13 files changed, 204 insertions, 41 deletions

diff --git a/cmd/podman/auto-update.go b/cmd/podman/auto-update.go
new file mode 100644
index 000000000..758cbbc6f
--- /dev/null
+++ b/cmd/podman/auto-update.go
@@ -0,0 +1,46 @@
+package main
+
+import (
+	"fmt"
+
+	"github.com/containers/libpod/cmd/podman/registry"
+	"github.com/containers/libpod/pkg/domain/entities"
+	"github.com/containers/libpod/pkg/errorhandling"
+	"github.com/pkg/errors"
+	"github.com/spf13/cobra"
+)
+
+var (
+	autoUpdateDescription = `Auto update containers according to their auto-update policy.
+
+  Auto-update policies are specified with the "io.containers.autoupdate" label.
+  Note that this command is experimental.`
+	autoUpdateCommand = &cobra.Command{
+		Use:     "auto-update [flags]",
+		Short:   "Auto update containers according to their auto-update policy",
+		Long:    autoUpdateDescription,
+		RunE:    autoUpdate,
+		Example: `podman auto-update`,
+	}
+)
+
+func init() {
+	registry.Commands = append(registry.Commands, registry.CliCommand{
+		Mode:    []entities.EngineMode{entities.ABIMode},
+		Command: autoUpdateCommand,
+	})
+}
+
+func autoUpdate(cmd *cobra.Command, args []string) error {
+	if len(args) > 0 {
+		// Backwards compat. System tests expext this error string.
+		return errors.Errorf("`%s` takes no arguments", cmd.CommandPath())
+	}
+	report, failures := registry.ContainerEngine().AutoUpdate(registry.GetContext())
+	if report != nil {
+		for _, unit := range report.Units {
+			fmt.Println(unit)
+		}
+	}
+	return errorhandling.JoinErrors(failures)
+}
diff --git a/cmd/podman/containers/runlabel.go b/cmd/podman/containers/runlabel.go
new file mode 100644
index 000000000..11fa362b8
--- /dev/null
+++ b/cmd/podman/containers/runlabel.go
@@ -0,0 +1,80 @@
+package containers
+
+import (
+	"context"
+	"os"
+
+	"github.com/containers/common/pkg/auth"
+	"github.com/containers/image/v5/types"
+	"github.com/containers/libpod/cmd/podman/registry"
+	"github.com/containers/libpod/pkg/domain/entities"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
+	"github.com/spf13/cobra"
+)
+
+// runlabelOptionsWrapper allows for combining API-only with CLI-only options
+// and to convert between them.
+type runlabelOptionsWrapper struct {
+	entities.ContainerRunlabelOptions
+	TLSVerifyCLI bool
+}
+
+var (
+	runlabelOptions     = runlabelOptionsWrapper{}
+	runlabelDescription = "Executes a command as described by a container image label."
+	runlabelCommand     = &cobra.Command{
+		Use:   "runlabel [flags] LABEL IMAGE [ARG...]",
+		Short: "Execute the command described by an image label",
+		Long:  runlabelDescription,
+		RunE:  runlabel,
+		Args:  cobra.MinimumNArgs(2),
+		Example: `podman container runlabel run imageID
+  podman container runlabel --pull install imageID arg1 arg2
+  podman container runlabel --display run myImage`,
+	}
+)
+
+func init() {
+	registry.Commands = append(registry.Commands, registry.CliCommand{
+		Mode:    []entities.EngineMode{entities.ABIMode},
+		Command: runlabelCommand,
+		Parent:  containerCmd,
+	})
+
+	flags := rmCommand.Flags()
+	flags.StringVar(&runlabelOptions.Authfile, "authfile", auth.GetDefaultAuthFile(), "Path of the authentication file. Use REGISTRY_AUTH_FILE environment variable to override")
+	flags.StringVar(&runlabelOptions.CertDir, "cert-dir", "", "`Pathname` of a directory containing TLS certificates and keys")
+	flags.StringVar(&runlabelOptions.Credentials, "creds", "", "`Credentials` (USERNAME:PASSWORD) to use for authenticating to a registry")
+	flags.BoolVar(&runlabelOptions.Display, "display", false, "Preview the command that the label would run")
+	flags.StringVarP(&runlabelOptions.Name, "name", "n", "", "Assign a name to the container")
+	flags.StringVar(&runlabelOptions.Optional1, "opt1", "", "Optional parameter to pass for install")
+	flags.StringVar(&runlabelOptions.Optional2, "opt2", "", "Optional parameter to pass for install")
+	flags.StringVar(&runlabelOptions.Optional3, "opt3", "", "Optional parameter to pass for install")
+	flags.BoolP("pull", "p", false, "Pull the image if it does not exist locally prior to executing the label contents")
+	flags.BoolVarP(&runlabelOptions.Quiet, "quiet", "q", false, "Suppress output information when installing images")
+	flags.BoolVar(&runlabelOptions.Replace, "replace", false, "Replace existing container with a new one from the image")
+	flags.StringVar(&runlabelOptions.SignaturePolicy, "signature-policy", "", "`Pathname` of signature policy file (not usually used)")
+	flags.BoolVar(&runlabelOptions.TLSVerifyCLI, "tls-verify", true, "Require HTTPS and verify certificates when contacting registries")
+
+	// Hide the optional flags.
+	_ = flags.MarkHidden("opt1")
+	_ = flags.MarkHidden("opt2")
+	_ = flags.MarkHidden("opt3")
+
+	if err := flags.MarkDeprecated("pull", "podman will pull if not found in local storage"); err != nil {
+		logrus.Error("unable to mark pull flag deprecated")
+	}
+}
+
+func runlabel(cmd *cobra.Command, args []string) error {
+	if cmd.Flags().Changed("tls-verify") {
+		runlabelOptions.SkipTLSVerify = types.NewOptionalBool(!runlabelOptions.TLSVerifyCLI)
+	}
+	if runlabelOptions.Authfile != "" {
+		if _, err := os.Stat(runlabelOptions.Authfile); err != nil {
+			return errors.Wrapf(err, "error getting authfile %s", runlabelOptions.Authfile)
+		}
+	}
+	return registry.ContainerEngine().ContainerRunlabel(context.Background(), args[0], args[1], args[2:], runlabelOptions.ContainerRunlabelOptions)
+}
diff --git a/cmd/podman/containers/stats.go b/cmd/podman/containers/stats.go
index 3f9db671f..5b7f52cc7 100644
--- a/cmd/podman/containers/stats.go
+++ b/cmd/podman/containers/stats.go
@@ -234,7 +234,6 @@ func outputJSON(stats []*containerStats) error {
 			Pids:       j.PIDS(),
 		})
 	}
-
 	b, err := json.MarshalIndent(jstats, "", " ")
 	if err != nil {
 		return err
diff --git a/cmd/podman/login.go b/cmd/podman/login.go
index 8413861f5..92f13d0e7 100644
--- a/cmd/podman/login.go
+++ b/cmd/podman/login.go
@@ -46,7 +46,6 @@ func init() {
 
