diff options
Diffstat (limited to 'hack')
-rwxr-xr-x | hack/podman-registry | 74 | ||||
-rwxr-xr-x | hack/xref-helpmsgs-manpages | 4 |
2 files changed, 50 insertions, 28 deletions
diff --git a/hack/podman-registry b/hack/podman-registry index e7708ce6a..fe79b7d9d 100755 --- a/hack/podman-registry +++ b/hack/podman-registry @@ -14,7 +14,7 @@ PODMAN_REGISTRY_PASS= PODMAN_REGISTRY_PORT= # Podman binary to run -PODMAN=${PODMAN:-$(type -p podman)} +PODMAN=${PODMAN:-$(dirname $0)/../bin/podman} # END defaults ############################################################################### @@ -104,6 +104,24 @@ function podman() { "$@" } +############### +# must_pass # Run a command quietly; abort with error on failure +############### +function must_pass() { + local log=${PODMAN_REGISTRY_WORKDIR}/log + + "$@" &> $log + if [ $? -ne 0 ]; then + echo "$ME: Command failed: $*" >&2 + cat $log >&2 + + # If we ever get here, it's a given that the registry is not running. + # Clean up after ourselves. + rm -rf ${PODMAN_REGISTRY_WORKDIR} + exit 1 + fi +} + # END helper functions ############################################################################### # BEGIN action processing @@ -132,7 +150,7 @@ function do_start() { PODMAN_REGISTRY_PASS=$(random_string 15) fi - # Die on any error + # For the next few commands, die on any error set -e mkdir -p ${PODMAN_REGISTRY_WORKDIR} @@ -140,50 +158,50 @@ function do_start() { local AUTHDIR=${PODMAN_REGISTRY_WORKDIR}/auth mkdir -p $AUTHDIR - # We have to be silent; our only output must be env. vars. Log output here. - local log=${PODMAN_REGISTRY_WORKDIR}/log - touch $log - # Pull registry image, but into a separate container storage mkdir -p ${PODMAN_REGISTRY_WORKDIR}/root mkdir -p ${PODMAN_REGISTRY_WORKDIR}/runroot + set +e + # Give it three tries, to compensate for flakes - podman pull ${PODMAN_REGISTRY_IMAGE} &>> $log || - podman pull ${PODMAN_REGISTRY_IMAGE} &>> $log || - podman pull ${PODMAN_REGISTRY_IMAGE} &>> $log + podman pull ${PODMAN_REGISTRY_IMAGE} &>/dev/null || + podman pull ${PODMAN_REGISTRY_IMAGE} &>/dev/null || + must_pass podman pull ${PODMAN_REGISTRY_IMAGE} # Registry image needs a cert. Self-signed is good enough. local CERT=$AUTHDIR/domain.crt - # FIXME: if this fails, we fail silently! It'd be more helpful - # to say 'openssl failed' and cat the logfile - openssl req -newkey rsa:4096 -nodes -sha256 \ - -keyout ${AUTHDIR}/domain.key -x509 -days 2 \ - -out ${AUTHDIR}/domain.crt \ - -subj "/C=US/ST=Foo/L=Bar/O=Red Hat, Inc./CN=localhost" \ - &>> $log - - # Store credentials where container will see them + must_pass openssl req -newkey rsa:4096 -nodes -sha256 \ + -keyout ${AUTHDIR}/domain.key -x509 -days 2 \ + -out ${AUTHDIR}/domain.crt \ + -subj "/C=US/ST=Foo/L=Bar/O=Red Hat, Inc./CN=localhost" + + # Store credentials where container will see them. We can't run + # this one via must_pass because we need its stdout. podman run --rm \ --entrypoint htpasswd ${PODMAN_REGISTRY_IMAGE} \ -Bbn ${PODMAN_REGISTRY_USER} ${PODMAN_REGISTRY_PASS} \ > $AUTHDIR/htpasswd + if [ $? -ne 0 ]; then + rm -rf ${PODMAN_REGISTRY_WORKDIR} + die "Command failed: podman run [htpasswd]" + fi # In case someone needs to debug echo "${PODMAN_REGISTRY_USER}:${PODMAN_REGISTRY_PASS}" \ > $AUTHDIR/htpasswd-plaintext # Run the registry container. - podman run --quiet -d \ - -p ${PODMAN_REGISTRY_PORT}:5000 \ - --name registry \ - -v $AUTHDIR:/auth:Z \ - -e "REGISTRY_AUTH=htpasswd" \ - -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \ - -e "REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd" \ - -e "REGISTRY_HTTP_TLS_CERTIFICATE=/auth/domain.crt" \ - -e "REGISTRY_HTTP_TLS_KEY=/auth/domain.key" \ - registry:2 &>> $log + must_pass podman run --quiet -d \ + -p ${PODMAN_REGISTRY_PORT}:5000 \ + --name registry \ + -v $AUTHDIR:/auth:Z \ + -e "REGISTRY_AUTH=htpasswd" \ + -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \ + -e "REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd" \ + -e "REGISTRY_HTTP_TLS_CERTIFICATE=/auth/domain.crt" \ + -e "REGISTRY_HTTP_TLS_KEY=/auth/domain.key" \ + registry:2 # Dump settings. Our caller will use these to access the registry. for v in IMAGE PORT USER PASS; do diff --git a/hack/xref-helpmsgs-manpages b/hack/xref-helpmsgs-manpages index 00db3c8de..c1e9dffc4 100755 --- a/hack/xref-helpmsgs-manpages +++ b/hack/xref-helpmsgs-manpages @@ -150,6 +150,10 @@ sub xref_by_man { my %ignore = map { $_ => 1 } qw(-l -s -t --latest --size --type); next if $man =~ /-inspect/ && $ignore{$k}; + # Special case: podman-diff serves dual purpose (image, ctr) + my %diffignore = map { $_ => 1 } qw(-l --latest ); + next if $man =~ /-diff/ && $diffignore{$k}; + # Special case: the 'trust' man page is a mess next if $man =~ /-trust/; |