9 files changed, 82 insertions, 91 deletions
diff --git a/pkg/adapter/checkpoint_restore.go b/pkg/adapter/checkpoint_restore.go
index 15f9e8105..7f80b782a 100644
--- a/pkg/adapter/checkpoint_restore.go
+++ b/pkg/adapter/checkpoint_restore.go
@@ -60,6 +60,7 @@ func crImportCheckpoint(ctx context.Context, runtime *libpod.Runtime, input stri
 			"ctr.log",
 			"rootfs-diff.tar",
 			"network.status",
+			"deleted.files",
 		},
 	}
 	dir, err := ioutil.TempDir("", "checkpoint")
diff --git a/pkg/adapter/containers.go b/pkg/adapter/containers.go
index 3334e9fa1..fdd9f6ab3 100644
--- a/pkg/adapter/containers.go
+++ b/pkg/adapter/containers.go
@@ -1230,6 +1230,7 @@ func (r *LocalRuntime) generateSystemdgenContainerInfo(c *cliconfig.GenerateSyst
 		PIDFile:           conmonPidFile,
 		StopTimeout:       timeout,
 		GenerateTimestamp: true,
+		CreateCommand:     config.CreateCommand,
 	}
 
 	return info, true, nil
@@ -1237,11 +1238,21 @@ func (r *LocalRuntime) generateSystemdgenContainerInfo(c *cliconfig.GenerateSyst
 
 // GenerateSystemd creates a unit file for a container or pod.
 func (r *LocalRuntime) GenerateSystemd(c *cliconfig.GenerateSystemdValues) (string, error) {
+	opts := systemdgen.Options{
+		Files: c.Files,
+		New:   c.New,
+	}
+
 	// First assume it's a container.
 	if info, found, err := r.generateSystemdgenContainerInfo(c, c.InputArgs[0], nil); found && err != nil {
 		return "", err
 	} else if found && err == nil {
-		return systemdgen.CreateContainerSystemdUnit(info, c.Files)
+		return systemdgen.CreateContainerSystemdUnit(info, opts)
+	}
+
+	// --new does not support pods.
+	if c.New {
+		return "", errors.Errorf("error generating systemd unit files: cannot generate generic files for a pod")
 	}
 
 	// We're either having a pod or garbage.
@@ -1312,7 +1323,7 @@ func (r *LocalRuntime) GenerateSystemd(c *cliconfig.GenerateSystemdValues) (stri
 		if i > 0 {
 			builder.WriteByte('\n')
 		}
-		out, err := systemdgen.CreateContainerSystemdUnit(info, c.Files)
+		out, err := systemdgen.CreateContainerSystemdUnit(info, opts)
 		if err != nil {
 			return "", err
 		}
diff --git a/pkg/adapter/images.go b/pkg/adapter/images.go
index c8ea1cdea..762f1a656 100644
--- a/pkg/adapter/images.go
+++ b/pkg/adapter/images.go
@@ -3,14 +3,13 @@
 package adapter
 
 import (
-	"github.com/containers/libpod/cmd/podman/cliconfig"
 	"github.com/containers/libpod/libpod/image"
 	"github.com/pkg/errors"
 )
 
 // Tree ...
-func (r *LocalRuntime) Tree(c *cliconfig.TreeValues) (*image.InfoImage, map[string]*image.LayerInfo, *ContainerImage, error) {
-	img, err := r.NewImageFromLocal(c.InputArgs[0])
+func (r *LocalRuntime) Tree(imageOrID string) (*image.InfoImage, map[string]*image.LayerInfo, *ContainerImage, error) {
+	img, err := r.NewImageFromLocal(imageOrID)
 	if err != nil {
 		return nil, nil, nil, err
 	}
diff --git a/pkg/adapter/images_remote.go b/pkg/adapter/images_remote.go
index 722058d4a..1d4997d9a 100644
--- a/pkg/adapter/images_remote.go
+++ b/pkg/adapter/images_remote.go
@@ -6,7 +6,6 @@ import (
 	"context"
 	"encoding/json"
 
