/markdown/podman-run.1.md index e149c8531..b607a65ff 100644 --- a/docs/source/markdown/podman-run.1.md +++ b/docs/source/markdown/podman-run.1.md @@ -1086,6 +1086,7 @@ The first mapping step is derived by Podman from the contents of the file _/etc/subuid_ and the UID of the user calling Podman. First mapping step: + | host UID | intermediate UID | | - | - | | UID for the user starting Podman | 0 | @@ -13,7 +13,7 @@ require ( github.com/containers/buildah v1.20.1-0.20210402144408-36a37402d0c8 github.com/containers/common v0.36.0 github.com/containers/conmon v2.0.20+incompatible - github.com/containers/image/v5 v5.11.0 + github.com/containers/image/v5 v5.11.1 github.com/containers/ocicrypt v1.1.1 github.com/containers/psgo v1.5.2 github.com/containers/storage v1.29.0 @@ -198,8 +198,8 @@ github.com/containers/common v0.36.0/go.mod h1:rMzxgD7nMGw++cEbsp+NZv0UJO4rgXbm7 github.com/containers/conmon v2.0.20+incompatible h1:YbCVSFSCqFjjVwHTPINGdMX1F6JXHGTUje2ZYobNrkg= github.com/containers/conmon v2.0.20+incompatible/go.mod h1:hgwZ2mtuDrppv78a/cOBNiCm6O0UMWGx1mu7P00nu5I= github.com/containers/image/v5 v5.10.5/go.mod h1:SgIbWEedCNBbn2FI5cH0/jed1Ecy2s8XK5zTxvJTzII= -github.com/containers/image/v5 v5.11.0 h1:SwxGucW1AZ8H/5KH9jW70lo9WyuOrtxafutyQ9RPPLw= -github.com/containers/image/v5 v5.11.0/go.mod h1:dCbUB4w6gmxIEOCsE0tZQppr8iBoXb4Evr74ZKlmwoI= +github.com/containers/image/v5 v5.11.1 h1:mNybUvU6zXUwcMsQaa3n+Idsru5pV+GE7k4oRuPzYi0= +github.com/containers/image/v5 v5.11.1/go.mod h1:HC9lhJ/Nz5v3w/5Co7H431kLlgzlVlOC+auD/er3OqE= github.com/containers/libtrust v0.0.0-20190913040956-14b96171aa3b h1:Q8ePgVfHDplZ7U33NwHZkrVELsZP5fYj9pM5WBZB2GE= github.com/containers/libtrust v0.0.0-20190913040956-14b96171aa3b/go.mod h1:9rfv8iPl1ZP7aqh9YA68wnZv2NUDbXdcdPHVz0pFbPY= github.com/containers/ocicrypt v1.0.1/go.mod h1:MeJDzk1RJHv89LjsH0Sp5KTY3ZYkjXO/C+bKAeWFIrc= diff --git a/libpod/container_exec.go b/libpod/container_exec.go index 8d8ed14aa..c359f1e5d 100644 --- a/libpod/container_exec.go +++ b/libpod/container_exec.go @@ -773,7 +773,7 @@ func (c *Container) cleanupExecBundle(sessionID string) error { return err } - return c.ociRuntime.ExecContainerCleanup(c, sessionID) + return nil } // the path to a containers exec session bundle diff --git a/libpod/container_internal.go b/libpod/container_internal.go index a53027ab2..041fa13e7 100644 --- a/libpod/container_internal.go +++ b/libpod/container_internal.go @@ -685,7 +685,11 @@ func (c *Container) removeIPv4Allocations() error { // This is necessary for restarting containers func (c *Container) removeConmonFiles() error { // Files are allowed to not exist, so ignore ENOENT - attachFile := filepath.Join(c.bundlePath(), "attach") + attachFile, err := c.AttachSocketPath() + if err != nil { + return errors.Wrapf(err, "failed to get attach socket path for container %s", c.ID()) + } + if err := os.Remove(attachFile); err != nil && !os.IsNotExist(err) { return errors.Wrapf(err, "error removing container %s attach file", c.ID()) } diff --git a/libpod/define/errors.go b/libpod/define/errors.go index e19ac6a27..8d943099b 100644 --- a/libpod/define/errors.go +++ b/libpod/define/errors.go @@ -206,4 +206,8 @@ var ( // ErrCanceled indicates that an operation has been cancelled by a user. // Useful for potentially long running tasks. ErrCanceled = errors.New("cancelled by user") + + // ErrConmonVersionFormat is used when the expected versio-format of conmon + // has changed. + ErrConmonVersionFormat = "conmon version changed format" ) diff --git a/libpod/image/image.go b/libpod/image/image.go index 12dc22360..3c9fb3a37 100644 --- a/libpod/image/image.go +++ b/libpod/image/image.go @@ -617,7 +617,8 @@ func (i *Image) TopLayer() string { func (i *Image) Remove(ctx context.Context, force bool) error { parent, err := i.GetParent(ctx) if