summaryrefslogtreecommitdiff
path: root/hack
diff options
context:
space:
mode:
Diffstat (limited to 'hack')
-rwxr-xr-xhack/get_ci_vm.sh34
-rwxr-xr-xhack/podman-registry249
-rw-r--r--hack/podman-registry-go/registry.go98
-rw-r--r--hack/podman-registry-go/registry_test.go40
-rwxr-xr-xhack/xref-helpmsgs-manpages4
5 files changed, 413 insertions, 12 deletions
diff --git a/hack/get_ci_vm.sh b/hack/get_ci_vm.sh
index 7e31c19c6..1d48f0996 100755
--- a/hack/get_ci_vm.sh
+++ b/hack/get_ci_vm.sh
@@ -67,13 +67,6 @@ delvm() {
cleanup
}
-image_hints() {
- _BIS=$(egrep -m 1 '_BUILT_IMAGE_SUFFIX:[[:space:]+"[[:print:]]+"' "$LIBPODROOT/.cirrus.yml" | cut -d: -f 2 | tr -d '"[:blank:]')
- egrep '[[:space:]]+[[:alnum:]].+_CACHE_IMAGE_NAME:[[:space:]+"[[:print:]]+"' \
- "$LIBPODROOT/.cirrus.yml" | cut -d: -f 2 | tr -d '"[:blank:]' | \
- sed -r -e "s/\\\$[{]_BUILT_IMAGE_SUFFIX[}]/$_BIS/" | sort -u
-}
-
show_usage() {
echo -e "\n${RED}ERROR: $1${NOR}"
echo -e "${YEL}Usage: $(basename $0) [-m <SPECIALMODE>] [-u <ROOTLESS_USER> ] <image_name>${NOR}"
@@ -90,17 +83,34 @@ show_usage() {
}
get_env_vars() {
- python -c '
-import yaml
+ # Deal with both YAML and embedded shell-like substitutions in values
+ # if substitution fails, fall back to printing naked env. var as-is.
+ python3 -c '
+import yaml,re
env=yaml.load(open(".cirrus.yml"), Loader=yaml.SafeLoader)["env"]
-keys=[k for k in env if "ENCRYPTED" not in str(env[k])]
+dollar_env_var=re.compile(r"\$(\w+)")
+dollarcurly_env_var=re.compile(r"\$\{(\w+)\}")
+class ReIterKey(dict):
+ def __missing__(self, key):
+ # Cirrus-CI provides some runtime-only env. vars. Avoid
+ # breaking this hack-script if/when any are present in YAML
+ return "${0}".format(key)
+rep=r"{\1}" # Convert env vars markup to -> str.format_map(re_iter_key) markup
+out=ReIterKey()
for k,v in env.items():
v=str(v)
- if "ENCRYPTED" not in v and "ADD_SECOND_PARTITION" not in v:
- print("{0}=\"{1}\"".format(k, v)),
+ if "ENCRYPTED" not in v:
+ out[k]=dollar_env_var.sub(rep, dollarcurly_env_var.sub(rep, v))
+for k,v in out.items():
+ print("{0}=\"{1}\"".format(k, v.format_map(out)))
'
}
+image_hints() {
+ get_env_vars | fgrep '_CACHE_IMAGE_NAME' | awk -F "=" '{print $2}'
+}
+
+
parse_args(){
echo -e "$USAGE_WARNING"
diff --git a/hack/podman-registry b/hack/podman-registry
new file mode 100755
index 000000000..fe79b7d9d
--- /dev/null
+++ b/hack/podman-registry
@@ -0,0 +1,249 @@
+#! /bin/bash
+#
+# podman-registry - start/stop/monitor a local instance of registry:2
+#
+ME=$(basename $0)
+
+###############################################################################
+# BEGIN defaults
+
+PODMAN_REGISTRY_IMAGE=docker.io/library/registry:2
+
+PODMAN_REGISTRY_USER=
+PODMAN_REGISTRY_PASS=
+PODMAN_REGISTRY_PORT=
+
+# Podman binary to run
+PODMAN=${PODMAN:-$(dirname $0)/../bin/podman}
+
+# END defaults
+###############################################################################
+# BEGIN help messages
+
+missing=" argument is missing; see $ME --help for details"
+usage="Usage: $ME [options] [start|stop|ps|logs]
+
+$ME manages a local instance of a container registry.
