diff options
Diffstat (limited to 'cmd')
| -rw-r--r-- | cmd/podman/cliconfig/config.go | 6 | ||||
| -rw-r--r-- | cmd/podman/commands.go | 1 | ||||
| -rw-r--r-- | cmd/podman/common.go | 4 | ||||
| -rw-r--r-- | cmd/podman/containers_prune.go | 4 | ||||
| -rw-r--r-- | cmd/podman/cp.go | 39 | ||||
| -rw-r--r-- | cmd/podman/main.go | 13 | ||||
| -rw-r--r-- | cmd/podman/main_local.go | 85 | ||||
| -rw-r--r-- | cmd/podman/main_remote.go | 10 | ||||
| -rw-r--r-- | cmd/podman/network_rm.go | 18 | ||||
| -rw-r--r-- | cmd/podman/pause.go | 4 | ||||
| -rw-r--r-- | cmd/podman/push.go | 12 | ||||
| -rw-r--r-- | cmd/podman/remoteclientconfig/config.go | 1 | ||||
| -rw-r--r-- | cmd/podman/remoteclientconfig/configfile_test.go | 14 | ||||
| -rw-r--r-- | cmd/podman/restart.go | 4 | ||||
| -rw-r--r-- | cmd/podman/shared/create.go | 1 | ||||
| -rw-r--r-- | cmd/podman/shared/intermediate.go | 2 | ||||
| -rw-r--r-- | cmd/podman/sign.go | 32 | ||||
| -rw-r--r-- | cmd/podman/trust.go | 16 | ||||
| -rw-r--r-- | cmd/podman/unpause.go | 4 |
19 files changed, 198 insertions, 72 deletions
diff --git a/cmd/podman/cliconfig/config.go b/cmd/podman/cliconfig/config.go index 812cc1f51..b8796f9b3 100644 --- a/cmd/podman/cliconfig/config.go +++ b/cmd/podman/cliconfig/config.go @@ -41,6 +41,7 @@ type MainFlags struct { VarlinkAddress string ConnectionName string RemoteConfigFilePath string + Port int } type AttachValues struct { @@ -280,6 +281,7 @@ type NetworkListValues struct { type NetworkRmValues struct { PodmanCommand + Force bool } type NetworkInspectValues struct { @@ -518,6 +520,10 @@ type SearchValues struct { TlsVerify bool } +type TrustValues struct { + PodmanCommand +} + type SignValues struct { PodmanCommand Directory string diff --git a/cmd/podman/commands.go b/cmd/podman/commands.go index 77c76d1b7..31f1b3ba4 100644 --- a/cmd/podman/commands.go +++ b/cmd/podman/commands.go @@ -33,6 +33,7 @@ func getMainCommands() []*cobra.Command { func getImageSubCommands() []*cobra.Command { return []*cobra.Command{ _signCommand, + _trustCommand, } } diff --git a/cmd/podman/common.go b/cmd/podman/common.go index 9724d18c6..0115e6ef1 100644 --- a/cmd/podman/common.go +++ b/cmd/podman/common.go @@ -135,6 +135,10 @@ func getCreateFlags(c *cliconfig.PodmanCommand) { "cgroup namespace to use", ) createFlags.String( + "cgroups", "enabled", + "control container cgroup configuration", + ) + createFlags.String( "cgroup-parent", "", "Optional parent cgroup for the container", ) diff --git a/cmd/podman/containers_prune.go b/cmd/podman/containers_prune.go index b8a84a0e3..3d0fef37d 100644 --- a/cmd/podman/containers_prune.go +++ b/cmd/podman/containers_prune.go @@ -53,7 +53,7 @@ func pruneContainersCmd(c *cliconfig.PruneContainersValues) error { if err != nil { if errors.Cause(err) == define.ErrNoSuchCtr { if len(c.InputArgs) > 1 { - exitCode = 125 + exitCode = define.ExecErrorCodeGeneric } else { exitCode = 1 } @@ -61,7 +61,7 @@ func pruneContainersCmd(c *cliconfig.PruneContainersValues) error { return err } if len(failures) > 0 { - exitCode = 125 + exitCode = define.ExecErrorCodeGeneric } return printCmdResults(ok, failures) } diff --git a/cmd/podman/cp.go b/cmd/podman/cp.go index 5e1ca8312..7205f9357 100644 --- a/cmd/podman/cp.go +++ b/cmd/podman/cp.go @@ -14,6 +14,7 @@ import ( "github.com/containers/libpod/cmd/podman/libpodruntime" "github.com/containers/libpod/libpod" "github.com/containers/libpod/libpod/define" + "github.com/containers/libpod/pkg/cgroups" "github.com/containers/libpod/pkg/rootless" "github.com/containers/storage" "github.com/containers/storage/pkg/archive" @@ -52,7 +53,7 @@ func init() { cpCommand.Command = _cpCommand flags := cpCommand.Flags() flags.BoolVar(&cpCommand.Extract, "extract", false, "Extract the tar file into the destination directory.") - flags.BoolVar(&cpCommand.Pause, "pause", false, "Pause the container while copying") + flags.BoolVar(&cpCommand.Pause, "pause", copyPause(), "Pause the container while copying") cpCommand.SetHelpTemplate(HelpTemplate()) cpCommand.SetUsageTemplate(UsageTemplate()) } @@ -147,7 +148,6 @@ func copyBetweenHostAndContainer(runtime *libpod.Runtime, src string, dest strin hostOwner := idtools.IDPair{UID: int(hostUID), GID: int(hostGID)} - var glob []string if isFromHostToCtr { if isVol, volDestName, volName := isVolumeDestName(destPath, ctr); isVol { path, err := pathWithVolumeMount(ctr, runtime, volDestName, volName, destPath) @@ -209,13 +209,7 @@ func copyBetweenHostAndContainer(runtime *libpod.Runtime, src string, dest strin srcPath = cleanedPath } } - glob, err = filepath.Glob(srcPath) - if err != nil { - return errors.Wrapf(err, "invalid glob %q", srcPath) - } - if len(glob) == 0 { - glob = append(glob, srcPath) - } + if !filepath.IsAbs(destPath) { dir, err := os.Getwd() if err != nil { @@ -224,19 +218,11 @@ func copyBetweenHostAndContainer(runtime *libpod.Runtime, src string, dest strin destPath = filepath.Join(dir, destPath) } - var lastError error - for _, src := range glob { - if src == "-" { - src = os.Stdin.Name() - extract = true - } - err := copy(src, destPath, dest, idMappingOpts, &destOwner, extract, isFromHostToCtr) - if lastError != nil { - logrus.Error(lastError) - } - lastError = err + if src == "-" { + srcPath = os.Stdin.Name() + extract = true } - return lastError + return copy(srcPath, destPath, dest, idMappingOpts, &destOwner, extract, isFromHostToCtr) } func getUser(mountPoint string, userspec string) (specs.User, error) { @@ -495,3 +481,14 @@ func pathWithBindMountSource(m specs.Mount, path string) (string, error) { } return securejoin.SecureJoin(m.Source, strings.TrimPrefix(path, m.Destination)) } + +func copyPause() bool { + if !remoteclient && rootless.IsRootless() { + cgroupv2, _ := cgroups.IsCgroup2UnifiedMode() + if !cgroupv2 { + logrus.Debugf("defaulting to pause==false on rootless cp in cgroupv1 systems") + return false + } + } + return true +} diff --git a/cmd/podman/main.go b/cmd/podman/main.go index 2b808b2bc..992dbe1d5 100644 --- a/cmd/podman/main.go +++ b/cmd/podman/main.go @@ -8,6 +8,7 @@ import ( "github.com/containers/libpod/cmd/podman/cliconfig" "github.com/containers/libpod/libpod" + "github.com/containers/libpod/libpod/define" _ "github.com/containers/libpod/pkg/hooks/0.1.0" "github.com/containers/libpod/pkg/rootless" "github.com/containers/libpod/version" @@ -20,7 +21,7 @@ import ( // This is populated by the Makefile from the VERSION file // in the repository var ( - exitCode = 125 + exitCode = define.ExecErrorCodeGeneric Ctx context.Context span opentracing.Span closer io.Closer @@ -110,6 +111,11 @@ func before(cmd *cobra.Command, args []string) error { return err } + // check that global opts input is valid + if err := checkInput(); err != nil { + return err + } + // Set log level; if not log-level is provided, default to error logLevel := MainGlobalOpts.LogLevel if logLevel == "" { @@ -152,11 +158,12 @@ func main() { if err := rootCmd.Execute(); err != nil { outputError(err) } else { - // The exitCode modified from 125, indicates an application + // The exitCode modified from define.ExecErrorCodeGeneric, + // indicates an application // running