err != nil { - return err + logrus.Warnf("error determining parent of image: %v, ignoring the error", err) + parent = nil } if _, err := i.imageruntime.store.DeleteImage(i.ID(), true); err != nil { return err diff --git a/libpod/oci.go b/libpod/oci.go index f2053f1b5..1f2c7dd71 100644 --- a/libpod/oci.go +++ b/libpod/oci.go @@ -94,10 +94,6 @@ type OCIRuntime interface { // ExecUpdateStatus checks the status of a given exec session. // Returns true if the session is still running, or false if it exited. ExecUpdateStatus(ctr *Container, sessionID string) (bool, error) - // ExecContainerCleanup cleans up after an exec session exits. - // It removes any files left by the exec session that are no longer - // needed, including the attach socket. - ExecContainerCleanup(ctr *Container, sessionID string) error // CheckpointContainer checkpoints the given container. // Some OCI runtimes may not support this - if SupportsCheckpoint() diff --git a/libpod/oci_conmon_exec_linux.go b/libpod/oci_conmon_exec_linux.go index b43316951..76338b86c 100644 --- a/libpod/oci_conmon_exec_linux.go +++ b/libpod/oci_conmon_exec_linux.go @@ -284,17 +284,6 @@ func (r *ConmonOCIRuntime) ExecUpdateStatus(ctr *Container, sessionID string) (b return true, nil } -// ExecContainerCleanup cleans up files created when a command is run via -// ExecContainer. This includes the attach socket for the exec session. -func (r *ConmonOCIRuntime) ExecContainerCleanup(ctr *Container, sessionID string) error { - // Clean up the sockets dir. Issue #3962 - // Also ignore if it doesn't exist for some reason; hence the conditional return below - if err := os.RemoveAll(filepath.Join(r.socketsDir, sessionID)); err != nil && !os.IsNotExist(err) { - return err - } - return nil -} - // ExecAttachSocketPath is the path to a container's exec session attach socket. func (r *ConmonOCIRuntime) ExecAttachSocketPath(ctr *Container, sessionID string) (string, error) { // We don't even use container, so don't validity check it @@ -302,7 +291,7 @@ func (r *ConmonOCIRuntime) ExecAttachSocketPath(ctr *Container, sessionID string return "", errors.Wrapf(define.ErrInvalidArg, "must provide a valid session ID to get attach socket path") } - return filepath.Join(r.socketsDir, sessionID, "attach"), nil + return filepath.Join(ctr.execBundlePath(sessionID), "attach"), nil } // This contains pipes used by the exec API. diff --git a/libpod/oci_conmon_linux.go b/libpod/oci_conmon_linux.go index dbe91c232..c1acec977 100644 --- a/libpod/oci_conmon_linux.go +++ b/libpod/oci_conmon_linux.go @@ -59,7 +59,6 @@ type ConmonOCIRuntime struct { conmonEnv []string tmpDir string exitsDir string - socketsDir string logSizeMax int64 noPivot bool reservePorts bool @@ -149,7 +148,6 @@ func newConmonOCIRuntime(name string, paths []string, conmonPath string, runtime } runtime.exitsDir = filepath.Join(runtime.tmpDir, "exits") - runtime.socketsDir = filepath.Join(runtime.tmpDir, "socket") // Create the exit files and attach sockets directories if err := os.MkdirAll(runtime.exitsDir, 0750); err != nil { @@ -158,13 +156,6 @@ func newConmonOCIRuntime(name string, paths []string, conmonPath string, runtime return nil, errors.Wrapf(err, "error creating OCI runtime exit files directory") } } - if err := os.MkdirAll(runtime.socketsDir, 0750); err != nil { - // The directory is allowed to exist - if !os.IsExist(err) { - return nil, errors.Wrap(err, "error creating OCI runtime attach sockets directory") - } - } - return runtime, nil } @@ -865,7 +856,7 @@ func (r *ConmonOCIRuntime) AttachSocketPath(ctr *Container) (string, error) { return "", errors.Wrapf(define.ErrInvalidArg, "must provide a valid container to get attach socket path") } - return filepath.Join(r.socketsDir, ctr.ID(), "attach"), nil + return filepath.Join(ctr.bundlePath(), "attach"), nil } // ExitFilePath is the path to a container's exit file. @@ -1240,7 +1231,7 @@ func (r *ConmonOCIRuntime) sharedConmonArgs(ctr *Container, cuuid, bundlePath, p "-p", pidPath, "-n", ctr.Name(), "--exit-dir", exitDir, - "--socket-dir-path", r.socketsDir, + "--full-attach", } if len(r.runtimeFlags) > 0 { rFlags := []string{} diff --git a/libpod/oci_missing.go b/libpod/oci_missing.go index eb8cdebad..10526f368 100644 --- a/libpod/oci_missing.go +++ b/libpod/oci_missing.go @@ -151,11 +151,6 @@ func (r *MissingRuntime) ExecUpdateStatus(ctr *Container, sessionID string) (boo return false, r.printError() } -// ExecContainerCleanup is not available as the runtime is missing -func (r *MissingRuntime) ExecContainerCleanup(ctr *Container, sessionID string) error { - return r.printError() -} - // CheckpointContainer is not available as the runtime is missing func (r *MissingRuntime) CheckpointContainer(ctr *Container, options ContainerCheckpointOptions) error { return r.printError() diff --git a/libpod/runtime.go b/libpod/runtime.go index 98ca2d5a4..dc53d5ef1 100644 --- a/libpod/runtime.go +++ b/libpod/runtime.go @@ -2,10 +2,14 @@ package libpod import ( "bufio" + "bytes" "context" "fmt" "os" + "os/exec" "path/filepath" + "regexp" + "strconv" "strings" "sync" "syscall" @@ -32,6 +36,17 @@ import ( "github.com/sirupsen/logrus" ) +const ( + // conmonMinMajorVersion is the major version required for conmon. + conmonMinMajorVersion = 2 + + // conmonMinMinorVersion is the minor version required for conmon. + conmonMinMinorVersion = 0 + + // conmonMinPatchVersion is the sub-minor version required for conmon. + conmonMinPatchVersion = 24 +) + // A RuntimeOption is a functional option which alters the Runtime created by // NewRuntime type RuntimeOption func(*Runtime) error @@ -260,7 +275,7 @@ func getLockManager(runtime *Runtime) (lock.Manager, error) { // Sets up containers/storage, state store, OCI runtime func makeRuntime(ctx context.Context, runtime *Runtime) (retErr error) { // Find a working conmon binary - cPath, err := runtime.config.FindConmon() + cPath, err := findConmon(runtime.config.Engine.ConmonPath) if err != nil { return err } @@ -532,6 +547,102 @@ func makeRuntime(ctx context.Context, runtime *Runtime) (retErr error) { return nil } +// findConmon iterates over conmonPaths and returns the path +// to the first conmon binary with a new enough version. If none is found, +// we try to do a path lookup of "conmon". +func findConmon(conmonPaths []string) (string, error) { + foundOutdatedConmon := false + for _, path := range conmonPaths { + stat, err := os.Stat(path) + if err != nil { + continue + } + if stat.IsDir() { + continue + } + if err := probeConmon(path); err != nil { + logrus.Warnf("Conmon at %s invalid: %v", path, err) + foundOutdatedConmon = true + continue + } + logrus.Debugf("Using conmon: %q", path) + return path, nil + } + + // Search the $PATH as last fallback + if path, err := exec.LookPath("conmon"); err == nil { + if err := probeConmon(path); err != nil { + logrus.Warnf("Conmon at %s is invalid: %v", path, err) + foundOutdatedConmon = true + } else { + logrus.Debugf("Using conmon from $PATH: %q", path) + return path, nil + } + } + + if foundOutdatedConmon { + return "", errors.Wrapf(define.ErrConmonOutdated, + "please update to v%d.%d.%d or later", + conmonMinMajorVersion, conmonMinMinorVersion, conmonMinPatchVersion) + } + + return "", errors.Wrapf(define.ErrInvalidArg, + "could not find a working conmon binary (configured options: %v)", + conmonPaths) +} + +// probeConmon calls conmon --version and verifies it is a new enough version for +// the runtime expectations the container engine currently has. +func probeConmon(conmonBinary string) error { + cmd := exec.Command(conmonBinary, "--version") + var out bytes.Buffer + cmd.Stdout = &out + err := cmd.Run() + if err != nil { + return err + } + r := regexp.MustCompile(`^conmon version (?P<Major>\d+).