diff options
Diffstat (limited to 'cmd/podman')
| -rw-r--r-- | cmd/podman/auto-update.go | 46 | ||||
| -rw-r--r-- | cmd/podman/common/create.go | 3 | ||||
| -rw-r--r-- | cmd/podman/common/create_opts.go | 2 | ||||
| -rw-r--r-- | cmd/podman/common/specgen.go | 14 | ||||
| -rw-r--r-- | cmd/podman/containers/create.go | 12 | ||||
| -rw-r--r-- | cmd/podman/containers/run.go | 2 | ||||
| -rw-r--r-- | cmd/podman/containers/runlabel.go | 80 | ||||
| -rw-r--r-- | cmd/podman/containers/stats.go | 1 | ||||
| -rw-r--r-- | cmd/podman/images/trust.go | 27 | ||||
| -rw-r--r-- | cmd/podman/images/trust_set.go | 56 | ||||
| -rw-r--r-- | cmd/podman/images/trust_show.go | 77 | ||||
| -rw-r--r-- | cmd/podman/login.go | 8 | ||||
| -rw-r--r-- | cmd/podman/logout.go | 18 | ||||
| -rw-r--r-- | cmd/podman/manifest/annotate.go | 2 | ||||
| -rw-r--r-- | cmd/podman/manifest/manifest.go | 4 | ||||
| -rw-r--r-- | cmd/podman/manifest/push.go | 66 | ||||
| -rw-r--r-- | cmd/podman/manifest/remove.go | 47 | ||||
| -rw-r--r-- | cmd/podman/pods/create.go | 51 | ||||
| -rw-r--r-- | cmd/podman/registry/config.go | 29 | ||||
| -rw-r--r-- | cmd/podman/registry/config_abi.go | 7 | ||||
| -rw-r--r-- | cmd/podman/registry/config_tunnel.go | 7 | ||||
| -rw-r--r-- | cmd/podman/registry/registry.go | 20 | ||||
| -rw-r--r-- | cmd/podman/root.go | 2 | ||||
| -rw-r--r-- | cmd/podman/system/service.go | 2 |
24 files changed, 517 insertions, 66 deletions
diff --git a/cmd/podman/auto-update.go b/cmd/podman/auto-update.go new file mode 100644 index 000000000..758cbbc6f --- /dev/null +++ b/cmd/podman/auto-update.go @@ -0,0 +1,46 @@ +package main + +import ( + "fmt" + + "github.com/containers/libpod/cmd/podman/registry" + "github.com/containers/libpod/pkg/domain/entities" + "github.com/containers/libpod/pkg/errorhandling" + "github.com/pkg/errors" + "github.com/spf13/cobra" +) + +var ( + autoUpdateDescription = `Auto update containers according to their auto-update policy. + + Auto-update policies are specified with the "io.containers.autoupdate" label. + Note that this command is experimental.` + autoUpdateCommand = &cobra.Command{ + Use: "auto-update [flags]", + Short: "Auto update containers according to their auto-update policy", + Long: autoUpdateDescription, + RunE: autoUpdate, + Example: `podman auto-update`, + } +) + +func init() { + registry.Commands = append(registry.Commands, registry.CliCommand{ + Mode: []entities.EngineMode{entities.ABIMode}, + Command: autoUpdateCommand, + }) +} + +func autoUpdate(cmd *cobra.Command, args []string) error { + if len(args) > 0 { + // Backwards compat. System tests expext this error string. + return errors.Errorf("`%s` takes no arguments", cmd.CommandPath()) + } + report, failures := registry.ContainerEngine().AutoUpdate(registry.GetContext()) + if report != nil { + for _, unit := range report.Units { + fmt.Println(unit) + } + } + return errorhandling.JoinErrors(failures) +} diff --git a/cmd/podman/common/create.go b/cmd/podman/common/create.go index 53f4a8fa2..7086dc839 100644 --- a/cmd/podman/common/create.go +++ b/cmd/podman/common/create.go @@ -156,8 +156,7 @@ func GetCreateFlags(cf *ContainerCLIOpts) *pflag.FlagSet { createFlags.String("entrypoint", "", "Overwrite the default ENTRYPOINT of the image", ) - createFlags.StringArrayVarP( - &cf.env, + createFlags.StringArrayP( "env", "e", containerConfig.Env(), "Set environment variables in container", ) diff --git a/cmd/podman/common/create_opts.go b/cmd/podman/common/create_opts.go index c275b1674..8b38e3b47 100644 --- a/cmd/podman/common/create_opts.go +++ b/cmd/podman/common/create_opts.go @@ -32,7 +32,7 @@ type ContainerCLIOpts struct { DeviceWriteBPs []string DeviceWriteIOPs []string Entrypoint *string - env []string + Env []string EnvHost bool EnvFile []string Expose []string diff --git a/cmd/podman/common/specgen.go b/cmd/podman/common/specgen.go index 3e9772576..ff7c39de2 100644 --- a/cmd/podman/common/specgen.go +++ b/cmd/podman/common/specgen.go @@ -335,15 +335,12 @@ func FillOutSpecGen(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string env = envLib.Join(env, fileEnv) } - // env overrides any previous variables - if cmdLineEnv := c.env; len(cmdLineEnv) > 0 { - parsedEnv, err := envLib.ParseSlice(cmdLineEnv) - if err != nil { - return err - } - env = envLib.Join(env, parsedEnv) + parsedEnv, err := envLib.ParseSlice(c.Env) + if err != nil { + return err } - s.Env = env + + s.Env = envLib.Join(env, parsedEnv) // LABEL VARIABLES labels, err := parse.GetAllLabels(c.LabelFile, c.Label) @@ -504,6 +501,7 @@ func FillOutSpecGen(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string s.CapDrop = c.CapDrop s.Privileged = c.Privileged s.ReadOnlyFilesystem = c.ReadOnly + s.ConmonPidFile = c.ConmonPIDFile // TODO // ouitside of specgen and oci though diff --git a/cmd/podman/containers/create.go b/cmd/podman/containers/create.go index 7927da04d..2ecdda2e0 100644 --- a/cmd/podman/containers/create.go +++ b/cmd/podman/containers/create.go @@ -55,6 +55,11 @@ func createFlags(flags *pflag.FlagSet) { flags.AddFlagSet(common.GetCreateFlags(&cliVals)) flags.AddFlagSet(common.GetNetFlags()) flags.SetNormalizeFunc(common.AliasFlags) + if registry.IsRemote() { + _ = flags.MarkHidden("authfile") + _ = flags.MarkHidden("env-host") + _ = flags.MarkHidden("http-proxy") + } } func init() { @@ -170,6 +175,13 @@ func createInit(c *cobra.Command) error { val := c.Flag("entrypoint").Value.String() cliVals.Entrypoint = &val } + if c.Flags().Changed("env") { + env, err := c.Flags().GetStringArray("env") + if err != nil { + return errors.Wrapf(err, "retrieve env flag") + } + cliVals.Env = env + } // Docker-compatibility: the "-h" flag for run/create is reserved for // the hostname (see https://github.com/containers/libpod/issues/1367). diff --git a/cmd/podman/containers/run.go b/cmd/podman/containers/run.go index f72446cb6..5f3ea9ef4 100644 --- a/cmd/podman/containers/run.go +++ b/cmd/podman/containers/run.go @@ -60,6 +60,8 @@ func runFlags(flags *pflag.FlagSet) { flags.BoolVar(&runRmi, "rmi", false, "Remove container image unless used by other containers") if registry.IsRemote() { _ = flags.MarkHidden("authfile") + _ = flags.MarkHidden("env-host") + _ = flags.MarkHidden("http-proxy") } } func init() { diff --git a/cmd/podman/containers/runlabel.go b/cmd/podman/containers/runlabel.go new file mode 100644 index 000000000..11fa362b8 --- /dev/null +++ b/cmd/podman/containers/runlabel.go @@ -0,0 +1,80 @@ +package containers + +import ( + "context" + "os" + + "github.com/containers/common/pkg/auth" + "github.com/containers/image/v5/types" + "github.com/containers/libpod/cmd/podman/registry" + "github.com/containers/libpod/pkg/domain/entities" + "github.com/pkg/errors" + "github.com/sirupsen/logrus" + "github.com/spf13/cobra" +) + +// runlabelOptionsWrapper allows for combining API-only with CLI-only options +// and to convert between them. +type runlabelOptionsWrapper struct { + entities.ContainerRunlabelOptions + TLSVerifyCLI bool +} + +var ( + runlabelOptions = runlabelOptionsWrapper{} + runlabelDescription = "Executes a command as described by a container image label." + runlabelCommand = &cobra.Command{ + Use: "runlabel [flags] LABEL IMAGE [ARG...]", + Short: "Execute the command described by an image label", + Long: runlabelDescription, + RunE: runlabel, + Args: cobra.MinimumNArgs(2), + Example: `podman container runlabel run imageID + podman container runlabel --pull install imageID arg1 arg2 + podman container runlabel --display run myImage`, + } +) + +func init() { + registry.Commands = append(registry.Commands, registry.CliCommand{ + Mode: []entities.EngineMode{entities.ABIMode}, + Command: runlabelCommand, + Parent: containerCmd, + }) + + flags := rmCommand.Flags() + flags.StringVar(&runlabelOptions.Authfile, "authfile", auth.GetDefaultAuthFile(), "Path of the authentication file. Use REGISTRY_AUTH_FILE environment variable to