-	"github.com/containers/libpod/cmd/podman/cliconfig"
 	iopodman "github.com/containers/libpod/cmd/podman/varlink"
 	"github.com/containers/libpod/libpod/image"
 	"github.com/containers/libpod/pkg/inspect"
@@ -27,11 +26,11 @@ func (i *ContainerImage) Inspect(ctx context.Context) (*inspect.ImageData, error
 }
 
 // Tree ...
-func (r *LocalRuntime) Tree(c *cliconfig.TreeValues) (*image.InfoImage, map[string]*image.LayerInfo, *ContainerImage, error) {
+func (r *LocalRuntime) Tree(imageOrID string) (*image.InfoImage, map[string]*image.LayerInfo, *ContainerImage, error) {
 	layerInfoMap := make(map[string]*image.LayerInfo)
 	imageInfo := &image.InfoImage{}
 
-	img, err := r.NewImageFromLocal(c.InputArgs[0])
+	img, err := r.NewImageFromLocal(imageOrID)
 	if err != nil {
 		return nil, nil, nil, err
 	}
@@ -44,7 +43,7 @@ func (r *LocalRuntime) Tree(c *cliconfig.TreeValues) (*image.InfoImage, map[stri
 		return nil, nil, nil, errors.Wrap(err, "failed to unmarshal image layers")
 	}
 
-	reply, err = iopodman.BuildImageHierarchyMap().Call(r.Conn, c.InputArgs[0])
+	reply, err = iopodman.BuildImageHierarchyMap().Call(r.Conn, imageOrID)
 	if err != nil {
 		return nil, nil, nil, errors.Wrap(err, "failed to get build image map")
 	}
diff --git a/pkg/adapter/info_remote.go b/pkg/adapter/info_remote.go
index 3170e5b3d..c55d1f6ef 100644
--- a/pkg/adapter/info_remote.go
+++ b/pkg/adapter/info_remote.go
@@ -14,12 +14,11 @@ func (r RemoteRuntime) Info() ([]define.InfoData, error) {
 	// TODO the varlink implementation for info should be updated to match the output for regular info
 	var (
 		reply    []define.InfoData
+		regInfo  map[string]interface{}
 		hostInfo map[string]interface{}
 		store    map[string]interface{}
 	)
 
-	registries := make(map[string]interface{})
-	insecureRegistries := make(map[string]interface{})
 	info, err := iopodman.GetInfo().Call(r.Conn)
 	if err != nil {
 		return nil, err
@@ -39,13 +38,16 @@ func (r RemoteRuntime) Info() ([]define.InfoData, error) {
 	}
 	json.Unmarshal(s, &store)
 
-	registries["registries"] = info.Registries
-	insecureRegistries["registries"] = info.Insecure_registries
+	// info.Registries -> map[string]interface{}
+	reg, err := json.Marshal(info.Registries)
+	if err != nil {
+		return nil, err
+	}
+	json.Unmarshal(reg, &regInfo)
 
