summaryrefslogtreecommitdiff
path: root/cmd
diff options
context:
space:
mode:
Diffstat (limited to 'cmd')
-rw-r--r--cmd/podman/build.go3
-rw-r--r--cmd/podman/common.go20
-rw-r--r--cmd/podman/cp.go4
-rw-r--r--cmd/podman/create.go5
-rw-r--r--cmd/podman/images.go2
-rw-r--r--cmd/podman/info.go10
-rw-r--r--cmd/podman/libpodruntime/runtime.go10
-rw-r--r--cmd/podman/load.go7
-rw-r--r--cmd/podman/login.go41
-rw-r--r--cmd/podman/logout.go14
-rw-r--r--cmd/podman/main_local.go38
-rw-r--r--cmd/podman/mount.go2
-rw-r--r--cmd/podman/play_kube.go24
-rw-r--r--cmd/podman/pull.go21
-rw-r--r--cmd/podman/push.go18
-rw-r--r--cmd/podman/run.go2
-rw-r--r--cmd/podman/runlabel.go20
-rw-r--r--cmd/podman/search.go9
-rw-r--r--cmd/podman/shared/create.go7
-rw-r--r--cmd/podman/shared/create_cli.go7
-rw-r--r--cmd/podman/varlink/io.podman.varlink14
-rw-r--r--cmd/podman/version.go2
22 files changed, 189 insertions, 91 deletions
diff --git a/cmd/podman/build.go b/cmd/podman/build.go
index 24be9bb46..6e70c6540 100644
--- a/cmd/podman/build.go
+++ b/cmd/podman/build.go
@@ -43,7 +43,7 @@ var (
return buildCmd(&buildCommand)
},
Example: `podman build .
- podman build --cert-dir ~/auth --creds=username:password -t imageName -f Dockerfile.simple .
+ podman build --creds=username:password -t imageName -f Dockerfile.simple .
podman build --layers --force-rm --tag imageName .`,
}
)
@@ -72,6 +72,7 @@ func init() {
flags.AddFlagSet(&budFlags)
flags.AddFlagSet(&layerFlags)
flags.AddFlagSet(&fromAndBugFlags)
+ flags.MarkHidden("signature-policy")
}
func getDockerfiles(files []string) []string {
diff --git a/cmd/podman/common.go b/cmd/podman/common.go
index c0bcaa5c5..054b01247 100644
--- a/cmd/podman/common.go
+++ b/cmd/podman/common.go
@@ -4,6 +4,7 @@ import (
"context"
"fmt"
"os"
+ "path/filepath"
"strings"
"github.com/containers/buildah"
@@ -163,6 +164,10 @@ func getCreateFlags(c *cliconfig.PodmanCommand) {
"Attach to STDIN, STDOUT or STDERR (default [])",
)
createFlags.String(
+ "authfile", getAuthFile(""),
+ "Path of the authentication file. Use REGISTRY_AUTH_FILE environment variable to override",
+ )
+ createFlags.String(
"blkio-weight", "",
"Block IO weight (relative weight) accepts a weight value between 10 and 1000.",
)
@@ -512,7 +517,7 @@ func getCreateFlags(c *cliconfig.PodmanCommand) {
"Username or UID (format: <name|uid>[:<group|gid>])",
)
createFlags.String(
- "userns", "",
+ "userns", os.Getenv("PODMAN_USERNS"),
"User namespace to use",
)
createFlags.String(
@@ -553,7 +558,18 @@ func getAuthFile(authfile string) string {
if authfile != "" {
return authfile
}
- return os.Getenv("REGISTRY_AUTH_FILE")
+ if remote {
+ return ""
+ }
+ authfile = os.Getenv("REGISTRY_AUTH_FILE")
+ if authfile != "" {
+ return authfile
+ }
+ runtimeDir := os.Getenv("XDG_RUNTIME_DIR")
+ if runtimeDir != "" {
+ return filepath.Join(runtimeDir, "containers/auth.json")
+ }
+ return ""
}
// scrubServer removes 'http://' or 'https://' from the front of the
diff --git a/cmd/podman/cp.go b/cmd/podman/cp.go
index 4cb8a8c54..8240cc193 100644
--- a/cmd/podman/cp.go
+++ b/cmd/podman/cp.go
@@ -272,6 +272,10 @@ func copy(src, destPath, dest string, idMappingOpts storage.IDMappingOptions, ch
}
return nil
}
+
+ if destDirIsExist || strings.HasSuffix(dest, string(os.PathSeparator)) {
+ destPath = filepath.Join(destPath, filepath.Base(srcPath))
+ }
// Copy the file, preserving attributes.
logrus.Debugf("copying %q to %q", srcPath, destPath)
if err = copyFileWithTar(srcPath, destPath); err != nil {
diff --git a/cmd/podman/create.go b/cmd/podman/create.go
index cb3ba14c5..2351f5860 100644
--- a/cmd/podman/create.go
+++ b/cmd/podman/create.go
@@ -7,6 +7,7 @@ import (
"github.com/containers/libpod/pkg/adapter"
"github.com/opentracing/opentracing-go"
"github.com/pkg/errors"
+ "github.com/sirupsen/logrus"
"github.com/spf13/cobra"
)
@@ -72,6 +73,10 @@ func createInit(c *cliconfig.PodmanCommand) error {
defer span.Finish()
}
+ if c.IsSet("privileged") && c.IsSet("security-opt") {
+ logrus.Warn("setting security options with --privileged has no effect")
+ }
+
// Docker-compatibility: the "-h" flag for run/create is reserved for
// the hostname (see https://github.com/containers/libpod/issues/1367).