override") + flags.StringVar(&runlabelOptions.CertDir, "cert-dir", "", "`Pathname` of a directory containing TLS certificates and keys") + flags.StringVar(&runlabelOptions.Credentials, "creds", "", "`Credentials` (USERNAME:PASSWORD) to use for authenticating to a registry") + flags.BoolVar(&runlabelOptions.Display, "display", false, "Preview the command that the label would run") + flags.StringVarP(&runlabelOptions.Name, "name", "n", "", "Assign a name to the container") + flags.StringVar(&runlabelOptions.Optional1, "opt1", "", "Optional parameter to pass for install") + flags.StringVar(&runlabelOptions.Optional2, "opt2", "", "Optional parameter to pass for install") + flags.StringVar(&runlabelOptions.Optional3, "opt3", "", "Optional parameter to pass for install") + flags.BoolP("pull", "p", false, "Pull the image if it does not exist locally prior to executing the label contents") + flags.BoolVarP(&runlabelOptions.Quiet, "quiet", "q", false, "Suppress output information when installing images") + flags.BoolVar(&runlabelOptions.Replace, "replace", false, "Replace existing container with a new one from the image") + flags.StringVar(&runlabelOptions.SignaturePolicy, "signature-policy", "", "`Pathname` of signature policy file (not usually used)") + flags.BoolVar(&runlabelOptions.TLSVerifyCLI, "tls-verify", true, "Require HTTPS and verify certificates when contacting registries") + + // Hide the optional flags. + _ = flags.MarkHidden("opt1") + _ = flags.MarkHidden("opt2") + _ = flags.MarkHidden("opt3") + + if err := flags.MarkDeprecated("pull", "podman will pull if not found in local storage"); err != nil { + logrus.Error("unable to mark pull flag deprecated") + } +} + +func runlabel(cmd *cobra.Command, args []string) error { + if cmd.Flags().Changed("tls-verify") { + runlabelOptions.SkipTLSVerify = types.NewOptionalBool(!runlabelOptions.TLSVerifyCLI) + } + if runlabelOptions.Authfile != "" { + if _, err := os.Stat(runlabelOptions.Authfile); err != nil { + return errors.Wrapf(err, "error getting authfile %s", runlabelOptions.Authfile) + } + } + return registry.ContainerEngine().ContainerRunlabel(context.Background(), args[0], args[1], args[2:], runlabelOptions.ContainerRunlabelOptions) +} diff --git a/cmd/podman/containers/stats.go b/cmd/podman/containers/stats.go index 3f9db671f..5b7f52cc7 100644 --- a/cmd/podman/containers/stats.go +++ b/cmd/podman/containers/stats.go @@ -234,7 +234,6 @@ func outputJSON(stats []*containerStats) error { Pids: j.PIDS(), }) } - b, err := json.MarshalIndent(jstats, "", " ") if err != nil { return err diff --git a/cmd/podman/images/trust.go b/cmd/podman/images/trust.go new file mode 100644 index 000000000..88a567871 --- /dev/null +++ b/cmd/podman/images/trust.go @@ -0,0 +1,27 @@ +package images + +import ( + "github.com/containers/libpod/cmd/podman/registry" + "github.com/containers/libpod/cmd/podman/validate" + "github.com/containers/libpod/pkg/domain/entities" + "github.com/spf13/cobra" +) + +var ( + trustDescription = `Manages which registries you trust as a source of container images based on their location. + The location is determined by the transport and the registry host of the image. Using this container image docker://quay.io/podman/stable as an example, docker is the transport and quay.io is the registry host.` + trustCmd = &cobra.Command{ + Use: "trust", + Short: "Manage container image trust policy", + Long: trustDescription, + RunE: validate.SubCommandExists, + } +) + +func init() { + registry.Commands = append(registry.Commands, registry.CliCommand{ + Mode: []entities.EngineMode{entities.ABIMode}, + Command: trustCmd, + Parent: imageCmd, + }) +} diff --git a/cmd/podman/images/trust_set.go b/cmd/podman/images/trust_set.go new file mode 100644 index 000000000..5868f5546 --- /dev/null +++ b/cmd/podman/images/trust_set.go @@ -0,0 +1,56 @@ +package images + +import ( + "github.com/containers/libpod/cmd/podman/registry" + "github.com/containers/libpod/libpod/image" + "github.com/containers/libpod/pkg/domain/entities" + "github.com/containers/libpod/pkg/util" + "github.com/pkg/errors" + "github.com/spf13/cobra" +) + +var ( + setTrustDescription = "Set default trust policy or add a new trust policy for a registry" + setTrustCommand = &cobra.Command{ + Use: "set [flags] REGISTRY", + Short: "Set default trust policy or a new trust policy for a registry", + Long: setTrustDescription, + Example: "", + RunE: setTrust, + Args: cobra.ExactArgs(1), + } +) + +var ( + setOptions entities.SetTrustOptions +) + +func init() { + registry.Commands = append(registry.Commands, registry.CliCommand{ + Mode: []entities.EngineMode{entities.ABIMode}, + Command: setTrustCommand, + Parent: trustCmd, + }) + setFlags := setTrustCommand.Flags() + setFlags.StringVar(&setOptions.PolicyPath, "policypath", "", "") + _ = setFlags.MarkHidden("policypath") + setFlags.StringSliceVarP(&setOptions.PubKeysFile, "pubkeysfile", "f", []string{}, `Path of installed public key(s) to trust for TARGET. +Absolute path to keys is added to policy.json. May +used multiple times to define multiple public keys. +File(s) must exist before using this command`) + setFlags.StringVarP(&setOptions.Type, "type", "t", "signedBy", "Trust type, accept values: signedBy(default), accept, reject") +} + +func setTrust(cmd *cobra.Command, args []string) error { + validTrustTypes := []string{"accept", "insecureAcceptAnything", "reject", "signedBy"} + + valid, err := image.IsValidImageURI(args[0]) + if err != nil || !valid { + return errors.Wrapf(err, "invalid image uri %s", args[0]) + } + + if !util.StringInSlice(setOptions.Type, validTrustTypes) { + return errors.Errorf("invalid choice: %s (choose from 'accept', 'reject', 'signedBy')", setOptions.Type) + } + return registry.ImageEngine().SetTrust(registry.Context(), args, setOptions) +} diff --git a/cmd/podman/images/trust_show.go b/cmd/podman/images/trust_show.go new file mode 100644 index 000000000..23ee6c709 --- /dev/null +++ b/cmd/podman/images/trust_show.go @@ -0,0 +1,77 @@ +package images + +import ( + "fmt" + "os" + "text/tabwriter" + "text/template" + + "github.com/containers/libpod/cmd/podman/registry" + "github.com/containers/libpod/pkg/domain/entities" + "github.com/spf13/cobra" +) + +var ( + showTrustDescription = "Display trust policy for the system" + showTrustCommand = &cobra.Command{ + Use: "show [flags] [REGISTRY]", + Short: "Display trust policy for the system", + Long: showTrustDescription, + RunE: showTrust, + Example: "", + } +) + +var ( + showTrustOptions entities.ShowTrustOptions +) + +func init() { + registry.Commands = append(registry.Commands, registry.CliCommand{ + Mode: []entities.EngineMode{entities.ABIMode}, + Command: showTrustCommand, + Parent: trustCmd, + }) + showFlags := showTrustCommand.Flags() + showFlags.BoolVarP(&showTrustOptions.JSON, "json", "j", false, "Output as json") + showFlags.StringVar(&showTrustOptions.PolicyPath, "policypath", "", "") + showFlags.BoolVar(&showTrustOptions.Raw, "raw", false, "Output raw policy file") + _ = showFlags.MarkHidden("policypath") + showFlags.StringVar(&showTrustOptions.RegistryPath, "registrypath", "", "") + _ = showFlags.MarkHidden("registrypath") + +} + +func showTrust(cmd *cobra.Command, args []string) error { + report, err := registry.ImageEngine().ShowTrust(registry.Context(), args, showTrustOptions) + if err != nil { + return err + } + if showTrustOptions.Raw { + fmt.Println(report.Raw) + return nil + } + if showTrustOptions.JSON { + b, err := json.MarshalIndent(report.Policies, "", " ") + if err != nil { + return err + } + fmt.Println(string(b)) + return nil + } + + row := "{{.RepoName}}\t{{.Type}}\t{{.GPGId}}\t{{.SignatureStore}}\n" + format := "{{range . }}" + row + "{{end}}" + tmpl, err := template.New("listContainers").Parse(format) + if err != nil { + return err + } + w := tabwriter.NewWriter(os.Stdout, 8, 2, 2, ' ', 0) + if err := tmpl.Execute(w, report.Policies); err != nil { + return err + } + if err := w.Flush(); err != nil { + return err + } + return nil +} diff --git a/cmd/podman/login.go b/cmd/podman/login.go index dc57758ab..92f13d0e7 100644 --- a/cmd/podman/login.go +++ b/cmd/podman/login.go @@ -8,6 +8,7 @@ import ( "github.com/containers/image/v5/types" "github.com/containers/libpod/cmd/podman/registry" "github.com/containers/libpod/pkg/domain/entities" + "github.com/containers/libpod/pkg/registries" "github.com/spf13/cobra" ) @@ -23,7 +24,7 @@ var ( Short: "Login to a container registry", Long: "Login to a container registry on a specified server.", RunE: login, - Args: cobra.ExactArgs(1), + Args: cobra.MaximumNArgs(1), Example: `podman login quay.io podman login --username ... --password ... quay.io podman login --authfile dir/auth.json quay.io`, @@ -45,9 +46,9 @@ func init() { // Podman flags. flags.BoolVarP(&loginOptions.tlsVerify, "tls-verify", "", false, "Require HTTPS and verify certificates when contacting registries") - flags.BoolVarP(&loginOptions.GetLoginSet, "get-login", "", false, "Return the current login user for the registry") loginOptions.Stdin = os.Stdin loginOptions.Stdout = os.Stdout + loginOptions.AcceptUnspecifiedRegistry = true } // Implementation of podman-login. @@ -62,7 +63,8 @@ func login(cmd *cobra.Command, args []string) error { AuthFilePath: loginOptions.AuthFile, DockerCertPath: loginOptions.CertDir, DockerInsecureSkipTLSVerify: skipTLS, + SystemRegistriesConfPath: registries.SystemRegistriesConfPath(), } loginOptions.GetLoginSet = cmd.Flag("get-login").Changed - return auth.Login(context.Background(), &sysCtx, &loginOptions.LoginOptions, args[0]) + return auth.Login(context.Background(), &sysCtx, &loginOptions.LoginOptions, args) } diff --git a/cmd/podman/logout.go b/cmd/podman/logout.go index c21711fc0..c016de8ae 100644 --- a/cmd/podman/logout.go +++ b/cmd/podman/logout.go @@ -7,7 +7,7 @@ import ( "github.com/containers/image/v5/types" "github.com/containers/libpod/cmd/podman/registry" "github.com/containers/libpod/pkg/domain/entities" - "github.com/pkg/errors" + "github.com/containers/libpod/pkg/registries" "github.com/spf13/cobra" ) @@ -37,21 +37,15 @@ func init() { // Flags from the auth package. flags.AddFlagSet(auth.GetLogoutFlags(&logoutOptions)) - logoutOptions.Stdin = os.Stdin logoutOptions.Stdout = os.Stdout + logoutOptions.AcceptUnspecifiedRegistry = true } // Implementation of podman-logout. func logout(cmd *cobra.Command, args []string) error { - sysCtx := types.SystemContext{AuthFilePath: logoutOptions.AuthFile} - - registry := "" - if len(args) > 0 { - if logoutOptions.All { - return errors.New("--all takes no arguments") - } - registry = args[0] + sysCtx := types.SystemContext{ + AuthFilePath: logoutOptions.AuthFile, + SystemRegistriesConfPath: registries.SystemRegistriesConfPath(), } - - return auth.Logout(&sysCtx, &logoutOptions, registry) + return auth.Logout(&sysCtx, &logoutOptions, args) } diff --git a/cmd/podman/manifest/annotate.go b/cmd/podman/manifest/annotate.go index 21d4fb747..82ee1ffda 100644 --- a/cmd/podman/manifest/annotate.go +++ b/cmd/podman/manifest/annotate.go @@ -24,7 +24,7 @@ var ( func init() { registry.Commands = append(registry.Commands, registry.CliCommand{ - Mode: []entities.EngineMode{entities.ABIMode, entities.TunnelMode}, + Mode: []entities.EngineMode{entities.ABIMode}, Command: annotateCmd, Parent: manifestCmd, }) diff --git a/cmd/podman/manifest/manifest.go b/cmd/podman/manifest/manifest.go index 88d264c1f..d7f042a56 100644 --- a/cmd/podman/manifest/manifest.go +++ b/cmd/podman/manifest/manifest.go @@ -18,7 +18,9 @@ var ( Example: `podman manifest add mylist:v1.11 image:v1.11-amd64 podman manifest create localhost/list podman manifest inspect localhost/list - podman manifest annotate --annotation left=right mylist:v1.11 image:v1.11-amd64`, + podman manifest annotate --annotation left=right mylist:v1.11 image:v1.11-amd64 + podman manifest push mylist:v1.11 quay.io/myimagelist + podman