summaryrefslogtreecommitdiff
path: root/cmd
diff options
context:
space:
mode:
Diffstat (limited to 'cmd')
-rw-r--r--cmd/cli/main.go113
-rw-r--r--cmd/podman/build.go5
-rw-r--r--cmd/podman/login.go4
-rw-r--r--cmd/podman/pod_create.go17
-rw-r--r--cmd/podman/shared/create.go3
5 files changed, 10 insertions, 132 deletions
diff --git a/cmd/cli/main.go b/cmd/cli/main.go
deleted file mode 100644
index 4eec05ef2..000000000
--- a/cmd/cli/main.go
+++ /dev/null
@@ -1,113 +0,0 @@
-package main
-
-import (
- "bytes"
- "context"
- "encoding/json"
- "fmt"
- "io/ioutil"
- "net"
- "net/http"
- "net/url"
- "os"
-
- "golang.org/x/crypto/ssh"
-)
-
-// remote PODMAN_HOST=ssh://<user>@<host>[:port]/run/podman/podman.sock
-// local PODMAN_HOST=unix://run/podman/podman.sock
-
-var (
- DefaultURL = "unix://root@localhost/run/podman/podman.sock"
-)
-
-func main() {
- connectionURL := DefaultURL
- if value, found := os.LookupEnv("PODMAN_HOST"); found {
- connectionURL = value
- }
-
- _url, err := url.Parse(connectionURL)
- if err != nil {
- die("Value of PODMAN_HOST is not a valid url: %s\n", connectionURL)
- }
-
- if _url.Scheme != "ssh" && _url.Scheme != "unix" {
- die("Scheme from PODMAN_HOST is not supported: %s\n", _url.Scheme)
- }
-
- // Now we setup the http client to use the connection above
- client := &http.Client{}
- if _url.Scheme == "ssh" {
- var auth ssh.AuthMethod
- if value, found := os.LookupEnv("PODMAN_SSHKEY"); found {
- auth, err = publicKey(value)
- if err != nil {
- die("Failed to parse %s: %v\n", value, err)
- }
- } else {
- die("PODMAN_SSHKEY was not defined\n")
- }
-
- // Connect to sshd
- bastion, err := ssh.Dial("tcp",
- net.JoinHostPort(_url.Hostname(), _url.Port()),
- &ssh.ClientConfig{
- User: _url.User.Username(),
- Auth: []ssh.AuthMethod{auth},
- HostKeyCallback: ssh.InsecureIgnoreHostKey(),
- },
- )
- if err != nil {
- die("Failed to build ssh tunnel")
- }
- defer bastion.Close()
-
- client.Transport = &http.Transport{
- DialContext: func(_ context.Context, _, _ string) (net.Conn, error) {
- // Now we make the connection to the unix domain socket on the server using the ssh tunnel
- return bastion.Dial("unix", _url.Path)
- },
- }
- } else {
- client.Transport = &http.Transport{
- DialContext: func(ctx context.Context, _, _ string) (net.Conn, error) {
- d := net.Dialer{}
- return d.DialContext(ctx, "unix", _url.Path)
- },
- DisableCompression: true,
- }
- }
-
- resp, err := client.Get("http://localhost/v1.24/images/json")
- if err != nil {
- die(err.Error())
- }
- defer resp.Body.Close()
- body, _ := ioutil.ReadAll(resp.Body)
-
- var output bytes.Buffer
- _ = json.Indent(&output, body, "", " ")
- fmt.Printf("%s\n", output.String())
- os.Exit(0)
-}
-
-func die(format string, a ...interface{}) {
- fmt.Fprintf(os.Stderr, format, a...)