diff --git a/cmd/podman/images.go b/cmd/podman/images.go
index 1c46571c3..3f755efc1 100644
--- a/cmd/podman/images.go
+++ b/cmd/podman/images.go
@@ -362,7 +362,7 @@ func CreateFilterFuncs(ctx context.Context, r *adapter.LocalRuntime, filters []s
var filterFuncs []imagefilters.ResultFilter
for _, filter := range filters {
splitFilter := strings.Split(filter, "=")
- if len(splitFilter) != 2 {
+ if len(splitFilter) < 2 {
return nil, errors.Errorf("invalid filter syntax %s", filter)
}
switch splitFilter[0] {
diff --git a/cmd/podman/info.go b/cmd/podman/info.go
index a6fce7fcb..823303354 100644
--- a/cmd/podman/info.go
+++ b/cmd/podman/info.go
@@ -10,6 +10,7 @@ import (
"github.com/containers/libpod/pkg/adapter"
"github.com/containers/libpod/version"
"github.com/pkg/errors"
+ "github.com/sirupsen/logrus"
"github.com/spf13/cobra"
)
@@ -60,7 +61,16 @@ func infoCmd(c *cliconfig.InfoValues) error {
if err != nil {
return errors.Wrapf(err, "error getting info")
}
+
if runtime.Remote {
+ endpoint, err := runtime.RemoteEndpoint()
+ if err != nil {
+ logrus.Errorf("Failed to obtain server connection: %s", err.Error())
+ } else {
+ remoteClientInfo["Connection"] = endpoint.Connection
+ remoteClientInfo["Connection Type"] = endpoint.Type.String()
+ }
+
remoteClientInfo["RemoteAPI Version"] = version.RemoteAPIVersion
remoteClientInfo["Podman Version"] = version.Version
remoteClientInfo["OS Arch"] = fmt.Sprintf("%s/%s", rt.GOOS, rt.GOARCH)
diff --git a/cmd/podman/libpodruntime/runtime.go b/cmd/podman/libpodruntime/runtime.go
index b533dc056..898c81515 100644
--- a/cmd/podman/libpodruntime/runtime.go
+++ b/cmd/podman/libpodruntime/runtime.go
@@ -5,6 +5,7 @@ import (
"github.com/containers/libpod/cmd/podman/cliconfig"
"github.com/containers/libpod/libpod"
+ "github.com/containers/libpod/pkg/namespaces"
"github.com/containers/libpod/pkg/rootless"
"github.com/containers/libpod/pkg/util"
"github.com/containers/storage"
@@ -37,11 +38,12 @@ func getRuntime(ctx context.Context, c *cliconfig.PodmanCommand, renumber bool,
subgidname := c.Flags().Lookup("subgidname")
if (uidmapFlag != nil && gidmapFlag != nil && subuidname != nil && subgidname != nil) &&
(uidmapFlag.Changed || gidmapFlag.Changed || subuidname.Changed || subgidname.Changed) {
+ userns, _ := c.Flags().GetString("userns")
uidmapVal, _ := c.Flags().GetStringSlice("uidmap")
gidmapVal, _ := c.Flags().GetStringSlice("gidmap")
subuidVal, _ := c.Flags().GetString("subuidname")
subgidVal, _ := c.Flags().GetString("subgidname")
- mappings, err := util.ParseIDMapping(uidmapVal, gidmapVal, subuidVal, subgidVal)
+ mappings, err := util.ParseIDMapping(namespaces.UsernsMode(userns), uidmapVal, gidmapVal, subuidVal, subgidVal)
if err != nil {
return nil, err
}
@@ -107,7 +109,11 @@ func getRuntime(ctx context.Context, c *cliconfig.PodmanCommand, renumber bool,
if c.Flags().Changed("cgroup-manager") {
options = append(options, libpod.WithCgroupManager(c.GlobalFlags.CGroupManager))
} else {
- if rootless.IsRootless() {
+ unified, err := util.IsCgroup2UnifiedMode()
+ if err != nil {
+ return nil, err
+ }
+ if rootless.IsRootless() && !unified {
options = append(options, libpod.WithCgroupManager("cgroupfs"))
}
}
diff --git a/cmd/podman/load.go b/cmd/podman/load.go
index f3bbed48f..0c41eb792 100644
--- a/cmd/podman/load.go
+++ b/cmd/podman/load.go
@@ -40,8 +40,11 @@ func init() {
flags := loadCommand.Flags()
flags.StringVarP(&loadCommand.Input, "input", "i", "", "Read from specified archive file (default: stdin)")
flags.BoolVarP(&loadCommand.Quiet, "quiet", "q", false, "Suppress the output")
- flags.StringVar(&loadCommand.SignaturePolicy, "signature-policy", "", "Pathname of signature policy file (not usually used)")
-
+ // Disabled flags for the remote client
+ if !remote {
+ flags.StringVar(&loadCommand.SignaturePolicy, "signature-policy", "", "Pathname of signature policy file (not usually used)")
+ flags.MarkHidden("signature-policy")
+ }
}
// loadCmd gets the image/file to be loaded from the command line
diff --git a/cmd/podman/login.go b/cmd/podman/login.go
index 6bf148cca..3a78adadc 100644
--- a/cmd/podman/login.go
+++ b/cmd/podman/login.go
@@ -32,25 +32,30 @@ var (
return loginCmd(&loginCommand)
},
Example: `podman login -u testuser -p testpassword localhost:5000
- podman login --authfile authdir/myauths.json quay.io
podman login -u testuser -p testpassword localhost:5000`,
}
)
func init() {
+ if !remote {
+ _loginCommand.Example = fmt.Sprintf("%s\n podman login --authfile authdir/myauths.json quay.io", _loginCommand.Example)
+
+ }
loginCommand.Command = _loginCommand
loginCommand.SetHelpTemplate(HelpTemplate())
loginCommand.SetUsageTemplate(UsageTemplate())
flags := loginCommand.Flags()
- flags.StringVar(&loginCommand.Authfile, "authfile", "", "Path of the authentication file. Default is ${XDG_RUNTIME_DIR}/containers/auth.json. Use REGISTRY_AUTH_FILE environment variable to override")
- flags.StringVar(&loginCommand.CertDir, "cert-dir", "", "Pathname of a directory containing TLS certificates and keys used to connect to the registry")
flags.BoolVar(&loginCommand.GetLogin, "get-login", true, "Return the current login user for the registry")
flags.StringVarP(&loginCommand.Password, "password", "p", "", "Password for registry")
- flags.BoolVar(&loginCommand.TlsVerify, "tls-verify", true, "Require HTTPS and verify certificates when contacting registries")