+
+When called to start a registry, $ME will pull an image
+into a local temporary directory, create an htpasswd, start the
+registry, and dump a series of environment variables to stdout:
+
+ \$ $ME start
+ PODMAN_REGISTRY_IMAGE=\"docker.io/library/registry:2\"
+ PODMAN_REGISTRY_PORT=\"5050\"
+ PODMAN_REGISTRY_USER=\"userZ3RZ\"
+ PODMAN_REGISTRY_PASS=\"T8JVJzKrcl4p6uT\"
+
+Expected usage, therefore, is something like this in a script
+
+ eval \$($ME start)
+
+To stop the registry, you will need to know the port number:
+
+ $ME -P \$PODMAN_REGISTRY_PORT stop
+
+Override the default image, port, user, password with:
+
+ -i IMAGE registry image to pull (default: $PODMAN_REGISTRY_IMAGE)
+ -u USER registry user (default: random)
+ -p PASS password for registry user (default: random)
+ -P PORT port to bind to (on 127.0.0.1) (default: random, 5000-5999)
+
+Other options:
+
+ -h display usage message
+"
+
+die () {
+ echo "$ME: $*" >&2
+ exit 1
+}
+
+# END help messages
+###############################################################################
+# BEGIN option processing
+
+while getopts "i:u:p:P:hv" opt; do
+ case "$opt" in
+ i) PODMAN_REGISTRY_IMAGE=$OPTARG ;;
+ u) PODMAN_REGISTRY_USER=$OPTARG ;;
+ p) PODMAN_REGISTRY_PASS=$OPTARG ;;
+ P) PODMAN_REGISTRY_PORT=$OPTARG ;;
+ h) echo "$usage"; exit 0;;
+ v) verbose=1 ;;
+ \?) echo "Run '$ME -h' for help" >&2; exit 1;;
+ esac
+done
+shift $((OPTIND-1))
+
+# END option processing
+###############################################################################
+# BEGIN helper functions
+
+function random_string() {
+ local length=${1:-10}
+
+ head /dev/urandom | tr -dc a-zA-Z0-9 | head -c$length
+}
+
+function podman() {
+ if [ -z "${PODMAN_REGISTRY_PORT}" ]; then
+ die "podman port undefined; please invoke me with -P PORT"
+ fi
+
+ if [ -z "${PODMAN_REGISTRY_WORKDIR}" ]; then
+ PODMAN_REGISTRY_WORKDIR=${TMPDIR:-/tmp}/podman-registry-${PODMAN_REGISTRY_PORT}
+ if [ ! -d ${PODMAN_REGISTRY_WORKDIR} ]; then
+ die "$ME: directory does not exist: ${PODMAN_REGISTRY_WORKDIR}"
+ fi
+ fi
+
+ ${PODMAN} --root ${PODMAN_REGISTRY_WORKDIR}/root \
+ --runroot ${PODMAN_REGISTRY_WORKDIR}/runroot \
+ "$@"
+}
+
+###############
+# must_pass # Run a command quietly; abort with error on failure
+###############
+function must_pass() {
+ local log=${PODMAN_REGISTRY_WORKDIR}/log
+
+ "$@" &> $log
+ if [ $? -ne 0 ]; then
+ echo "$ME: Command failed: $*" >&2
+ cat $log >&2
+
+ # If we ever get here, it's a given that the registry is not running.
+ # Clean up after ourselves.
+ rm -rf ${PODMAN_REGISTRY_WORKDIR}
+ exit 1
+ fi
+}
+
+# END helper functions
+###############################################################################
+# BEGIN action processing
+
+function do_start() {
+ # If called without a port, assign a random one in the 5xxx range
+ if [ -z "${PODMAN_REGISTRY_PORT}" ]; then
+ for port in $(shuf -i 5000-5999);do
+ if ! { exec 3<> /dev/tcp/127.0.0.1/$port; } &>/dev/null; then
+ PODMAN_REGISTRY_PORT=$port
+ break
+ fi
+ done
+ fi
+
+ PODMAN_REGISTRY_WORKDIR=${TMPDIR:-/tmp}/podman-registry-${PODMAN_REGISTRY_PORT}
+ if [ -d ${PODMAN_REGISTRY_WORKDIR} ]; then
+ die "$ME: directory exists: ${PODMAN_REGISTRY_WORKDIR} (another registry might already be running on this port)"
+ fi
+
+ # Randomly-generated username and password, if none given on command line
+ if [ -z "${PODMAN_REGISTRY_USER}" ]; then
+ PODMAN_REGISTRY_USER="user$(random_string 4)"
+ fi
+ if [ -z "${PODMAN_REGISTRY_PASS}" ]; then
+ PODMAN_REGISTRY_PASS=$(random_string 15)
+ fi
+
+ # For the next few commands, die on any error
+ set -e
+
+ mkdir -p ${PODMAN_REGISTRY_WORKDIR}
+
+ local AUTHDIR=${PODMAN_REGISTRY_WORKDIR}/auth
+ mkdir -p $AUTHDIR
+
+ # Pull registry image, but into a separate container storage
+ mkdir -p ${PODMAN_REGISTRY_WORKDIR}/root
+ mkdir -p ${PODMAN_REGISTRY_WORKDIR}/runroot
+
+ set +e
+
+ # Give it three tries, to compensate for flakes
+ podman pull ${PODMAN_REGISTRY_IMAGE} &>/dev/null ||
+ podman pull ${PODMAN_REGISTRY_IMAGE} &>/dev/null ||
+ must_pass podman pull ${PODMAN_REGISTRY_IMAGE}
+
+ # Registry image needs a cert. Self-signed is good enough.