inside of a container failed, as opposed to the // podman command failed. Must exit with that exit code // otherwise command exited correctly. - if exitCode == 125 { + if exitCode == define.ExecErrorCodeGeneric { exitCode = 0 } diff --git a/cmd/podman/main_local.go b/cmd/podman/main_local.go index 0feba609b..917096e17 100644 --- a/cmd/podman/main_local.go +++ b/cmd/podman/main_local.go @@ -5,9 +5,12 @@ package main import ( "context" + "fmt" + "io/ioutil" "log/syslog" "os" "runtime/pprof" + "strconv" "strings" "syscall" @@ -18,6 +21,7 @@ import ( "github.com/containers/libpod/pkg/rootless" "github.com/containers/libpod/pkg/tracing" "github.com/containers/libpod/pkg/util" + "github.com/containers/libpod/utils" "github.com/opentracing/opentracing-go" "github.com/pkg/errors" "github.com/sirupsen/logrus" @@ -119,7 +123,29 @@ func profileOff(cmd *cobra.Command) error { return nil } +func movePauseProcessToScope() error { + pausePidPath, err := util.GetRootlessPauseProcessPidPath() + if err != nil { + return errors.Wrapf(err, "could not get pause process pid file path") + } + + data, err := ioutil.ReadFile(pausePidPath) + if err != nil { + return errors.Wrapf(err, "cannot read pause pid file") + } + pid, err := strconv.ParseUint(string(data), 10, 0) + if err != nil { + return errors.Wrapf(err, "cannot parse pid file %s", pausePidPath) + } + + return utils.RunUnderSystemdScope(int(pid), "user.slice", "podman-pause.scope") +} + func setupRootless(cmd *cobra.Command, args []string) error { + if !rootless.IsRootless() { + return nil + } + matches, err := rootless.ConfigurationMatches() if err != nil { return err @@ -128,9 +154,6 @@ func setupRootless(cmd *cobra.Command, args []string) error { logrus.Warningf("the current user namespace doesn't match the configuration in /etc/subuid or /etc/subgid") logrus.Warningf("you can use `%s system migrate` to recreate the user namespace and restart the containers", os.Args[0]) } - if os.Geteuid() == 0 || cmd == _searchCommand || cmd == _versionCommand || cmd == _mountCommand || cmd == _migrateCommand || strings.HasPrefix(cmd.Use, "help") { - return nil - } podmanCmd := cliconfig.PodmanCommand{ Command: cmd, @@ -139,6 +162,39 @@ func setupRootless(cmd *cobra.Command, args []string) error { Remote: remoteclient, } + runtime, err := libpodruntime.GetRuntime(getContext(), &podmanCmd) + if err != nil { + return errors.Wrapf(err, "could not get runtime") + } + defer runtime.DeferredShutdown(false) + + // do it only after podman has already re-execed and running with uid==0. + if os.Geteuid() == 0 { + ownsCgroup, err := cgroups.UserOwnsCurrentSystemdCgroup() + if err != nil { + return err + } + + if !ownsCgroup { + unitName := fmt.Sprintf("podman-%d.scope", os.Getpid()) + if err := utils.RunUnderSystemdScope(os.Getpid(), "user.slice", unitName); err != nil { + conf, err2 := runtime.GetConfig() + if err2 != nil { + return err2 + } + if conf.CgroupManager == libpod.SystemdCgroupsManager { + logrus.Warnf("Failed to add podman to systemd sandbox cgroup: %v", err) + } else { + logrus.Debugf("Failed to add podman to systemd sandbox cgroup: %v", err) + } + } + } + } + + if os.Geteuid() == 0 || cmd == _searchCommand || cmd == _versionCommand || cmd == _mountCommand || cmd == _migrateCommand || strings.HasPrefix(cmd.Use, "help") { + return nil + } + pausePidPath, err := util.GetRootlessPauseProcessPidPath() if err != nil { return errors.Wrapf(err, "could not get pause process pid file path") @@ -158,13 +214,6 @@ func setupRootless(cmd *cobra.Command, args []string) error { } // if there