 	// Podman flags.
 	flags.BoolVarP(&loginOptions.tlsVerify, "tls-verify", "", false, "Require HTTPS and verify certificates when contacting registries")
-	flags.BoolVarP(&loginOptions.GetLoginSet, "get-login", "", false, "Return the current login user for the registry")
 	loginOptions.Stdin = os.Stdin
 	loginOptions.Stdout = os.Stdout
 	loginOptions.AcceptUnspecifiedRegistry = true
diff --git a/cmd/podman/logout.go b/cmd/podman/logout.go
index d0afc21b4..c016de8ae 100644
--- a/cmd/podman/logout.go
+++ b/cmd/podman/logout.go
@@ -37,7 +37,6 @@ func init() {
 
 	// Flags from the auth package.
 	flags.AddFlagSet(auth.GetLogoutFlags(&logoutOptions))
-	logoutOptions.Stdin = os.Stdin
 	logoutOptions.Stdout = os.Stdout
 	logoutOptions.AcceptUnspecifiedRegistry = true
 }
diff --git a/cmd/podman/manifest/annotate.go b/cmd/podman/manifest/annotate.go
index 21d4fb747..82ee1ffda 100644
--- a/cmd/podman/manifest/annotate.go
+++ b/cmd/podman/manifest/annotate.go
@@ -24,7 +24,7 @@ var (
 