manifest remove mylist:v1.11 sha256:15352d97781ffdf357bf3459c037be3efac4133dc9070c2dce7eca7c05c3e736`, } ) diff --git a/cmd/podman/manifest/push.go b/cmd/podman/manifest/push.go new file mode 100644 index 000000000..49c76f40b --- /dev/null +++ b/cmd/podman/manifest/push.go @@ -0,0 +1,66 @@ +package manifest + +import ( + "context" + + "github.com/containers/common/pkg/auth" + "github.com/containers/libpod/cmd/podman/registry" + "github.com/containers/libpod/pkg/domain/entities" + "github.com/pkg/errors" + "github.com/spf13/cobra" +) + +var ( + manifestPushOpts = entities.ManifestPushOptions{} + pushCmd = &cobra.Command{ + Use: "push [flags] SOURCE DESTINATION", + Short: "Push a manifest list or image index to a registry", + Long: "Pushes manifest lists and image indexes to registries.", + RunE: push, + Example: `podman manifest push mylist:v1.11 quay.io/myimagelist`, + Args: cobra.ExactArgs(2), + } +) + +func init() { + registry.Commands = append(registry.Commands, registry.CliCommand{ + Mode: []entities.EngineMode{entities.ABIMode, entities.TunnelMode}, + Command: pushCmd, + Parent: manifestCmd, + }) + flags := pushCmd.Flags() + flags.BoolVar(&manifestPushOpts.Purge, "purge", false, "remove the manifest list if push succeeds") + flags.BoolVar(&manifestPushOpts.All, "all", false, "also push the images in the list") + flags.StringVar(&manifestPushOpts.Authfile, "authfile", auth.GetDefaultAuthFile(), "path of the authentication file. Use REGISTRY_AUTH_FILE environment variable to override") + flags.StringVar(&manifestPushOpts.CertDir, "cert-dir", "", "use certificates at the specified path to access the registry") + flags.StringVar(&manifestPushOpts.Creds, "creds", "", "use `[username[:password]]` for accessing the registry") + flags.StringVar(&manifestPushOpts.DigestFile, "digestfile", "", "after copying the image, write the digest of the resulting digest to the file") + flags.StringVarP(&manifestPushOpts.Format, "format", "f", "", "manifest type (oci or v2s2) to attempt to use when pushing the manifest list (default is manifest type of source)") + flags.BoolVarP(&manifestPushOpts.RemoveSignatures, "remove-signatures", "", false, "don't copy signatures when pushing images") + flags.StringVar(&manifestPushOpts.SignBy, "sign-by", "", "sign the image using a GPG key with the specified `FINGERPRINT`") + flags.BoolVar(&manifestPushOpts.TlsVerify, "tls-verify", true, "require HTTPS and verify certificates when accessing the registry") + flags.BoolVarP(&manifestPushOpts.Quiet, "quiet", "q", false, "don't output progress information when pushing lists") + if registry.IsRemote() { + _ = flags.MarkHidden("authfile") + _ = flags.MarkHidden("cert-dir") + _ = flags.MarkHidden("tls-verify") + } +} + +func push(cmd *cobra.Command, args []string) error { + if err := auth.CheckAuthFile(manifestPushOpts.Authfile); err != nil { + return err + } + listImageSpec := args[0] + destSpec := args[1] + if listImageSpec == "" { + return errors.Errorf(`invalid image name "%s"`, listImageSpec) + } + if destSpec == "" { + return errors.Errorf(`invalid destination "%s"`, destSpec) + } + if err := registry.ImageEngine().ManifestPush(context.Background(), args, manifestPushOpts); err != nil { + return errors.Wrapf(err, "error pushing manifest %s to %s", listImageSpec, destSpec) + } + return nil +} diff --git a/cmd/podman/manifest/remove.go b/cmd/podman/manifest/remove.go new file mode 100644 index 000000000..4d345efc0 --- /dev/null +++ b/cmd/podman/manifest/remove.go @@ -0,0 +1,47 @@ +package manifest + +import ( + "context" + "fmt" + + "github.com/containers/libpod/cmd/podman/registry" + "github.com/containers/libpod/pkg/domain/entities" + "github.com/pkg/errors" + "github.com/spf13/cobra" +) + +var ( + removeCmd = &cobra.Command{ + Use: "remove [flags] LIST IMAGE", + Short: "Remove an entry from a manifest list or image index", + Long: "Removes an image from a manifest list or image index.", + RunE: remove, + Example: `podman