is no pid file, try to join existing containers, and create a pause process. - - runtime, err := libpodruntime.GetRuntime(getContext(), &podmanCmd) - if err != nil { - return errors.Wrapf(err, "could not get runtime") - } - defer runtime.DeferredShutdown(false) - ctrs, err := runtime.GetRunningContainers() if err != nil { logrus.Errorf(err.Error()) @@ -177,6 +226,17 @@ func setupRootless(cmd *cobra.Command, args []string) error { } became, ret, err := rootless.TryJoinFromFilePaths(pausePidPath, true, paths) + if err := movePauseProcessToScope(); err != nil { + conf, err := runtime.GetConfig() + if err != nil { + return err + } + if conf.CgroupManager == libpod.SystemdCgroupsManager { + logrus.Warnf("Failed to add pause process to systemd sandbox cgroup: %v", err) + } else { + logrus.Debugf("Failed to add pause process to systemd sandbox cgroup: %v", err) + } + } if err != nil { logrus.Errorf(err.Error()) os.Exit(1) @@ -207,3 +267,8 @@ func setUMask() { // Be sure we can create directories with 0755 mode. syscall.Umask(0022) } + +// checkInput can be used to verify any of the globalopt values +func checkInput() error { + return nil +} diff --git a/cmd/podman/main_remote.go b/cmd/podman/main_remote.go index a005e925c..f617422e6 100644 --- a/cmd/podman/main_remote.go +++ b/cmd/podman/main_remote.go @@ -3,6 +3,7 @@ package main import ( + "github.com/pkg/errors" "os/user" "github.com/spf13/cobra" @@ -18,6 +19,7 @@ func init() { rootCmd.PersistentFlags().StringVar(&MainGlobalOpts.ConnectionName, "connection", "", "remote connection name") rootCmd.PersistentFlags().StringVar(&MainGlobalOpts.RemoteConfigFilePath, "remote-config-path", "", "alternate path for configuration file") rootCmd.PersistentFlags().StringVar(&MainGlobalOpts.RemoteUserName, "username", username, "username on the remote host") + rootCmd.PersistentFlags().IntVar(&MainGlobalOpts.Port, "port", 22, "port on remote host") rootCmd.PersistentFlags().StringVar(&MainGlobalOpts.RemoteHost, "remote-host", "", "remote host") // TODO maybe we allow the altering of this for bridge connections? // rootCmd.PersistentFlags().StringVar(&MainGlobalOpts.VarlinkAddress, "varlink-address", adapter.DefaultAddress, "address of the varlink socket") @@ -42,3 +44,11 @@ func setRLimits() error { } func setUMask() {} + +// checkInput can be used to verify any of the globalopt values +func checkInput() error { + if MainGlobalOpts.Port < 0 || MainGlobalOpts.Port > 65536 { + return errors.Errorf("remote port must be between 0 and 65536") + } + return nil +} diff --git a/cmd/podman/network_rm.go b/cmd/podman/network_rm.go index 50bd48cea..41e5dbdab 100644 --- a/cmd/podman/network_rm.go +++ b/cmd/podman/network_rm.go @@ -3,10 +3,13 @@ package main import ( + "fmt" + "github.com/containers/libpod/cmd/podman/cliconfig" "github.com/containers/libpod/pkg/adapter" "github.com/containers/libpod/pkg/rootless" "github.com/pkg/errors" + "github.com/sirupsen/logrus" "github.com/spf13/cobra" ) @@ -31,6 +34,8 @@ func init() { networkrmCommand.Command = _networkrmCommand networkrmCommand.SetHelpTemplate(HelpTemplate()) networkrmCommand.SetUsageTemplate(UsageTemplate()) + flags := networkrmCommand.Flags() + flags.BoolVarP(&networkrmCommand.Force, "force", "f", false, "remove any containers using network") } func networkrmCmd(c *cliconfig.NetworkRmValues) error { @@ -40,9 +45,18 @@ func networkrmCmd(c *cliconfig.NetworkRmValues) error { if len(c.InputArgs) < 1 { return errors.Errorf("at least one network name is required") } - runtime, err := adapter.GetRuntimeNoStore(getContext(), &c.PodmanCommand) + runtime, err := adapter.GetRuntime(getContext(), &c.PodmanCommand) if err != nil { return err } - return runtime.NetworkRemove(c) + deletes, rmErrors, lastErr := runtime.NetworkRemove(getContext(), c) + for _, d := range deletes { + fmt.Println(d) + } + // we only want to print errors if there is more + // than one + for network, removalErr := range rmErrors { + logrus.Errorf("unable to remove %q: %q", network, removalErr) + } + return lastErr } diff --git a/cmd/podman/pause.go b/cmd/podman/pause.go index 3a8f4edb5..247a480e3 100644 --- a/cmd/podman/pause.go +++ b/cmd/podman/pause.go @@ -56,7 +56,7 @@ func pauseCmd(c *cliconfig.PauseValues) error { if err != nil { if errors.Cause(err) == define.ErrNoSuchCtr { if len(c.InputArgs) > 1 { - exitCode = 125 + exitCode = define.ExecErrorCodeGeneric } else { exitCode = 1 } @@ -64,7 +64,7 @@ func pauseCmd(c *cliconfig.PauseValues) error { return err } if len(failures) > 0 { - exitCode = 125 + exitCode = define.ExecErrorCodeGeneric } return printCmdResults(ok, failures) } diff --git a/cmd/podman/push.go b/cmd/podman/push.go index 13ebe8a1f..52fbc652e 100644 --- a/cmd/podman/push.go +++ b/cmd/podman/push.go @@ -86,6 +86,12 @@ func pushCmd(c *cliconfig.PushValues) error { destName = args[1] } + runtime, err := adapter.GetRuntime(getContext(), &c.PodmanCommand) + if err != nil { + return errors.Wrapf(err, "could not create runtime") + } + defer runtime.DeferredShutdown(false) + // --compress and --format can only be used for the "dir" transport splitArg := strings.SplitN(destName, ":", 2) if c.Flag("compress").Changed || c.Flag("format").Changed { @@ -106,12 +112,6 @@ func pushCmd(c *cliconfig.PushValues) error { registryCreds = creds } - runtime, err := adapter.GetRuntime(getContext(), &c.PodmanCommand) - if err != nil { - return errors.Wrapf(err, "could not create runtime") - } - defer runtime.DeferredShutdown(false) - var writer io.Writer if !c.Quiet { writer = os.Stderr diff --git a/cmd/podman/remoteclientconfig/config.go b/cmd/podman/remoteclientconfig/config.go index 01f293ec3..13880a868 100644 --- a/cmd/podman/remoteclientconfig/config.go +++ b/cmd/podman/remoteclientconfig/config.go @@ -12,6 +12,7 @@ type RemoteConnection struct { Destination string `toml:"destination"` Username string `toml:"username"` IsDefault bool `toml:"default"` + Port int `toml:"port"` } // GetConfigFilePath is a simple helper to export the configuration file's diff --git a/cmd/podman/remoteclientconfig/configfile_test.go b/cmd/podman/remoteclientconfig/configfile_test.go index 66e0a4693..ea2224ea7 100644 --- a/cmd/podman/remoteclientconfig/configfile_test.go +++ b/cmd/podman/remoteclientconfig/configfile_test.go @@ -13,11 +13,13 @@ var goodConfig = ` [connections.homer] destination = "192.168.1.1" username = "myuser" +port = 22 default = true [connections.bart] destination = "foobar.com" username = "root" +port = 22 ` var noDest = ` [connections] @@ -26,9 +28,11 @@ var noDest = ` destination = "192.168.1.1" username = "myuser" default = true +port = 22 [connections.bart] username = "root" +port = 22 ` var noUser = ` @@ -36,6 +40,7 @@ var noUser = ` [connections.homer] destination = "192.168.1.1" +port = 22 ` func makeGoodResult() *RemoteConfig { @@ -44,10 +49,12 @@ func makeGoodResult() *RemoteConfig { Destination: "192.168.1.1", Username: "myuser", IsDefault: true, + Port: 22, } goodConnections["bart"] = RemoteConnection{ Destination: "foobar.com", Username: "root", + Port: 22, } var goodResult = RemoteConfig{ Connections: goodConnections, @@ -59,6 +66,7 @@ func