- fmt.Fprintf(os.Stderr, "\n")
- os.Exit(1)
-}
-
-func publicKey(path string) (ssh.AuthMethod, error) {
- key, err := ioutil.ReadFile(path)
- if err != nil {
- return nil, err
- }
-
- signer, err := ssh.ParsePrivateKey(key)
- if err != nil {
- return nil, err
- }
-
- return ssh.PublicKeys(signer), nil
-}
diff --git a/cmd/podman/build.go b/cmd/podman/build.go
index 1fcb98a0e..12aedac37 100644
--- a/cmd/podman/build.go
+++ b/cmd/podman/build.go
@@ -84,7 +84,10 @@ func init() {
}
flag.DefValue = "true"
- fromAndBugFlags := buildahcli.GetFromAndBudFlags(&fromAndBudValues, &userNSValues, &namespaceValues)
+ fromAndBugFlags, err := buildahcli.GetFromAndBudFlags(&fromAndBudValues, &userNSValues, &namespaceValues)
+ if err != nil {
+ logrus.Errorf("failed to setup podman build flags: %v", err)
+ }
flags.AddFlagSet(&budFlags)
flags.AddFlagSet(&fromAndBugFlags)
diff --git a/cmd/podman/login.go b/cmd/podman/login.go
index e5ff273b8..e09117833 100644
--- a/cmd/podman/login.go
+++ b/cmd/podman/login.go
@@ -82,6 +82,10 @@ func loginCmd(c *cliconfig.LoginValues) error {
server = registryFromFullName(scrubServer(args[0]))
}
+ if c.Flag("password").Changed {
+ fmt.Fprintf(os.Stderr, "WARNING! Using --password via the cli is insecure. Please consider using --password-stdin\n")
+ }
+
sc := image.GetSystemContext("", c.Authfile, false)
if c.Flag("tls-verify").Changed {
sc.DockerInsecureSkipTLSVerify = types.NewOptionalBool(!c.TlsVerify)
diff --git a/cmd/podman/pod_create.go b/cmd/podman/pod_create.go
index 0f72780f9..810f62f02 100644
--- a/cmd/podman/pod_create.go
+++ b/cmd/podman/pod_create.go
@@ -45,19 +45,7 @@ func init() {
podCreateCommand.SetUsageTemplate(UsageTemplate())
flags := podCreateCommand.Flags()
flags.SetInterspersed(false)
- // When we are ready to add the network options to the create commmand, we need to uncomment
- // the following
-
- //flags.AddFlagSet(getNetFlags())
-
- // Once this is uncommented, then the publish option below needs to be removed because it
- // conflicts with the publish in getNetFlags. Upon removal, the c.Publish will not work
- // anymore and needs to be cleaned up. I suggest starting with removing the Publish attribute
- // from PodCreateValues structure. Running make should then expose all areas that need to be
- // addressed. To get the value of publish (and other flags in getNetFlags, use the syntax:
- // c.<type>("<flag_name") or c.Bool("publish")
- // Remember to do this safely by checking len, etc.
-
+ flags.AddFlagSet(getNetFlags())
flags.StringVar(&podCreateCommand.CgroupParent, "cgroup-parent", "", "Set parent cgroup for the pod")
flags.BoolVar(&podCreateCommand.Infra, "infra", true, "Create an infra container associated with the pod to share namespaces with")
flags.StringVar(&podCreateCommand.InfraImage, "infra-image", define.DefaultInfraImage, "The image of the infra container to associate with the pod")
@@ -67,7 +55,6 @@ func init() {
flags.StringVarP(&podCreateCommand.Name, "name", "n", "", "Assign a name to the pod")
flags.StringVarP(&podCreateCommand.Hostname, "hostname", "", "", "Set a hostname to the pod")
flags.StringVar(&podCreateCommand.PodIDFile, "pod-id-file", "", "Write the pod ID to the file")
- flags.StringSliceVarP(&podCreateCommand.Publish, "publish", "p", []string{}, "Publish a container's port, or a range of ports, to the host (default [])")
flags.StringVar(&podCreateCommand.Share, "share", shared.DefaultKernelNamespaces, "A comma delimited list of kernel namespaces the pod will share")
}
@@ -83,7 +70,7 @@ func podCreateCmd(c *cliconfig.PodCreateValues) error {
}
defer runtime.DeferredShutdown(false)
- if len(c.Publish) > 0 {
+ if len(c.StringSlice("publish")) > 0 {
if !c.Infra {
return errors.Errorf("you must have an infra container to publish port bindings to the host")
}
diff --git a/cmd/podman/shared/create.go b/cmd/podman/shared/create.go
index 99538b3dc..5b244699c 100644
--- a/cmd/podman/shared/create.go
+++ b/cmd/podman/shared/create.go
@@ -701,9 +701,6 @@ func ParseCreateOpts(ctx context.Context, c *GenericCLIResults, runtime *libpod.
Sysctl: sysctl,
}
- if err := secConfig.SetLabelOpts(runtime, pid, ipc); err != nil {
- return nil, err
- }
if err := secConfig.SetSecurityOpts(runtime, c.StringArray("security-opt")); err != nil {
return nil, err
}