manifest remove mylist:v1.11 sha256:15352d97781ffdf357bf3459c037be3efac4133dc9070c2dce7eca7c05c3e736`, + Args: cobra.ExactArgs(2), + } +) + +func init() { + registry.Commands = append(registry.Commands, registry.CliCommand{ + Mode: []entities.EngineMode{entities.ABIMode, entities.TunnelMode}, + Command: removeCmd, + Parent: manifestCmd, + }) +} + +func remove(cmd *cobra.Command, args []string) error { + listImageSpec := args[0] + instanceSpec := args[1] + if listImageSpec == "" { + return errors.Errorf(`invalid image name "%s"`, listImageSpec) + } + if instanceSpec == "" { + return errors.Errorf(`invalid image digest "%s"`, instanceSpec) + } + updatedListID, err := registry.ImageEngine().ManifestRemove(context.Background(), args) + if err != nil { + return errors.Wrapf(err, "error removing from manifest list %s", listImageSpec) + } + fmt.Printf("%s\n", updatedListID) + return nil +} diff --git a/cmd/podman/pods/create.go b/cmd/podman/pods/create.go index 0a2016496..e24cdef98 100644 --- a/cmd/podman/pods/create.go +++ b/cmd/podman/pods/create.go @@ -16,7 +16,9 @@ import ( "github.com/containers/libpod/pkg/specgen" "github.com/containers/libpod/pkg/util" "github.com/pkg/errors" + "github.com/sirupsen/logrus" "github.com/spf13/cobra" + "github.com/spf13/pflag" ) var ( @@ -59,6 +61,14 @@ func init() { flags.StringVarP(&createOptions.Hostname, "hostname", "", "", "Set a hostname to the pod") flags.StringVar(&podIDFile, "pod-id-file", "", "Write the pod ID to the file") flags.StringVar(&share, "share", createconfig.DefaultKernelNamespaces, "A comma delimited list of kernel namespaces the pod will share") + flags.SetNormalizeFunc(aliasNetworkFlag) +} + +func aliasNetworkFlag(_ *pflag.FlagSet, name string) pflag.NormalizedName { + if name == "net" { + name = "network" + } + return pflag.NormalizedName(name) } func create(cmd *cobra.Command, args []string) error { @@ -72,6 +82,7 @@ func create(cmd *cobra.Command, args []string) error { } if !createOptions.Infra { + logrus.Debugf("Not creating an infra container") if cmd.Flag("infra-command").Changed { return errors.New("cannot set infra-command without an infra container") } @@ -105,32 +116,26 @@ func create(cmd *cobra.Command, args []string) error { if err != nil { return err } - netInput, err := cmd.Flags().GetString("network") - if err != nil { - return err - } - n := specgen.Namespace{} - switch netInput { - case "bridge": - n.NSMode = specgen.Bridge - case "host": - n.NSMode = specgen.Host - case "slip4netns": - n.NSMode = specgen.Slirp - default: - if strings.HasPrefix(netInput, "container:") { // nolint - split := strings.Split(netInput, ":") - if len(split) != 2 { - return errors.Errorf("invalid network paramater: %q", netInput) - } - n.NSMode = specgen.FromContainer - n.Value = split[1] - } else if strings.HasPrefix(netInput, "ns:") { - return errors.New("the ns: network option is not supported for pods") - } else { + createOptions.Net.Network = specgen.Namespace{} + if cmd.Flag("network").Changed { + netInput, err := cmd.Flags().GetString("network") + if err != nil { + return err + } + n := specgen.Namespace{} + switch netInput { + case "bridge": + n.NSMode = specgen.Bridge + case "host": + n.NSMode = specgen.Host + case "slirp4netns": + n.NSMode = specgen.Slirp + default: + // Container and NS mode are presently unsupported n.NSMode = specgen.Bridge createOptions.Net.CNINetworks = strings.Split(netInput, ",") } + createOptions.Net.Network = n } if len(createOptions.Net.PublishPorts) > 0 { if !createOptions.Infra { diff --git a/cmd/podman/registry/config.go b/cmd/podman/registry/config.go index fc6eb538e..49d5bca74 100644 --- a/cmd/podman/registry/config.go +++ b/cmd/podman/registry/config.go @@ -22,6 +22,7 @@ const ( var ( podmanOptions entities.PodmanConfig podmanSync sync.Once + abiSupport = false ) // PodmanConfig returns an entities.PodmanConfig built up from @@ -39,23 +40,31 @@ func newPodmanConfig() { var mode entities.EngineMode switch