(?P<Minor>\d+).(?P<Patch>\d+)`) + + matches := r.FindStringSubmatch(out.String()) + if len(matches) != 4 { + return errors.Wrap(err, define.ErrConmonVersionFormat) + } + major, err := strconv.Atoi(matches[1]) + if err != nil { + return errors.Wrap(err, define.ErrConmonVersionFormat) + } + if major < conmonMinMajorVersion { + return define.ErrConmonOutdated + } + if major > conmonMinMajorVersion { + return nil + } + + minor, err := strconv.Atoi(matches[2]) + if err != nil { + return errors.Wrap(err, define.ErrConmonVersionFormat) + } + if minor < conmonMinMinorVersion { + return define.ErrConmonOutdated + } + if minor > conmonMinMinorVersion { + return nil + } + + patch, err := strconv.Atoi(matches[3]) + if err != nil { + return errors.Wrap(err, define.ErrConmonVersionFormat) + } + if patch < conmonMinPatchVersion { + return define.ErrConmonOutdated + } + if patch > conmonMinPatchVersion { + return nil + } + + return nil +} + // TmpDir gets the current Libpod temporary files directory. func (r *Runtime) TmpDir() (string, error) { if !r.valid { diff --git a/libpod/runtime_img.go b/libpod/runtime_img.go index 3588467a5..2b101c01f 100644 --- a/libpod/runtime_img.go +++ b/libpod/runtime_img.go @@ -66,7 +66,8 @@ func (r *Runtime) RemoveImage(ctx context.Context, img *image.Image, force bool) hasChildren, err := img.IsParent(ctx) if err != nil { - return nil, err + logrus.Warnf("error determining if an image is a parent: %v, ignoring the error", err) + hasChildren = false } if (len(img.Names()) > 1 && !img.InputIsID()) || hasChildren { diff --git a/pkg/domain/infra/abi/images.go b/pkg/domain/infra/abi/images.go index c02eb2bfc..84c7ebecd 100644 --- a/pkg/domain/infra/abi/images.go +++ b/pkg/domain/infra/abi/images.go @@ -620,8 +620,8 @@ func (ir *ImageEngine) Remove(ctx context.Context, images []string, opts entitie for _, img := range storageImages { isParent, err := img.IsParent(ctx) if err != nil { - rmErrors = append(rmErrors, err) - continue + logrus.Warnf("%v, ignoring the error", err) + isParent = false } // Skip parent images. if isParent { diff --git a/test/e2e/run_apparmor_test.go b/test/e2e/run_apparmor_test.go index 63c52451f..1f9b9bc90 100644 --- a/test/e2e/run_apparmor_test.go +++ b/test/e2e/run_apparmor_test.go @@ -14,6 +14,7 @@ import ( . "github.com/onsi/gomega" ) +// wip func skipIfAppArmorEnabled() { if apparmor.IsEnabled() { Skip("Apparmor is enabled") diff --git a/test/system/330-corrupt-images.bats b/test/system/330-corrupt-images.bats new file mode 100644 index 000000000..9836de363 --- /dev/null +++ b/test/system/330-corrupt-images.bats @@ -0,0 +1,134 @@ +#!/usr/bin/env bats -*- bats -*- +# +# All tests in here perform nasty manipulations on image storage. +# + +load helpers + +############################################################################### +# BEGIN setup/teardown + +# Create a scratch directory; this is what we'll use for image store and cache +if [ -z "${PODMAN_CORRUPT_TEST_WORKDIR}" ]; then + export PODMAN_CORRUPT_TEST_WORKDIR=$(mktemp -d --tmpdir=${BATS_TMPDIR:-${TMPDIR:-/tmp}} podman_corrupt_test.XXXXXX) +fi + +PODMAN_CORRUPT_TEST_IMAGE_FQIN=quay.io/libpod/alpine@sha256:634a8f35b5f16dcf4aaa0822adc0b1964bb786fca12f6831de8ddc45e5986a00 +PODMAN_CORRUPT_TEST_IMAGE_ID=961769676411f082461f9ef46626dd7a2d1e2b2a38e6a44364bcbecf51e66dd4 + +# All tests in this file (and ONLY in this file) run with a custom rootdir +function setup() { + skip_if_remote "none of these tests run under podman-remote" + _PODMAN_TEST_OPTS="--root ${PODMAN_CORRUPT_TEST_WORKDIR}/root" +} + +function teardown() { + # No other tests should ever run with this custom rootdir + unset _PODMAN_TEST_OPTS + + is_remote && return + + # Clean up + umount ${PODMAN_CORRUPT_TEST_WORKDIR}/root/overlay || true + if is_rootless; then + run_podman unshare rm -rf ${PODMAN_CORRUPT_TEST_WORKDIR}/root + else + rm -rf ${PODMAN_CORRUPT_TEST_WORKDIR}/root + fi +} + +# END setup/teardown +############################################################################### +# BEGIN primary test helper + +# This is our main action, invoked by every actual test. It: +# - creates a new empty rootdir +# - populates it with our crafted test image +# - removes [ manifest, blob ] +# - confirms that "podman images" throws an error +# - runs the specified command (rmi -a -f, prune, reset, etc) +# - confirms that it succeeds, and also emits expected warnings +function _corrupt_image_test() { + # Run this test twice: once removing manifest, once removing blob + for what_to_rm in manifest blob; do + # I have no idea, but this sometimes remains mounted + umount ${PODMAN_CORRUPT_TEST_WORKDIR}/root/overlay || true + # Start with a fresh storage root, load prefetched image into it. + /bin/rm -rf ${PODMAN_CORRUPT_TEST_WORKDIR}/root + mkdir -p ${PODMAN_CORRUPT_TEST_WORKDIR}/root + run_podman load -i ${PODMAN_CORRUPT_TEST_WORKDIR}/img.tar + # "podman load" restores it without a tag, which (a) causes rmi-by-name + # to fail, and (b) causes "podman images" to exit 0 instead of 125 + run_podman tag ${PODMAN_CORRUPT_TEST_IMAGE_ID} ${PODMAN_CORRUPT_TEST_IMAGE_FQIN} + + # shortcut variable name + local id=${PODMAN_CORRUPT_TEST_IMAGE_ID} + + case "$what_to_rm" in + manifest) rm_path=manifest ;; + blob) rm_path="=$(echo -n "sha256:$id" | base64 -w0)" ;; + *) die "Internal error: unknown action '$what_to_rm'" ;; + esac + + # Corruptify, and confirm that 'podman images' throws an error + rm -v ${PODMAN_CORRUPT_TEST_WORKDIR}/root/*-images/$id/${rm_path} + run_podman 125 images + is "$output" "Error: error retrieving label for image \"$id\": you may need to remove the image to resolve the error" + + # Run the requested command. Confirm it succeeds, with suitable warnings + run_podman $* + is "$output" ".*error determining parent of image" \ + "$* with missing $what_to_rm" + + run_podman images -a --noheading + is "$output" "" "podman images -a, after $*, is empty" + done +} + +# END primary test helper +############################################################################### +# BEGIN first "test" does a one-time pull of our desired image + +@test "podman corrupt images - initialize" { + # Pull once, save cached copy. + run_podman pull $PODMAN_CORRUPT_TEST_IMAGE_FQIN + run_podman save -o ${PODMAN_CORRUPT_TEST_WORKDIR}/img.tar \ + $PODMAN_CORRUPT_TEST_IMAGE_FQIN +} + +# END first "test" does a one-time pull of our desired image +############################################################################### +# BEGIN actual tests + +@test "podman corrupt images - rmi -f <image-id>" { + _corrupt_image_test "rmi -f ${PODMAN_CORRUPT_TEST_IMAGE_ID}" +} + +@test "podman corrupt images - rmi -f <image-name>" { + _corrupt_image_test "rmi -f ${PODMAN_CORRUPT_TEST_IMAGE_FQIN}" +} + +@test "podman corrupt images - rmi -f -a" { + _corrupt_image_test "rmi -f -a" +} + +@test "podman corrupt images - image prune" { + _corrupt_image_test "image prune -a -f" +} + +@test "podman corrupt images - system reset" { + _corrupt_image_test "image prune -a -f" +} + +# END actual tests +############################################################################### +# BEGIN final cleanup + +@test "podman corrupt images - cleanup" { + rm -rf ${PODMAN_CORRUPT_TEST_WORKDIR} +} + +# END final cleanup +############################################################################### + +# vim: filetype=sh diff --git a/vendor/github.com/containers/image/v5/copy/copy.go b/vendor/github.com/containers/image/v5/copy/copy.go