flags.StringVarP(&loginCommand.Username, "username", "u", "", "Username for registry")
flags.BoolVar(&loginCommand.StdinPassword, "password-stdin", false, "Take the password from stdin")
-
+ // Disabled flags for the remote client
+ if !remote {
+ flags.StringVar(&loginCommand.Authfile, "authfile", getAuthFile(""), "Path of the authentication file. Use REGISTRY_AUTH_FILE environment variable to override")
+ flags.StringVar(&loginCommand.CertDir, "cert-dir", "", "Pathname of a directory containing TLS certificates and keys used to connect to the registry")
+ flags.BoolVar(&loginCommand.TlsVerify, "tls-verify", true, "Require HTTPS and verify certificates when contacting registries")
+ }
}
// loginCmd uses the authentication package to store a user's authenticated credentials
@@ -64,9 +69,8 @@ func loginCmd(c *cliconfig.LoginValues) error {
return errors.Errorf("please specify a registry to login to")
}
server := registryFromFullName(scrubServer(args[0]))
- authfile := getAuthFile(c.Authfile)
- sc := image.GetSystemContext("", authfile, false)
+ sc := image.GetSystemContext("", c.Authfile, false)
if c.Flag("tls-verify").Changed {
sc.DockerInsecureSkipTLSVerify = types.NewOptionalBool(!c.TlsVerify)
}
@@ -74,21 +78,6 @@ func loginCmd(c *cliconfig.LoginValues) error {
sc.DockerCertPath = c.CertDir
}
- if c.Flag("get-login").Changed {
- user, err := config.GetUserLoggedIn(sc, server)
-
- if err != nil {
- return errors.Wrapf(err, "unable to check for login user")
- }
-
- if user == "" {
- return errors.Errorf("not logged into %s", server)
- }
-
- fmt.Printf("%s\n", user)
- return nil
- }
-
// username of user logged in to server (if one exists)
userFromAuthFile, passFromAuthFile, err := config.GetAuthentication(sc, server)
// Do not return error if no credentials found in credHelpers, new credentials will be stored by config.SetAuthentication
@@ -96,6 +85,14 @@ func loginCmd(c *cliconfig.LoginValues) error {
return errors.Wrapf(err, "error reading auth file")
}
+ if c.Flag("get-login").Changed {
+ if userFromAuthFile == "" {
+ return errors.Errorf("not logged into %s", server)
+ }
+ fmt.Printf("%s\n", userFromAuthFile)
+ return nil
+ }
+
ctx := getContext()
password := c.Password
diff --git a/cmd/podman/logout.go b/cmd/podman/logout.go
index ec581a098..5df838bba 100644
--- a/cmd/podman/logout.go
+++ b/cmd/podman/logout.go
@@ -24,20 +24,23 @@ var (
logoutCommand.Remote = remoteclient
return logoutCmd(&logoutCommand)
},
- Example: `podman logout docker.io
- podman logout --authfile authdir/myauths.json docker.io
+ Example: `podman logout quay.io
podman logout --all`,
}
)
func init() {
+ if !remote {
+ _logoutCommand.Example = fmt.Sprintf("%s\n podman logout --authfile authdir/myauths.json quay.io", _logoutCommand.Example)
+
+ }
logoutCommand.Command = _logoutCommand
logoutCommand.SetHelpTemplate(HelpTemplate())
logoutCommand.SetUsageTemplate(UsageTemplate())
flags := logoutCommand.Flags()
flags.BoolVarP(&logoutCommand.All, "all", "a", false, "Remove the cached credentials for all registries in the auth file")
- flags.StringVar(&logoutCommand.Authfile, "authfile", "", "Path of the authentication file. Default is ${XDG_RUNTIME_DIR}/containers/auth.json. Use REGISTRY_AUTH_FILE environment variable to override")
-
+ flags.StringVar(&logoutCommand.Authfile, "authfile", getAuthFile(""), "Path of the authentication file. Use REGISTRY_AUTH_FILE environment variable to override")
+ markFlagHiddenForRemoteClient("authfile", flags)
}
// logoutCmd uses the authentication package to remove the authenticated of a registry
@@ -54,9 +57,8 @@ func logoutCmd(c *cliconfig.LogoutValues) error {
if len(args) == 1 {
server = scrubServer(args[0])
}
- authfile := getAuthFile(c.Authfile)
- sc := image.GetSystemContext("", authfile, false)
+ sc := image.GetSystemContext("", c.Authfile, false)
if c.All {
if err := config.RemoveAllAuthentication(sc); err != nil {
diff --git a/cmd/podman/main_local.go b/cmd/podman/main_local.go
index 7452965a2..5af05a11e 100644
--- a/cmd/podman/main_local.go
+++ b/cmd/podman/main_local.go
@@ -16,6 +16,7 @@ import (
"github.com/containers/libpod/cmd/podman/libpodruntime"
"github.com/containers/libpod/pkg/rootless"
"github.com/containers/libpod/pkg/tracing"
+ "github.com/containers/libpod/pkg/util"
"github.com/opentracing/opentracing-go"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
@@ -113,6 +114,35 @@ func setupRootless(cmd *cobra.Command, args []string) error {
MainGlobalOpts,
remoteclient,
}
+
+ pausePidPath, err := util.GetRootlessPauseProcessPidPath()
+ if err != nil {
+ return errors.Wrapf(err, "could not get pause process pid file path")
+ }
+
+ data, err := ioutil.ReadFile(pausePidPath)
+ if err != nil && !os.IsNotExist(err) {
+ return errors.Wrapf(err, "cannot read pause process pid file %s", pausePidPath)
+ }
+ if err == nil {
+ pausePid, err := strconv.Atoi(string(data))
+ if err != nil {
+ return errors.Wrapf(err, "cannot parse pause pid file %s", pausePidPath)
+ }
+ became, ret, err := rootless.JoinUserAndMountNS(uint(pausePid), "")
+ if err != nil {
+ logrus.Errorf("cannot join pause process pid %d. You may need to remove %s and stop all containers", pausePid, pausePidPath)
+ logrus.Errorf("you can use `system migrate` to recreate the pause process")
+ logrus.Errorf(err.Error())
+ os.Exit(1)
+ }
+ if became {
+ os.Exit(ret)
+ }
+ }
+
+ // if there is no pid file, try to join existing containers, and create a pause process.