runtime.GOOS { - case "darwin": - fallthrough - case "windows": + case "darwin", "windows": mode = entities.TunnelMode case "linux": - mode = entities.ABIMode + // Some linux clients might only be compiled without ABI + // support (e.g., podman-remote). + if abiSupport { + mode = entities.ABIMode + } else { + mode = entities.TunnelMode + } default: fmt.Fprintf(os.Stderr, "%s is not a supported OS", runtime.GOOS) os.Exit(1) } - // cobra.Execute() may not be called yet, so we peek at os.Args. - for _, v := range os.Args { - // Prefix checking works because of how default EngineMode's - // have been defined. - if strings.HasPrefix(v, "--remote") { - mode = entities.TunnelMode + // Check if need to fallback to the tunnel mode if --remote is used. + if abiSupport && mode == entities.ABIMode { + // cobra.Execute() may not be called yet, so we peek at os.Args. + for _, v := range os.Args { + // Prefix checking works because of how default EngineMode's + // have been defined. + if strings.HasPrefix(v, "--remote") { + mode = entities.TunnelMode + break + } } } diff --git a/cmd/podman/registry/config_abi.go b/cmd/podman/registry/config_abi.go new file mode 100644 index 000000000..55430e1bf --- /dev/null +++ b/cmd/podman/registry/config_abi.go @@ -0,0 +1,7 @@ +// +build ABISupport + +package registry + +func init() { + abiSupport = true +} diff --git a/cmd/podman/registry/config_tunnel.go b/cmd/podman/registry/config_tunnel.go new file mode 100644 index 000000000..29e744dac --- /dev/null +++ b/cmd/podman/registry/config_tunnel.go @@ -0,0 +1,7 @@ +// +build !ABISupport + +package registry + +func init() { + abiSupport = false +} diff --git a/cmd/podman/registry/registry.go b/cmd/podman/registry/registry.go index 69e2babfc..71ee2bed0 100644 --- a/cmd/podman/registry/registry.go +++ b/cmd/podman/registry/registry.go @@ -2,14 +2,18 @@ package registry import ( "context" + "path/filepath" "github.com/containers/libpod/pkg/domain/entities" "github.com/containers/libpod/pkg/domain/infra" + "github.com/containers/libpod/pkg/rootless" + "github.com/containers/libpod/pkg/util" + "github.com/sirupsen/logrus" "github.com/spf13/cobra" ) -// DefaultAPIAddress is the default address of the REST socket -const DefaultAPIAddress = "unix:/run/podman/podman.sock" +// DefaultRootAPIAddress is the default address of the REST socket +const DefaultRootAPIAddress = "unix:/run/podman/podman.sock" // DefaultVarlinkAddress is the default address of the varlink socket const DefaultVarlinkAddress = "unix:/run/podman/io.podman" @@ -98,3 +102,15 @@ func GetContextWithOptions() context.Context { func GetContext() context.Context { return Context() } + +func DefaultAPIAddress() string { + if rootless.IsRootless() { + xdg, err := util.GetRuntimeDir() + if err != nil { + logrus.Warnf("Failed to get rootless runtime dir for DefaultAPIAddress: %s", err) + return DefaultRootAPIAddress + } + return "unix:" + filepath.Join(xdg, "podman", "podman.sock") + } + return DefaultRootAPIAddress +} diff --git a/cmd/podman/root.go b/cmd/podman/root.go index 502b6c03c..7d6f6f823 100644 --- a/cmd/podman/root.go +++ b/cmd/podman/root.go @@ -208,7 +208,7 @@ func syslogHook() { func rootFlags(opts *entities.PodmanConfig, flags *pflag.FlagSet) { // V2 flags - flags.StringVarP(&opts.Uri, "remote", "r", "", "URL to access Podman service") + flags.StringVarP(&opts.Uri, "remote", "r", registry.DefaultAPIAddress(), "URL to access Podman service") flags.StringSliceVar(&opts.Identities, "identity", []string{}, "path to SSH identity file") cfg := opts.Config diff --git a/cmd/podman/system/service.go b/cmd/podman/system/service.go index f4b91dd78..552c72f79 100644 --- a/cmd/podman/system/service.go +++ b/cmd/podman/system/service.go @@ -139,6 +139,6 @@ func resolveApiURI(_url []string) (string, error) { case srvArgs.Varlink: return registry.DefaultVarlinkAddress, nil default: - return registry.DefaultAPIAddress, nil + return registry.DefaultRootAPIAddress, nil } } |