index 165a8be4b..fb704283b 100644 --- a/vendor/github.com/containers/image/v5/copy/copy.go +++ b/vendor/github.com/containers/image/v5/copy/copy.go @@ -43,6 +43,10 @@ type digestingReader struct { validationSucceeded bool } +// FIXME: disable early layer commits temporarily until a solid solution to +// address #1205 has been found. +const enableEarlyCommit = false + var ( // ErrDecryptParamsMissing is returned if there is missing decryption parameters ErrDecryptParamsMissing = errors.New("Necessary DecryptParameters not present") @@ -1185,7 +1189,7 @@ func (ic *imageCopier) copyLayer(ctx context.Context, srcInfo types.BlobInfo, to // layers which requires passing the index of the layer. // Hence, we need to special case and cast. dest, ok := ic.c.dest.(internalTypes.ImageDestinationWithOptions) - if ok { + if ok && enableEarlyCommit { options := internalTypes.TryReusingBlobOptions{ Cache: ic.c.blobInfoCache, CanSubstitute: ic.canSubstituteBlobs, @@ -1546,7 +1550,7 @@ func (c *copier) copyBlobFromStream(ctx context.Context, srcStream io.Reader, sr // which requires passing the index of the layer. Hence, we need to // special case and cast. dest, ok := c.dest.(internalTypes.ImageDestinationWithOptions) - if ok { + if ok && enableEarlyCommit { options := internalTypes.PutBlobOptions{ Cache: c.blobInfoCache, IsConfig: isConfig, diff --git a/vendor/github.com/containers/image/v5/oci/layout/oci_src.go b/vendor/github.com/containers/image/v5/oci/layout/oci_src.go index 6801c8432..9925aeda7 100644 --- a/vendor/github.com/containers/image/v5/oci/layout/oci_src.go +++ b/vendor/github.com/containers/image/v5/oci/layout/oci_src.go @@ -15,7 +15,6 @@ import ( "github.com/opencontainers/go-digest" imgspecv1 "github.com/opencontainers/image-spec/specs-go/v1" "github.com/pkg/errors" - "github.com/sirupsen/logrus" ) type ociImageSource struct { @@ -95,7 +94,6 @@ func (s *ociImageSource) GetManifest(ctx context.Context, instanceDigest *digest m, err := ioutil.ReadFile(manifestPath) if err != nil { - logrus.Errorf("Error HERE") return nil, "", err } if mimeType == "" { diff --git a/vendor/github.com/containers/image/v5/storage/storage_image.go b/vendor/github.com/containers/image/v5/storage/storage_image.go index ae020dd66..3a2c18c89 100644 --- a/vendor/github.com/containers/image/v5/storage/storage_image.go +++ b/vendor/github.com/containers/image/v5/storage/storage_image.go @@ -763,7 +763,7 @@ func (s *storageImageDestination) commitLayer(ctx context.Context, blob manifest } // Carry over the previous ID for empty non-base layers. - if blob.EmptyLayer && index > 0 { + if blob.EmptyLayer { s.indexToStorageID[index] = &lastLayer return nil } diff --git a/vendor/github.com/containers/image/v5/version/version.go b/vendor/github.com/containers/image/v5/version/version.go index 3e9f09aab..23b2e3571 100644 --- a/vendor/github.com/containers/image/v5/version/version.go +++ b/vendor/github.com/containers/image/v5/version/version.go @@ -8,7 +8,7 @@ const ( // VersionMinor is for functionality in a backwards-compatible manner VersionMinor = 11 // VersionPatch is for backwards-compatible bug fixes - VersionPatch = 0 + VersionPatch = 1 // VersionDev indicates development branch. Releases will be empty string. VersionDev = "" diff --git a/vendor/modules.txt b/vendor/modules.txt index 51d4f53ca..35655b01e 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -115,7 +115,7 @@ github.com/containers/common/pkg/umask github.com/containers/common/version # github.com/containers/conmon v2.0.20+incompatible github.com/containers/conmon/runner/config -# github.com/containers/image/v5 v5.11.0 +# github.com/containers/image/v5 v5.11.1 github.com/containers/image/v5/copy github.com/containers/image/v5/directory github.com/containers/image/v5/directory/explicitfilepath |