+ local CERT=$AUTHDIR/domain.crt
+ must_pass openssl req -newkey rsa:4096 -nodes -sha256 \
+ -keyout ${AUTHDIR}/domain.key -x509 -days 2 \
+ -out ${AUTHDIR}/domain.crt \
+ -subj "/C=US/ST=Foo/L=Bar/O=Red Hat, Inc./CN=localhost"
+
+ # Store credentials where container will see them. We can't run
+ # this one via must_pass because we need its stdout.
+ podman run --rm \
+ --entrypoint htpasswd ${PODMAN_REGISTRY_IMAGE} \
+ -Bbn ${PODMAN_REGISTRY_USER} ${PODMAN_REGISTRY_PASS} \
+ > $AUTHDIR/htpasswd
+ if [ $? -ne 0 ]; then
+ rm -rf ${PODMAN_REGISTRY_WORKDIR}
+ die "Command failed: podman run [htpasswd]"
+ fi
+
+ # In case someone needs to debug
+ echo "${PODMAN_REGISTRY_USER}:${PODMAN_REGISTRY_PASS}" \
+ > $AUTHDIR/htpasswd-plaintext
+
+ # Run the registry container.
+ must_pass podman run --quiet -d \
+ -p ${PODMAN_REGISTRY_PORT}:5000 \
+ --name registry \
+ -v $AUTHDIR:/auth:Z \
+ -e "REGISTRY_AUTH=htpasswd" \
+ -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
+ -e "REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd" \
+ -e "REGISTRY_HTTP_TLS_CERTIFICATE=/auth/domain.crt" \
+ -e "REGISTRY_HTTP_TLS_KEY=/auth/domain.key" \
+ registry:2
+
+ # Dump settings. Our caller will use these to access the registry.
+ for v in IMAGE PORT USER PASS; do
+ echo "PODMAN_REGISTRY_${v}=\"$(eval echo \$PODMAN_REGISTRY_${v})\""
+ done
+}
+
+
+function do_stop() {
+ podman stop registry
+ podman rm -f registry
+
+ rm -rf ${PODMAN_REGISTRY_WORKDIR}
+}
+
+
+function do_ps() {
+ podman ps -a
+}
+
+
+function do_logs() {
+ podman logs registry
+}
+
+# END action processing
+###############################################################################
+# BEGIN command-line processing
+
+# First command-line arg must be an action
+action=${1?ACTION$missing}
+shift
+
+case "$action" in
+ start) do_start ;;
+ stop) do_stop ;;
+ ps) do_ps ;;
+ logs) do_logs ;;
+ *) die "Unknown action '$action'; must be start / stop / ps / logs" ;;
+esac
+
+# END command-line processing
+###############################################################################
+
+exit 0
diff --git a/hack/podman-registry-go/registry.go b/hack/podman-registry-go/registry.go
new file mode 100644
index 000000000..a83304914
--- /dev/null
+++ b/hack/podman-registry-go/registry.go
@@ -0,0 +1,98 @@
+package registry
+
+import (
+ "strings"
+
+ "github.com/containers/libpod/utils"
+ "github.com/pkg/errors"
+ "github.com/sirupsen/logrus"
+)
+
+const (
+ imageKey = "PODMAN_REGISTRY_IMAGE"
+ userKey = "PODMAN_REGISTRY_USER"
+ passKey = "PODMAN_REGISTRY_PASS"
+ portKey = "PODMAN_REGISTRY_PORT"
+)
+
+var binary = "podman-registry"
+
+// Registry is locally running registry.
+type Registry struct {
+ // Image - container image of the registry.
+ Image string
+ // User - the user to authenticate against the registry.