 func init() {
 	registry.Commands = append(registry.Commands, registry.CliCommand{
-		Mode:    []entities.EngineMode{entities.ABIMode, entities.TunnelMode},
+		Mode:    []entities.EngineMode{entities.ABIMode},
 		Command: annotateCmd,
 		Parent:  manifestCmd,
 	})
diff --git a/cmd/podman/pods/create.go b/cmd/podman/pods/create.go
index 0a2016496..f97fa836a 100644
--- a/cmd/podman/pods/create.go
+++ b/cmd/podman/pods/create.go
@@ -17,6 +17,7 @@ import (
 	"github.com/containers/libpod/pkg/util"
 	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
+	"github.com/spf13/pflag"
 )
 
 var (
@@ -59,6 +60,14 @@ func init() {
 	flags.StringVarP(&createOptions.Hostname, "hostname", "", "", "Set a hostname to the pod")
 	flags.StringVar(&podIDFile, "pod-id-file", "", "Write the pod ID to the file")
 	flags.StringVar(&share, "share", createconfig.DefaultKernelNamespaces, "A comma delimited list of kernel namespaces the pod will share")
+	flags.SetNormalizeFunc(aliasNetworkFlag)
+}
+
+func aliasNetworkFlag(_ *pflag.FlagSet, name string) pflag.NormalizedName {
+	if name == "net" {
+		name = "network"
+	}
+	return pflag.NormalizedName(name)
 }
 
 func create(cmd *cobra.Command, args []string) error {
@@ -105,29 +114,21 @@ func create(cmd *cobra.Command, args []string) error {
 	if err != nil {
 		return err
 	}
-	netInput, err := cmd.Flags().GetString("network")
-	if err != nil {
-		return err
-	}
-	n := specgen.Namespace{}
-	switch netInput {
-	case "bridge":
-		n.NSMode = specgen.Bridge
-	case "host":
-		n.NSMode = specgen.Host
-	case "slip4netns":
-		n.NSMode = specgen.Slirp
-	default:
-		if strings.HasPrefix(netInput, "container:") { // nolint
-			split := strings.Split(netInput, ":")
-			if len(split) != 2 {
-				return errors.Errorf("invalid network paramater: %q", netInput)
-			}
-			n.NSMode = specgen.FromContainer
-			n.Value = split[1]
-		} else if strings.HasPrefix(netInput, "ns:") {
-			return errors.New("the ns: network option is not supported for pods")
-		} else {
+	if cmd.Flag("network").Changed {
+		netInput, err := cmd.Flags().GetString("network")
+		if err != nil {
+			return err
+		}
+		n := specgen.Namespace{}
+		switch netInput {
+		case "bridge":
+			n.NSMode = specgen.Bridge
+		case "host":
+			n.NSMode = specgen.Host
+		case "slirp4netns":
+			n.NSMode = specgen.Slirp
+		default:
+			// Container and NS mode are presently unsupported
 			n.NSMode = specgen.Bridge
 			createOptions.Net.CNINetworks = strings.Split(netInput, ",")
 		}
diff --git a/cmd/podman/registry/config.go b/cmd/podman/registry/config.go
index fc6eb538e..49d5bca74 100644
--- a/cmd/podman/registry/config.go
+++ b/cmd/podman/registry/config.go
@@ -22,6 +22,7 @@ const (
 var (
 	podmanOptions entities.PodmanConfig
 	podmanSync    sync.Once
+	abiSupport    = false
 )
 
 // PodmanConfig returns an entities.PodmanConfig built up from
@@ -39,23 +40,31 @@ func newPodmanConfig() {
 
 	var mode entities.EngineMode
 	switch runtime.GOOS {
-	case "darwin":
-		fallthrough
-	case "windows":
+	case "darwin", "windows":
 		mode = entities.TunnelMode
 	case "linux":
-		mode = entities.ABIMode
+		// Some linux clients might only be compiled without ABI
+		// support (e.g., podman-remote).
+		if abiSupport {
+			mode = entities.ABIMode
+		} else {
+			mode = entities.TunnelMode
+		}
 	default:
 		fmt.Fprintf(os.Stderr, "%s is not a supported OS", runtime.GOOS)
 		os.Exit(1)
 	}
 