+
runtime, err := libpodruntime.GetRuntime(getContext(), &podmanCmd)
if err != nil {
return errors.Wrapf(err, "could not get runtime")
@@ -127,20 +157,20 @@ func setupRootless(cmd *cobra.Command, args []string) error {
var became bool
var ret int
if len(ctrs) == 0 {
- became, ret, err = rootless.BecomeRootInUserNS()
+ became, ret, err = rootless.BecomeRootInUserNS(pausePidPath)
} else {
for _, ctr := range ctrs {
data, err := ioutil.ReadFile(ctr.Config().ConmonPidFile)
if err != nil {
logrus.Errorf(err.Error())
- os.Exit(1)
+ continue
}
conmonPid, err := strconv.Atoi(string(data))
if err != nil {
logrus.Errorf(err.Error())
- os.Exit(1)
+ continue
}
- became, ret, err = rootless.JoinUserAndMountNS(uint(conmonPid))
+ became, ret, err = rootless.JoinUserAndMountNS(uint(conmonPid), pausePidPath)
if err == nil {
break
}
diff --git a/cmd/podman/mount.go b/cmd/podman/mount.go
index 7c9150d1b..662fb0a28 100644
--- a/cmd/podman/mount.go
+++ b/cmd/podman/mount.go
@@ -78,7 +78,7 @@ func mountCmd(c *cliconfig.MountValues) error {
return fmt.Errorf("cannot mount using driver %s in rootless mode", driver)
}
- became, ret, err := rootless.BecomeRootInUserNS()
+ became, ret, err := rootless.BecomeRootInUserNS("")
if err != nil {
return err
}
diff --git a/cmd/podman/play_kube.go b/cmd/podman/play_kube.go
index e778bafb9..b0f4a44eb 100644
--- a/cmd/podman/play_kube.go
+++ b/cmd/podman/play_kube.go
@@ -47,22 +47,28 @@ var (
playKubeCommand.Remote = remoteclient
return playKubeCmd(&playKubeCommand)
},
- Example: `podman play kube demo.yml
- podman play kube --cert-dir /mycertsdir --tls-verify=true --quiet myWebPod`,
+ Example: `podman play kube demo.yml`,
}
)
func init() {
+ if !remote {
+ _playKubeCommand.Example = fmt.Sprintf("%s\n podman play kube --cert-dir /mycertsdir --tls-verify=true --quiet myWebPod", _playKubeCommand.Example)
+ }
playKubeCommand.Command = _playKubeCommand
playKubeCommand.SetHelpTemplate(HelpTemplate())
playKubeCommand.SetUsageTemplate(UsageTemplate())
flags := playKubeCommand.Flags()
- flags.StringVar(&playKubeCommand.Authfile, "authfile", "", "Path of the authentication file. Default is ${XDG_RUNTIME_DIR}/containers/auth.json. Use REGISTRY_AUTH_FILE environment variable to override")
- flags.StringVar(&playKubeCommand.CertDir, "cert-dir", "", "`Pathname` of a directory containing TLS certificates and keys")
flags.StringVar(&playKubeCommand.Creds, "creds", "", "`Credentials` (USERNAME:PASSWORD) to use for authenticating to a registry")
flags.BoolVarP(&playKubeCommand.Quiet, "quiet", "q", false, "Suppress output information when pulling images")
- flags.StringVar(&playKubeCommand.SignaturePolicy, "signature-policy", "", "`Pathname` of signature policy file (not usually used)")
- flags.BoolVar(&playKubeCommand.TlsVerify, "tls-verify", true, "Require HTTPS and verify certificates when contacting registries")
+ // Disabled flags for the remote client
+ if !remote {
+ flags.StringVar(&playKubeCommand.Authfile, "authfile", getAuthFile(""), "Path of the authentication file. Use REGISTRY_AUTH_FILE environment variable to override")
+ flags.StringVar(&playKubeCommand.CertDir, "cert-dir", "", "`Pathname` of a directory containing TLS certificates and keys")
+ flags.StringVar(&playKubeCommand.SignaturePolicy, "signature-policy", "", "`Pathname` of signature policy file (not usually used)")
+ flags.BoolVar(&playKubeCommand.TlsVerify, "tls-verify", true, "Require HTTPS and verify certificates when contacting registries")
+ flags.MarkHidden("signature-policy")
+ }
}
func playKubeCmd(c *cliconfig.KubePlayValues) error {
@@ -217,7 +223,7 @@ func playKubeYAMLCmd(c *cliconfig.KubePlayValues, ctx context.Context, runtime *
if err != nil {
return pod, err
}
- createConfig, err := kubeContainerToCreateConfig(ctx, container, runtime, newImage, namespaces, volumes)
+ createConfig, err := kubeContainerToCreateConfig(ctx, container, runtime, newImage, namespaces, volumes, pod.ID())
if err != nil {
return pod, err
}
@@ -274,7 +280,7 @@ func getPodPorts(containers []v1.Container) []ocicni.PortMapping {
}