+ User string
+ // Password - the accompanying password for the user.
+ Password string
+ // Port - the port the registry is listening to on the host.
+ Port string
+ // running indicates if the registry is running.
+ running bool
+}
+
+// Start a new registry and return it along with it's image, user, password, and port.
+func Start() (*Registry, error) {
+ // Start a registry.
+ out, err := utils.ExecCmd(binary, "start")
+ if err != nil {
+ return nil, errors.Wrapf(err, "error running %q: %s", binary, out)
+ }
+
+ // Parse the output.
+ registry := Registry{}
+ for _, s := range strings.Split(out, "\n") {
+ if s == "" {
+ continue
+ }
+ spl := strings.Split(s, "=")
+ if len(spl) != 2 {
+ return nil, errors.Errorf("unexpected output format %q: want 'PODMAN_...=...'", s)
+ }
+ key := spl[0]
+ val := strings.TrimSuffix(strings.TrimPrefix(spl[1], "\""), "\"")
+ switch key {
+ case imageKey:
+ registry.Image = val
+ case userKey:
+ registry.User = val
+ case passKey:
+ registry.Password = val
+ case portKey:
+ registry.Port = val
+ default:
+ logrus.Errorf("unexpected podman-registry output: %q", s)
+ }
+ }
+
+ // Extra sanity check.
+ if registry.Image == "" {
+ return nil, errors.Errorf("unexpected output %q: %q missing", out, imageKey)
+ }
+ if registry.User == "" {
+ return nil, errors.Errorf("unexpected output %q: %q missing", out, userKey)
+ }
+ if registry.Password == "" {
+ return nil, errors.Errorf("unexpected output %q: %q missing", out, passKey)
+ }
+ if registry.Port == "" {
+ return nil, errors.Errorf("unexpected output %q: %q missing", out, portKey)
+ }
+
+ registry.running = true
+
+ return &registry, nil
+}
+
+// Stop the registry.
+func (r *Registry) Stop() error {
+ // Stop a registry.
+ if !r.running {
+ return nil
+ }
+ if _, err := utils.ExecCmd(binary, "-P", r.Port, "stop"); err != nil {
+ return errors.Wrapf(err, "error stopping registry (%v) with %q", *r, binary)
+ }
+ r.running = false
+ return nil
+}
diff --git a/hack/podman-registry-go/registry_test.go b/hack/podman-registry-go/registry_test.go
new file mode 100644
index 000000000..4e4bf5fe2
--- /dev/null
+++ b/hack/podman-registry-go/registry_test.go
@@ -0,0 +1,40 @@
+package registry
+
+import (
+ "testing"
+
+ "github.com/hashicorp/go-multierror"
+ "github.com/stretchr/testify/assert"
+ "github.com/stretchr/testify/require"
+)
+
+func TestStartAndStopMultipleRegistries(t *testing.T) {
+ binary = "../podman-registry"
+
+ registries := []*Registry{}
+
+ // Start registries.
+ var errors *multierror.Error
+ for i := 0; i < 3; i++ {
+ reg, err := Start()
+ if err != nil {
+ errors = multierror.Append(errors, err)
+ continue
+ }
+ assert.True(t, len(reg.Image) > 0)
+ assert.True(t, len(reg.User) > 0)
+ assert.True(t, len(reg.Password) > 0)
+ assert.True(t, len(reg.Port) > 0)
+ registries = append(registries, reg)
+ }
+
+ // Stop registries.
+ for _, reg := range registries {
+ // Make sure we can stop it properly.
+ errors = multierror.Append(errors, reg.Stop())
+ // Stopping an already stopped registry is fine as well.
+ errors = multierror.Append(errors, reg.Stop())
+ }
+
+ require.NoError(t, errors.ErrorOrNil())
+}
diff --git a/hack/xref-helpmsgs-manpages b/hack/xref-helpmsgs-manpages
index 00db3c8de..c1e9dffc4 100755
--- a/hack/xref-helpmsgs-manpages
+++ b/hack/xref-helpmsgs-manpages
@@ -150,6 +150,10 @@ sub xref_by_man {
my %ignore = map { $_ => 1 } qw(-l -s -t --latest --size --type);
next if $man =~ /-inspect/ && $ignore{$k};
+ # Special case: podman-diff serves dual purpose (image, ctr)
+ my %diffignore = map { $_ => 1 } qw(-l --latest );
+ next if $man =~ /-diff/ && $diffignore{$k};
+
# Special case: the 'trust' man page is a mess
next if $man =~ /-trust/;