summaryrefslogtreecommitdiff
path: root/cmd/podman
diff options
context:
space:
mode:
Diffstat (limited to 'cmd/podman')
-rw-r--r--cmd/podman/create_cli.go6
-rw-r--r--cmd/podman/main.go18
-rw-r--r--cmd/podman/sign.go3
-rw-r--r--cmd/podman/trust.go58
4 files changed, 37 insertions, 48 deletions
diff --git a/cmd/podman/create_cli.go b/cmd/podman/create_cli.go
index 1a0830f2e..95b9321fd 100644
--- a/cmd/podman/create_cli.go
+++ b/cmd/podman/create_cli.go
@@ -201,6 +201,9 @@ func parseVolumesFrom(volumesFrom []string) error {
}
func validateVolumeHostDir(hostDir string) error {
+ if len(hostDir) == 0 {
+ return errors.Errorf("host directory cannot be empty")
+ }
if filepath.IsAbs(hostDir) {
if _, err := os.Stat(hostDir); err != nil {
return errors.Wrapf(err, "error checking path %q", hostDir)
@@ -212,6 +215,9 @@ func validateVolumeHostDir(hostDir string) error {
}
func validateVolumeCtrDir(ctrDir string) error {
+ if len(ctrDir) == 0 {
+ return errors.Errorf("container directory cannot be empty")
+ }
if !filepath.IsAbs(ctrDir) {
return errors.Errorf("invalid container path, must be an absolute path %q", ctrDir)
}
diff --git a/cmd/podman/main.go b/cmd/podman/main.go
index 43804ee35..604404827 100644
--- a/cmd/podman/main.go
+++ b/cmd/podman/main.go
@@ -148,16 +148,20 @@ func main() {
logrus.SetLevel(level)
}
- // Only if not rootless, set rlimits for open files.
- // We open numerous FDs for ports opened
- if !rootless.IsRootless() {
- rlimits := new(syscall.Rlimit)
- rlimits.Cur = 1048576
- rlimits.Max = 1048576
+ rlimits := new(syscall.Rlimit)
+ rlimits.Cur = 1048576
+ rlimits.Max = 1048576
+ if err := syscall.Setrlimit(syscall.RLIMIT_NOFILE, rlimits); err != nil {
+ if err := syscall.Getrlimit(syscall.RLIMIT_NOFILE, rlimits); err != nil {
+ return errors.Wrapf(err, "error getting rlimits")
+ }
+ rlimits.Cur = rlimits.Max
if err := syscall.Setrlimit(syscall.RLIMIT_NOFILE, rlimits); err != nil {
return errors.Wrapf(err, "error setting new rlimits")
}
- } else {
+ }
+
+ if rootless.IsRootless() {
logrus.Info("running as rootless")
}
diff --git a/cmd/podman/sign.go b/cmd/podman/sign.go
index e7367a311..1d9aecdc9 100644
--- a/cmd/podman/sign.go
+++ b/cmd/podman/sign.go
@@ -141,7 +141,8 @@ func signCmd(c *cli.Context) error {
return errors.Wrapf(err, "error creating new signature")
}
- sigStoreDir = filepath.Join(sigStoreDir, strings.Replace(repos[0][strings.Index(repos[0], "/")+1:len(repos[0])], ":", "=", 1))
+ trimmedDigest := strings.TrimPrefix(repos[0], strings.Split(repos[0], "/")[0])
+ sigStoreDir = filepath.Join(sigStoreDir, strings.Replace(trimmedDigest, ":", "=", 1))
if err := os.MkdirAll(sigStoreDir, 0751); err != nil {
// The directory is allowed to exist
if !os.IsExist(err) {
diff --git a/cmd/podman/trust.go b/cmd/podman/trust.go
index 7c404cd3f..863f36d09 100644
--- a/cmd/podman/trust.go
+++ b/cmd/podman/trust.go
@@ -13,7 +13,6 @@ import (
"github.com/containers/libpod/libpod/image"
"github.com/containers/libpod/pkg/trust"
"github.com/pkg/errors"
- "github.com/sirupsen/logrus"
"github.com/urfave/cli"
)
@@ -132,7 +131,7 @@ func showTrustCmd(c *cli.Context) error {
if err := json.Unmarshal(policyContent, &policyContentStruct); err != nil {
return errors.Errorf("could not read trust policies")
}
- policyJSON, err := trust.GetPolicyJSON(policyContentStruct, systemRegistriesDirPath)
+ policyJSON, showOutputMap, err := trust.GetPolicy(policyContentStruct, systemRegistriesDirPath)