// kubeContainerToCreateConfig takes a v1.Container and returns a createconfig describing a container
-func kubeContainerToCreateConfig(ctx context.Context, containerYAML v1.Container, runtime *libpod.Runtime, newImage *image.Image, namespaces map[string]string, volumes map[string]string) (*createconfig.CreateConfig, error) {
+func kubeContainerToCreateConfig(ctx context.Context, containerYAML v1.Container, runtime *libpod.Runtime, newImage *image.Image, namespaces map[string]string, volumes map[string]string, podID string) (*createconfig.CreateConfig, error) {
var (
containerConfig createconfig.CreateConfig
)
@@ -288,6 +294,8 @@ func kubeContainerToCreateConfig(ctx context.Context, containerYAML v1.Container
containerConfig.Tty = containerYAML.TTY
containerConfig.WorkDir = containerYAML.WorkingDir
+ containerConfig.Pod = podID
+
imageData, _ := newImage.Inspect(ctx)
containerConfig.User = "0"
diff --git a/cmd/podman/pull.go b/cmd/podman/pull.go
index f6a5beb17..115f437d8 100644
--- a/cmd/podman/pull.go
+++ b/cmd/podman/pull.go
@@ -36,28 +36,31 @@ var (
return pullCmd(&pullCommand)
},
Example: `podman pull imageName
- podman pull --cert-dir image/certs --authfile temp-auths/myauths.json docker://docker.io/myrepo/finaltest
podman pull fedora:latest`,
}
)
func init() {
+
+ if !remote {
+ _pullCommand.Example = fmt.Sprintf("%s\n podman pull --cert-dir image/certs --authfile temp-auths/myauths.json docker://docker.io/myrepo/finaltest", _pullCommand.Example)
+
+ }
pullCommand.Command = _pullCommand
pullCommand.SetHelpTemplate(HelpTemplate())
pullCommand.SetUsageTemplate(UsageTemplate())
flags := pullCommand.Flags()
flags.BoolVar(&pullCommand.AllTags, "all-tags", false, "All tagged images in the repository will be pulled")
- flags.StringVar(&pullCommand.CertDir, "cert-dir", "", "`Pathname` of a directory containing TLS certificates and keys")
flags.StringVar(&pullCommand.Creds, "creds", "", "`Credentials` (USERNAME:PASSWORD) to use for authenticating to a registry")
flags.BoolVarP(&pullCommand.Quiet, "quiet", "q", false, "Suppress output information when pulling images")
-
// Disabled flags for the remote client
if !remote {
- flags.StringVar(&pullCommand.Authfile, "authfile", "", "Path of the authentication file. Default is ${XDG_RUNTIME_DIR}/containers/auth.json. Use REGISTRY_AUTH_FILE environment variable to override")
+ flags.StringVar(&pullCommand.Authfile, "authfile", getAuthFile(""), "Path of the authentication file. Use REGISTRY_AUTH_FILE environment variable to override")
+ flags.StringVar(&pullCommand.CertDir, "cert-dir", "", "`Pathname` of a directory containing TLS certificates and keys")
flags.StringVar(&pullCommand.SignaturePolicy, "signature-policy", "", "`Pathname` of signature policy file (not usually used)")
flags.BoolVar(&pullCommand.TlsVerify, "tls-verify", true, "Require HTTPS and verify certificates when contacting registries")
+ flags.MarkHidden("signature-policy")
}
-
}
// pullCmd gets the data from the command line and calls pullImage
@@ -138,8 +141,6 @@ func pullCmd(c *cliconfig.PullValues) (retError error) {
return nil
}
- authfile := getAuthFile(c.String("authfile"))
-
// FIXME: the default pull consults the registries.conf's search registries
// while the all-tags pull does not. This behavior must be fixed in the
// future and span across c/buildah, c/image and c/libpod to avoid redundant
@@ -148,7 +149,7 @@ func pullCmd(c *cliconfig.PullValues) (retError error) {
// See https://bugzilla.redhat.com/show_bug.cgi?id=1701922 for background
// information.
if !c.Bool("all-tags") {
- newImage, err := runtime.New(getContext(), imgArg, c.SignaturePolicy, authfile, writer, &dockerRegistryOptions, image.SigningOptions{}, true, nil)
+ newImage, err := runtime.New(getContext(), imgArg, c.SignaturePolicy, c.Authfile, writer, &dockerRegistryOptions, image.SigningOptions{}, true, nil)
if err != nil {
return errors.Wrapf(err, "error pulling image %q", imgArg)
}
@@ -158,7 +159,7 @@ func pullCmd(c *cliconfig.PullValues) (retError error) {
// FIXME: all-tags should use the libpod backend instead of baking its own bread.