-	// cobra.Execute() may not be called yet, so we peek at os.Args.
-	for _, v := range os.Args {
-		// Prefix checking works because of how default EngineMode's
-		// have been defined.
-		if strings.HasPrefix(v, "--remote") {
-			mode = entities.TunnelMode
+	// Check if need to fallback to the tunnel mode if --remote is used.
+	if abiSupport && mode == entities.ABIMode {
+		// cobra.Execute() may not be called yet, so we peek at os.Args.
+		for _, v := range os.Args {
+			// Prefix checking works because of how default EngineMode's
+			// have been defined.
+			if strings.HasPrefix(v, "--remote") {
+				mode = entities.TunnelMode
+				break
+			}
 		}
 	}
 
diff --git a/cmd/podman/registry/config_abi.go b/cmd/podman/registry/config_abi.go
new file mode 100644
index 000000000..55430e1bf
--- /dev/null
+++ b/cmd/podman/registry/config_abi.go
@@ -0,0 +1,7 @@
+// +build ABISupport
+
+package registry
+
+func init() {
+	abiSupport = true
+}
diff --git a/cmd/podman/registry/config_tunnel.go b/cmd/podman/registry/config_tunnel.go
new file mode 100644
index 000000000..29e744dac
--- /dev/null
+++ b/cmd/podman/registry/config_tunnel.go
@@ -0,0 +1,7 @@
+// +build !ABISupport
+
+package registry
+
+func init() {
+	abiSupport = false
+}
diff --git a/cmd/podman/registry/registry.go b/cmd/podman/registry/registry.go
index 69e2babfc..71ee2bed0 100644
--- a/cmd/podman/registry/registry.go
+++ b/cmd/podman/registry/registry.go
@@ -2,14 +2,18 @@ package registry
 
 import (
 	"context"
+	"path/filepath"
 
 	"github.com/containers/libpod/pkg/domain/entities"
 	"github.com/containers/libpod/pkg/domain/infra"
+	"github.com/containers/libpod/pkg/rootless"
+	"github.com/containers/libpod/pkg/util"
+	"github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
 )
 
-// DefaultAPIAddress is the default address of the REST socket
-const DefaultAPIAddress = "unix:/run/podman/podman.sock"
+// DefaultRootAPIAddress is the default address of the REST socket
+const DefaultRootAPIAddress = "unix:/run/podman/podman.sock"
 
 // DefaultVarlinkAddress is the default address of the varlink socket
 const DefaultVarlinkAddress = "unix:/run/podman/io.podman"
@@ -98,3 +102,15 @@ func GetContextWithOptions() context.Context {
 func GetContext() context.Context {
 	return Context()
 }
+
+func DefaultAPIAddress() string {
+	if rootless.IsRootless() {
+		xdg, err := util.GetRuntimeDir()
+		if err != nil {
+			logrus.Warnf("Failed to get rootless runtime dir for DefaultAPIAddress: %s", err)
+			return DefaultRootAPIAddress
+		}
+		return "unix:" + filepath.Join(xdg, "podman", "podman.sock")
+	}
+	return DefaultRootAPIAddress
+}
diff --git a/cmd/podman/root.go b/cmd/podman/root.go
index 502b6c03c..7d6f6f823 100644
--- a/cmd/podman/root.go
+++ b/cmd/podman/root.go
@@ -208,7 +208,7 @@ func syslogHook() {
 
 func rootFlags(opts *entities.PodmanConfig, flags *pflag.FlagSet) {
 	// V2 flags
-	flags.StringVarP(&opts.Uri, "remote", "r", "", "URL to access Podman service")
+	flags.StringVarP(&opts.Uri, "remote", "r", registry.DefaultAPIAddress(), "URL to access Podman service")
 	flags.StringSliceVar(&opts.Identities, "identity", []string{}, "path to SSH identity file")
 
 	cfg := opts.Config
diff --git a/cmd/podman/system/service.go b/cmd/podman/system/service.go
index f4b91dd78..552c72f79 100644
--- a/cmd/podman/system/service.go
+++ b/cmd/podman/system/service.go
@@ -139,6 +139,6 @@ func resolveApiURI(_url []string) (string, error) {
 	case srvArgs.Varlink:
 		return registry.DefaultVarlinkAddress, nil
 	default:
-		return registry.DefaultAPIAddress, nil
+		return registry.DefaultRootAPIAddress, nil
 	}
 }