if err != nil {
return errors.Wrapf(err, "error reading registry config file")
}
@@ -144,31 +143,12 @@ func showTrustCmd(c *cli.Context) error {
}
sortedRepos := sortPolicyJSONKey(policyJSON)
- type policydefault struct {
- Repo string
- Trusttype string
- GPGid string
- Sigstore string
- }
- var policyoutput []policydefault
- for _, repo := range sortedRepos {
- repoval := policyJSON[repo]
- var defaultstruct policydefault
- defaultstruct.Repo = repo
- if repoval["type"] != nil {
- defaultstruct.Trusttype = trustTypeDescription(repoval["type"].(string))
- }
- if repoval["keys"] != nil && len(repoval["keys"].([]string)) > 0 {
- defaultstruct.GPGid = trust.GetGPGId(repoval["keys"].([]string))
- }
- if repoval["sigstore"] != nil {
- defaultstruct.Sigstore = repoval["sigstore"].(string)
- }
- policyoutput = append(policyoutput, defaultstruct)
- }
var output []interface{}
- for _, ele := range policyoutput {
- output = append(output, interface{}(ele))
+ for _, reponame := range sortedRepos {
+ showOutput, exists := showOutputMap[reponame]
+ if exists {
+ output = append(output, interface{}(showOutput))
+ }
}
out := formats.StdoutTemplateArray{Output: output, Template: "{{.Repo}}\t{{.Trusttype}}\t{{.GPGid}}\t{{.Sigstore}}"}
return formats.Writer(out).Out()
@@ -209,8 +189,10 @@ func setTrustCmd(c *cli.Context) error {
policyPath = trust.DefaultPolicyPath(runtime.SystemContext())
}
var policyContentStruct trust.PolicyContent
+ policyFileExists := false
_, err = os.Stat(policyPath)
if !os.IsNotExist(err) {
+ policyFileExists = true
policyContent, err := ioutil.ReadFile(policyPath)
if err != nil {
return errors.Wrapf(err, "unable to read %s", policyPath)
@@ -218,6 +200,9 @@ func setTrustCmd(c *cli.Context) error {
if err := json.Unmarshal(policyContent, &policyContentStruct); err != nil {
return errors.Errorf("could not read trust policies")
}
+ if args[0] != "default" && len(policyContentStruct.Default) == 0 {
+ return errors.Errorf("Default trust policy must be set.")
+ }
}
var newReposContent []trust.RepoContent
if len(pubkeysfile) != 0 {
@@ -230,15 +215,18 @@ func setTrustCmd(c *cli.Context) error {
if args[0] == "default" {
policyContentStruct.Default = newReposContent
} else {
- exists := false
+ if policyFileExists == false && len(policyContentStruct.Default) == 0 {
+ return errors.Errorf("Default trust policy must be set to create the policy file.")
+ }
+ registryExists := false
for transport, transportval := range policyContentStruct.Transports {
- _, exists = transportval[args[0]]
- if exists {
+ _, registryExists = transportval[args[0]]
+ if registryExists {
policyContentStruct.Transports[transport][args[0]] = newReposContent
break
}
}
- if !exists {
+ if !registryExists {
if policyContentStruct.Transports == nil {
policyContentStruct.Transports = make(map[string]trust.RepoMap)
}
@@ -260,16 +248,6 @@ func setTrustCmd(c *cli.Context) error {
return nil
}
-var typeDescription = map[string]string{"insecureAcceptAnything": "accept", "signedBy": "signed", "reject": "reject"}
-
-func trustTypeDescription(trustType string) string {
- trustDescription, exist := typeDescription[trustType]
- if !exist {
- logrus.Warnf("invalid trust type %s", trustType)
- }
- return trustDescription
-}
-
func sortPolicyJSONKey(m map[string]map[string]interface{}) []string {
keys := make([]string, len(m))
i := 0