spec := imgArg
- systemContext := image.GetSystemContext("", authfile, false)
+ systemContext := image.GetSystemContext("", c.Authfile, false)
srcRef, err := alltransports.ParseImageName(spec)
if err != nil {
dockerTransport := "docker://"
@@ -186,7 +187,7 @@ func pullCmd(c *cliconfig.PullValues) (retError error) {
var foundIDs []string
foundImage := true
for _, name := range names {
- newImage, err := runtime.New(getContext(), name, c.String("signature-policy"), authfile, writer, &dockerRegistryOptions, image.SigningOptions{}, true, nil)
+ newImage, err := runtime.New(getContext(), name, c.SignaturePolicy, c.Authfile, writer, &dockerRegistryOptions, image.SigningOptions{}, true, nil)
if err != nil {
logrus.Errorf("error pulling image %q", name)
foundImage = false
diff --git a/cmd/podman/push.go b/cmd/podman/push.go
index ee14b15e2..497820156 100644
--- a/cmd/podman/push.go
+++ b/cmd/podman/push.go
@@ -35,18 +35,20 @@ var (
return pushCmd(&pushCommand)
},
Example: `podman push imageID docker://registry.example.com/repository:tag
- podman push imageID oci-archive:/path/to/layout:image:tag
- podman push --authfile temp-auths/myauths.json alpine docker://docker.io/myrepo/alpine`,
+ podman push imageID oci-archive:/path/to/layout:image:tag`,
}
)
func init() {
+ if !remote {
+ _pushCommand.Example = fmt.Sprintf("%s\n podman push --authfile temp-auths/myauths.json alpine docker://docker.io/myrepo/alpine", _pushCommand.Example)
+
+ }
+
pushCommand.Command = _pushCommand
pushCommand.SetHelpTemplate(HelpTemplate())
pushCommand.SetUsageTemplate(UsageTemplate())
flags := pushCommand.Flags()
- flags.MarkHidden("signature-policy")
- flags.StringVar(&pushCommand.CertDir, "cert-dir", "", "`Pathname` of a directory containing TLS certificates and keys")
flags.StringVar(&pushCommand.Creds, "creds", "", "`Credentials` (USERNAME:PASSWORD) to use for authenticating to a registry")
flags.StringVarP(&pushCommand.Format, "format", "f", "", "Manifest type (oci, v2s1, or v2s2) to use when pushing an image using the 'dir:' transport (default is manifest type of source)")
flags.BoolVarP(&pushCommand.Quiet, "quiet", "q", false, "Don't output progress information when pushing images")
@@ -55,10 +57,12 @@ func init() {
// Disabled flags for the remote client
if !remote {
- flags.StringVar(&pushCommand.Authfile, "authfile", "", "Path of the authentication file. Default is ${XDG_RUNTIME_DIR}/containers/auth.json. Use REGISTRY_AUTH_FILE environment variable to override")
+ flags.StringVar(&pushCommand.Authfile, "authfile", getAuthFile(""), "Path of the authentication file. Use REGISTRY_AUTH_FILE environment variable to override")
+ flags.StringVar(&pushCommand.CertDir, "cert-dir", "", "`Pathname` of a directory containing TLS certificates and keys")
flags.BoolVar(&pushCommand.Compress, "compress", false, "Compress tarball image layers when pushing to a directory using the 'dir' transport. (default is same compression type as source)")
flags.StringVar(&pushCommand.SignaturePolicy, "signature-policy", "", "`Pathname` of signature policy file (not usually used)")
flags.BoolVar(&pushCommand.TlsVerify, "tls-verify", true, "Require HTTPS and verify certificates when contacting registries")
+ flags.MarkHidden("signature-policy")
}
}
@@ -138,7 +142,5 @@ func pushCmd(c *cliconfig.PushValues) error {
SignBy: signBy,
}
- authfile := getAuthFile(c.Authfile)
-
- return runtime.Push(getContext(), srcName, destName, manifestType, authfile, c.SignaturePolicy, writer, c.Compress, so, &dockerRegistryOptions, nil)
+ return runtime.Push(getContext(), srcName, destName, manifestType, c.Authfile, c.SignaturePolicy, writer, c.Compress, so, &dockerRegistryOptions, nil)
}
diff --git a/cmd/podman/run.go b/cmd/podman/run.go
index 01b12d282..7d84d716b 100644
--- a/cmd/podman/run.go
+++ b/cmd/podman/run.go
@@ -36,6 +36,8 @@ func init() {
flags.SetInterspersed(false)
flags.Bool("sig-proxy", true, "Proxy received signals to the process")
getCreateFlags(&runCommand.PodmanCommand)
+ markFlagHiddenForRemoteClient("authfile", flags)
+ flags.MarkHidden("signature-policy")
}
func runCmd(c *cliconfig.RunValues) error {
diff --git a/cmd/podman/runlabel.go b/cmd/podman/runlabel.go
index c426817de..59cbc7aa4 100644
--- a/cmd/podman/runlabel.go
+++ b/cmd/podman/runlabel.go
@@ -45,8 +45,6 @@ func init() {
runlabelCommand.SetHelpTemplate(HelpTemplate())
runlabelCommand.SetUsageTemplate(UsageTemplate())
flags := runlabelCommand.Flags()
- flags.StringVar(&runlabelCommand.Authfile, "authfile", "", "Path of the authentication file. Default is ${XDG_RUNTIME_DIR}/containers/auth.json. Use REGISTRY_AUTH_FILE environment variable to override")
- flags.StringVar(&runlabelCommand.CertDir, "cert-dir", "", "`Pathname` of a directory containing TLS certificates and keys")
flags.StringVar(&runlabelCommand.Creds, "creds", "", "`Credentials` (USERNAME:PASSWORD) to use for authenticating to a registry")
flags.BoolVar(&runlabelCommand.Display, "display", false, "Preview the command that the label would run")
flags.BoolVar(&runlabelCommand.Replace, "replace", false, "Replace existing container with a new one from the image")