makeNoUserResult() *RemoteConfig { var goodConnections = make(map[string]RemoteConnection) goodConnections["homer"] = RemoteConnection{ Destination: "192.168.1.1", + Port: 22, } var goodResult = RemoteConfig{ Connections: goodConnections, @@ -135,7 +143,7 @@ func TestRemoteConfig_GetDefault(t *testing.T) { wantErr bool }{ // A good toml should return the connection that is marked isDefault - {"good", fields{Connections: makeGoodResult().Connections}, &RemoteConnection{"192.168.1.1", "myuser", true}, false}, + {"good", fields{Connections: makeGoodResult().Connections}, &RemoteConnection{"192.168.1.1", "myuser", true, 22}, false}, // If nothing is marked as isDefault and there is more than one connection, error should occur {"nodefault", fields{Connections: noDefault}, nil, true}, // if nothing is marked as isDefault but there is only one connection, the one connection is considered the default @@ -175,9 +183,9 @@ func TestRemoteConfig_GetRemoteConnection(t *testing.T) { wantErr bool }{ // Good connection - {"goodhomer", fields{Connections: makeGoodResult().Connections}, args{name: "homer"}, &RemoteConnection{"192.168.1.1", "myuser", true}, false}, + {"goodhomer", fields{Connections: makeGoodResult().Connections}, args{name: "homer"}, &RemoteConnection{"192.168.1.1", "myuser", true, 22}, false}, // Good connection - {"goodbart", fields{Connections: makeGoodResult().Connections}, args{name: "bart"}, &RemoteConnection{"foobar.com", "root", false}, false}, + {"goodbart", fields{Connections: makeGoodResult().Connections}, args{name: "bart"}, &RemoteConnection{"foobar.com", "root", false, 22}, false}, // Getting an unknown connection should result in error {"noexist", fields{Connections: makeGoodResult().Connections}, args{name: "foobar"}, nil, true}, // Getting a connection when there are none should result in an error diff --git a/cmd/podman/restart.go b/cmd/podman/restart.go index 494a9ec06..c97fb0dc1 100644 --- a/cmd/podman/restart.go +++ b/cmd/podman/restart.go @@ -61,7 +61,7 @@ func restartCmd(c *cliconfig.RestartValues) error { if err != nil { if errors.Cause(err) == define.ErrNoSuchCtr { if len(c.InputArgs) > 1 { - exitCode = 125 + exitCode = define.ExecErrorCodeGeneric } else { exitCode = 1 } @@ -69,7 +69,7 @@ func restartCmd(c *cliconfig.RestartValues) error { return err } if len(failures) > 0 { - exitCode = 125 + exitCode = define.ExecErrorCodeGeneric } return printCmdResults(ok, failures) } diff --git a/cmd/podman/shared/create.go b/cmd/podman/shared/create.go index acbd53dba..fc8197721 100644 --- a/cmd/podman/shared/create.go +++ b/cmd/podman/shared/create.go @@ -695,6 +695,7 @@ func ParseCreateOpts(ctx context.Context, c *GenericCLIResults, runtime *libpod. CapDrop: c.StringSlice("cap-drop"), CidFile: c.String("cidfile"), Cgroupns: c.String("cgroupns"), + Cgroups: c.String("cgroups"), CgroupParent: c.String("cgroup-parent"), Command: command, UserCommand: userCommand, diff --git a/cmd/podman/shared/intermediate.go b/cmd/podman/shared/intermediate.go index 5aaac8687..cccdd1bea 100644 --- a/cmd/podman/shared/intermediate.go +++ b/cmd/podman/shared/intermediate.go @@ -370,6 +370,8 @@ func NewIntermediateLayer(c *cliconfig.PodmanCommand, remote bool) GenericCLIRes m["blkio-weight-device"] = newCRStringSlice(c, "blkio-weight-device") m["cap-add"] = newCRStringSlice(c, "cap-add") m["cap-drop"] = newCRStringSlice(c, "cap-drop") + m["cgroupns"] = newCRString(c, "cgroupns") + m["cgroups"] = newCRString(c, "cgroups") m["cgroup-parent"] = newCRString(c, "cgroup-parent") m["cidfile"] = newCRString(c, "cidfile") m["conmon-pidfile"] = newCRString(c, "conmon-pidfile") diff --git a/cmd/podman/sign.go b/cmd/podman/sign.go index 63ba9b904..79bc3f02b 100644 --- a/cmd/podman/sign.go +++ b/cmd/podman/sign.go @@ -14,6 +14,7 @@ import ( "github.com/containers/libpod/cmd/podman/cliconfig" "github.com/containers/libpod/cmd/podman/libpodruntime" "github.com/containers/libpod/libpod/image" + "github.com/containers/libpod/pkg/rootless" "github.com/containers/libpod/pkg/trust" "github.com/containers/libpod/pkg/util" "github.com/pkg/errors" @@ -130,22 +131,33 @@ func signCmd(c *cliconfig.SignValues) error { return errors.Wrapf(err, "error pulling image %s", signimage) } - registryInfo := trust.HaveMatchRegistry(rawSource.Reference().DockerReference().String(), registryConfigs) - if registryInfo != nil { + if rootless.IsRootless() { if sigStoreDir == "" { - sigStoreDir = registryInfo.SigStoreStaging + runtimeConfig, err := runtime.GetConfig() + if err != nil { + return err + } + + sigStoreDir = filepath.Join(filepath.Dir(runtimeConfig.StorageConfig.GraphRoot), "sigstore") + } + } else { + registryInfo := trust.HaveMatchRegistry(rawSource.Reference().DockerReference().String(), registryConfigs) + if registryInfo != nil { if sigStoreDir == "" { - sigStoreDir = registryInfo.SigStore + sigStoreDir = registryInfo.SigStoreStaging + if sigStoreDir == "" { + sigStoreDir = registryInfo.SigStore + } + } + sigStoreDir, err = isValidSigStoreDir(sigStoreDir) + if err != nil { + return errors.Wrapf(err, "invalid signature storage %s", sigStoreDir) } } - sigStoreDir, err = isValidSigStoreDir(sigStoreDir) - if err != nil { - return errors.Wrapf(err, "invalid signature storage %s", sigStoreDir) + if sigStoreDir == "" { + sigStoreDir = SignatureStoreDir } } - if sigStoreDir == "" { - sigStoreDir = SignatureStoreDir - } repos, err := newImage.RepoDigests() if err != nil { diff --git a/cmd/podman/trust.go b/cmd/podman/trust.go index 0a79e1570..f13af96bc 100644 --- a/cmd/podman/trust.go +++ b/cmd/podman/trust.go @@ -6,22 +6,20 @@ import ( ) var ( + trustCommand cliconfig.TrustValues trustDescription = `Manages which registries you trust as a source of container images based on its location. - The location is determined by the transport and the registry host of the image. Using this container image docker://docker.io/library/busybox as an example, docker is the transport and docker.io is the registry host.` - trustCommand = cliconfig.PodmanCommand{ - Command: &cobra.Command{ - Use: "trust", - Short: "Manage container image trust policy", - Long: trustDescription, - RunE: commandRunE(), - }, + _trustCommand = &cobra.Command{ + Use: "trust", + Short: "Manage container image trust policy", + Long: trustDescription, + RunE: commandRunE(), } ) func init() { + trustCommand.Command = _trustCommand trustCommand.SetHelpTemplate(HelpTemplate()) trustCommand.SetUsageTemplate(UsageTemplate()) trustCommand.AddCommand(getTrustSubCommands()...) - imageCommand.AddCommand(trustCommand.Command) } diff --git a/cmd/podman/unpause.go b/cmd/podman/unpause.go index 382b64e97..ae24b0e66 100644 --- a/cmd/podman/unpause.go +++ b/cmd/podman/unpause.go @@ -55,7 +55,7 @@ func unpauseCmd(c *cliconfig.UnpauseValues) error { if err != nil { if errors.Cause(err) == define.ErrNoSuchCtr { if len(c.InputArgs) > 1 { - exitCode = 125 + exitCode = define.ExecErrorCodeGeneric } else { exitCode = 1 } @@ -63,7 +63,7 @@ func unpauseCmd(c *cliconfig.UnpauseValues) error { return err } if len(failures) > 0 { - exitCode = 125 + exitCode = define.ExecErrorCodeGeneric } return printCmdResults(ok, failures) } |