@@ -61,10 +59,17 @@ func init() {
flags.BoolP("pull", "p", false, "Pull the image if it does not exist locally prior to executing the label contents")
flags.BoolVarP(&runlabelCommand.Quiet, "quiet", "q", false, "Suppress output information when installing images")
- flags.StringVar(&runlabelCommand.SignaturePolicy, "signature-policy", "", "`Pathname` of signature policy file (not usually used)")
- flags.BoolVar(&runlabelCommand.TlsVerify, "tls-verify", true, "Require HTTPS and verify certificates when contacting registries")
+ // Disabled flags for the remote client
+ if !remote {
+ flags.StringVar(&runlabelCommand.Authfile, "authfile", getAuthFile(""), "Path of the authentication file. Use REGISTRY_AUTH_FILE environment variable to override")
+ flags.StringVar(&runlabelCommand.CertDir, "cert-dir", "", "`Pathname` of a directory containing TLS certificates and keys")
+ flags.StringVar(&runlabelCommand.SignaturePolicy, "signature-policy", "", "`Pathname` of signature policy file (not usually used)")
+ flags.BoolVar(&runlabelCommand.TlsVerify, "tls-verify", true, "Require HTTPS and verify certificates when contacting registries")
- flags.MarkDeprecated("pull", "podman will pull if not found in local storage")
+ flags.MarkDeprecated("pull", "podman will pull if not found in local storage")
+ flags.MarkHidden("signature-policy")
+ }
+ markFlagHiddenForRemoteClient("authfile", flags)
}
// installCmd gets the data from the command line and calls installImage
@@ -137,8 +142,7 @@ func runlabelCmd(c *cliconfig.RunlabelValues) error {
dockerRegistryOptions.DockerInsecureSkipTLSVerify = types.NewOptionalBool(!c.TlsVerify)
}
- authfile := getAuthFile(c.Authfile)
- runLabel, imageName, err := shared.GetRunlabel(label, runlabelImage, ctx, runtime, true, c.Creds, dockerRegistryOptions, authfile, c.SignaturePolicy, stdOut)
+ runLabel, imageName, err := shared.GetRunlabel(label, runlabelImage, ctx, runtime, true, c.Creds, dockerRegistryOptions, c.Authfile, c.SignaturePolicy, stdOut)
if err != nil {
return err
}
@@ -152,7 +156,7 @@ func runlabelCmd(c *cliconfig.RunlabelValues) error {
return err
}
if !c.Quiet {
- fmt.Printf("command: %s\n", strings.Join(cmd, " "))
+ fmt.Printf("command: %s\n", strings.Join(append([]string{os.Args[0]}, cmd[1:]...), " "))
if c.Display {
return nil
}
diff --git a/cmd/podman/search.go b/cmd/podman/search.go
index b236f3055..ba04002f6 100644
--- a/cmd/podman/search.go
+++ b/cmd/podman/search.go
@@ -43,12 +43,15 @@ func init() {
searchCommand.SetHelpTemplate(HelpTemplate())
searchCommand.SetUsageTemplate(UsageTemplate())
flags := searchCommand.Flags()
- flags.StringVar(&searchCommand.Authfile, "authfile", "", "Path of the authentication file. Default is ${XDG_RUNTIME_DIR}/containers/auth.json. Use REGISTRY_AUTH_FILE environment variable to override")
flags.StringSliceVarP(&searchCommand.Filter, "filter", "f", []string{}, "Filter output based on conditions provided (default [])")
flags.StringVar(&searchCommand.Format, "format", "", "Change the output format to a Go template")
flags.IntVar(&searchCommand.Limit, "limit", 0, "Limit the number of results")
flags.BoolVar(&searchCommand.NoTrunc, "no-trunc", false, "Do not truncate the output")
- flags.BoolVar(&searchCommand.TlsVerify, "tls-verify", true, "Require HTTPS and verify certificates when contacting registries")
+ // Disabled flags for the remote client
+ if !remote {
+ flags.StringVar(&searchCommand.Authfile, "authfile", getAuthFile(""), "Path of the authentication file. Use REGISTRY_AUTH_FILE environment variable to override")
+ flags.BoolVar(&searchCommand.TlsVerify, "tls-verify", true, "Require HTTPS and verify certificates when contacting registries")
+ }
}
func searchCmd(c *cliconfig.SearchValues) error {
@@ -70,7 +73,7 @@ func searchCmd(c *cliconfig.SearchValues) error {
NoTrunc: c.NoTrunc,
Limit: c.Limit,
Filter: *filter,
- Authfile: getAuthFile(c.Authfile),
+ Authfile: c.Authfile,
}
if c.Flag("tls-verify").Changed {
searchOptions.InsecureSkipTLSVerify = types.NewOptionalBool(!c.TlsVerify)
diff --git a/cmd/podman/shared/create.go b/cmd/podman/shared/create.go
index d1f704374..3c9b17804 100644
--- a/cmd/podman/shared/create.go
+++ b/cmd/podman/shared/create.go
@@ -19,6 +19,7 @@ import (
ann "github.com/containers/libpod/pkg/annotations"
"github.com/containers/libpod/pkg/inspect"
ns "github.com/containers/libpod/pkg/namespaces"
+ "github.com/containers/libpod/pkg/rootless"
cc "github.com/containers/libpod/pkg/spec"
"github.com/containers/libpod/pkg/util"
"github.com/docker/docker/pkg/signal"
@@ -283,7 +284,7 @@ func ParseCreateOpts(ctx context.Context, c *GenericCLIResults, runtime *libpod.
namespaces map[string]string
)
- idmappings, err := util.ParseIDMapping(c.StringSlice("uidmap"), c.StringSlice("gidmap"), c.String("subuidname"), c.String("subgidname"))
+ idmappings, err := util.ParseIDMapping(ns.UsernsMode(c.String("userns")), c.StringSlice("uidmap"), c.StringSlice("gidmap"), c.String("subuidname"), c.String("subgidname"))
if err != nil {
return nil, err
}
@@ -451,7 +452,9 @@ func ParseCreateOpts(ctx context.Context, c *GenericCLIResults, runtime *libpod.
// USER
user := c.String("user")
if user == "" {
- if data == nil {
+ if usernsMode.IsKeepID() {
+ user = fmt.Sprintf("%d:%d", rootless.GetRootlessUID(), rootless.GetRootlessGID())
+ } else if data == nil {
user = "0"
} else {
user = data.Config.User
diff --git a/cmd/podman/shared/create_cli.go b/cmd/podman/shared/create_cli.go
index f731e8db5..7f158b09a 100644
--- a/cmd/podman/shared/create_cli.go
+++ b/cmd/podman/shared/create_cli.go
@@ -7,6 +7,7 @@ import (
"github.com/containers/libpod/cmd/podman/shared/parse"
cc "github.com/containers/libpod/pkg/spec"
"github.com/containers/libpod/pkg/sysinfo"
+ "github.com/containers/libpod/pkg/util"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
)
@@ -76,6 +77,12 @@ func addWarning(warnings []string, msg string) []string {
func verifyContainerResources(config *cc.CreateConfig, update bool) ([]string, error) {
warnings := []string{}
+
+ cgroup2, err := util.IsCgroup2UnifiedMode()
+ if err != nil || cgroup2 {
+ return warnings, err
+ }
+
sysInfo := sysinfo.New(true)
// memory subsystem checks and adjustments
diff --git a/cmd/podman/varlink/io.podman.varlink b/cmd/podman/varlink/io.podman.varlink
index faaecdb6b..ed7b49c68 100644
--- a/cmd/podman/varlink/io.podman.varlink
+++ b/cmd/podman/varlink/io.podman.varlink
@@ -414,7 +414,6 @@ type BuildInfo (
remoteIntermediateCtrs: bool,
reportWriter: string,
runtimeArgs: []string,
- signaturePolicyPath: string,
squash: bool
)
@@ -467,13 +466,9 @@ type PodContainerErrorData (
type Runlabel(
image: string,
authfile: string,
- certDir: string,
- creds: string,
display: bool,
name: string,
pull: bool,
- signaturePolicyPath: string,
- tlsVerify: ?bool,
label: string,
extraArgs: []string,
opts: [string]string
@@ -759,11 +754,10 @@ method InspectImage(name: string) -> (image: string)
# [ImageNotFound](#ImageNotFound) error is returned.
method HistoryImage(name: string) -> (history: []ImageHistory)
-# PushImage takes three input arguments: the name or ID of an image, the fully-qualified destination name of the image,
-# and a boolean as to whether tls-verify should be used (with false disabling TLS, not affecting the default behavior).
+# PushImage takes two input arguments: the name or ID of an image, the fully-qualified destination name of the image,
# It will return an [ImageNotFound](#ImageNotFound) error if
# the image cannot be found in local storage; otherwise it will return a [MoreResponse](#MoreResponse)
-method PushImage(name: string, tag: string, tlsverify: ?bool, signaturePolicy: string, creds: string, certDir: string, compress: bool, format: string, removeSignatures: bool, signBy: string) -> (reply: MoreResponse)
+method PushImage(name: string, tag: string, compress: bool, format: string, removeSignatures: bool, signBy: string) -> (reply: MoreResponse)
# TagImage takes the name or ID of an image in local storage as well as the desired tag name. If the image cannot
# be found, an [ImageNotFound](#ImageNotFound) error will be returned; otherwise, the ID of the image is returned on success.
@@ -784,7 +778,7 @@ method RemoveImage(name: string, force: bool) -> (image: string)
# SearchImages searches available registries for images that contain the
# contents of "query" in their name. If "limit" is given, limits the amount of
# search results per registry.
-method SearchImages(query: string, limit: ?int, tlsVerify: ?bool, filter: ImageSearchFilter) -> (results: []ImageSearchResult)
+method SearchImages(query: string, limit: ?int, filter: ImageSearchFilter) -> (results: []ImageSearchResult)
# DeleteUnusedImages deletes any images not associated with a container. The IDs of the deleted images are returned
# in a string array.
@@ -825,7 +819,7 @@ method ExportImage(name: string, destination: string, compress: bool, tags: []st
# PullImage pulls an image from a repository to local storage. After a successful pull, the image id and logs
# are returned as a [MoreResponse](#MoreResponse). This connection also will handle a WantsMores request to send
# status as it occurs.
-method PullImage(name: string, certDir: string, creds: string, signaturePolicy: string, tlsVerify: ?bool) -> (reply: MoreResponse)
+method PullImage(name: string) -> (reply: MoreResponse)
# CreatePod creates a new empty pod. It uses a [PodCreate](#PodCreate) type for input.
# On success, the ID of the newly created pod will be returned.
diff --git a/cmd/podman/version.go b/cmd/podman/version.go
index 439a1cca6..52a518db8 100644
--- a/cmd/podman/version.go
+++ b/cmd/podman/version.go
@@ -70,7 +70,7 @@ func versionCmd(c *cliconfig.VersionValues) error {
if remote {
fmt.Fprintf(w, "\nService:\n")
- runtime, err := adapter.GetRuntime(getContext(), nil)
+ runtime, err := adapter.GetRuntime(getContext(), &c.PodmanCommand)
if err != nil {
return errors.Wrapf(err, "could not get runtime")
}