 	// Add everything to the reply
 	reply = append(reply, define.InfoData{Type: "host", Data: hostInfo})
-	reply = append(reply, define.InfoData{Type: "registries", Data: registries})
-	reply = append(reply, define.InfoData{Type: "insecure registries", Data: insecureRegistries})
+	reply = append(reply, define.InfoData{Type: "registries", Data: regInfo})
 	reply = append(reply, define.InfoData{Type: "store", Data: store})
 	return reply, nil
 }
diff --git a/pkg/adapter/network.go b/pkg/adapter/network.go
index 160e334e9..b25f54a13 100644
--- a/pkg/adapter/network.go
+++ b/pkg/adapter/network.go
@@ -67,14 +67,10 @@ func (r *LocalRuntime) NetworkInspect(cli *cliconfig.NetworkInspectValues) error
 		rawCNINetworks []map[string]interface{}
 	)
 	for _, name := range cli.InputArgs {
-		b, err := network.ReadRawCNIConfByName(name)
+		rawList, err := network.InspectNetwork(name)
 		if err != nil {
 			return err
 		}
-		rawList := make(map[string]interface{})
-		if err := json.Unmarshal(b, &rawList); err != nil {
-			return fmt.Errorf("error parsing configuration list: %s", err)
-		}
 		rawCNINetworks = append(rawCNINetworks, rawList)
 	}
 	out, err := json.MarshalIndent(rawCNINetworks, "", "\t")
@@ -98,7 +94,20 @@ func (r *LocalRuntime) NetworkRemove(ctx context.Context, cli *cliconfig.Network
 		if err != nil {
 			return networkRmSuccesses, networkRmErrors, err
 		}
-		if err := r.removeNetwork(ctx, name, containers, cli.Force); err != nil {
+		// We need to iterate containers looking to see if they belong to the given network
+		for _, c := range containers {
+			if util.StringInSlice(name, c.Config().Networks) {
+				// if user passes force, we nuke containers
+				if !cli.Force {
+					// Without the force option, we return an error
+					return nil, nil, errors.Errorf("%q has associated containers with it. Use -f to forcibly delete containers", name)
+				}
+				if err := r.RemoveContainer(ctx, c.Container, true, true); err != nil {
+					return nil, nil, err
+				}
+			}
+		}
+		if err := network.RemoveNetwork(name); err != nil {
 			if lastError != nil {
 				networkRmErrors[name] = lastError
 			}
@@ -110,49 +119,6 @@ func (r *LocalRuntime) NetworkRemove(ctx context.Context, cli *cliconfig.Network
 	return networkRmSuccesses, networkRmErrors, lastError
 }
 
-// removeNetwork removes a single network and its containers given a force bool
-func (r *LocalRuntime) removeNetwork(ctx context.Context, name string, containers []*Container, force bool) error {
-	cniPath, err := network.GetCNIConfigPathByName(name)
-	if err != nil {
-		return err
-	}
-	// We need to iterate containers looking to see if they belong to the given network
-	for _, c := range containers {
-		if util.StringInSlice(name, c.Config().Networks) {
-			// if user passes force, we nuke containers
-			if force {
-				if err := r.RemoveContainer(ctx, c.Container, true, true); err != nil {
-					return err
-				}
-			} else {
-				// Without the the force option, we return an error
-				return errors.Errorf("%q has associated containers with it. use -f to forcibly delete containers", name)
-			}
-
-		}
-	}
-	// Before we delete the configuration file, we need to make sure we can read and parse
-	// it to get the network interface name so we can remove that too
-	interfaceName, err := network.GetInterfaceNameFromConfig(cniPath)
-	if err != nil {
-		return errors.Wrapf(err, "failed to find network interface name in %q", cniPath)
-	}
-	liveNetworkNames, err := network.GetLiveNetworkNames()
-	if err != nil {
-		return errors.Wrapf(err, "failed to get live network names")
-	}
-	if util.StringInSlice(interfaceName, liveNetworkNames) {
-		if err := network.RemoveInterface(interfaceName); err != nil {
-			return errors.Wrapf(err, "failed to delete the network interface %q", interfaceName)
-		}
-	}
-	// Remove the configuration file
-	if err := os.Remove(cniPath); err != nil {
-		return errors.Wrapf(err, "failed to remove network configuration file %q", cniPath)
-	}
-	return nil
-}
-
 // NetworkCreateBridge creates a CNI network
 func (r *LocalRuntime) NetworkCreateBridge(cli *cliconfig.NetworkCreateValues) (string, error) {
 	isGateway := true
diff --git a/pkg/adapter/pods.go b/pkg/adapter/pods.go
index a726153c0..5891c361f 100644
--- a/pkg/adapter/pods.go
+++ b/pkg/adapter/pods.go
@@ -8,6 +8,7 @@ import (
 	"io"
 	"io/ioutil"
 	"os"
+	"path/filepath"
 	"strings"
 
 	"github.com/containers/buildah/pkg/parse"
@@ -597,7 +598,7 @@ func (r *LocalRuntime) PlayKubeYAML(ctx context.Context, c *cliconfig.KubePlayVa
 		volumes[volume.Name] = hostPath.Path
 	}
 
-	seccompPaths, err := initializeSeccompPaths(podYAML.ObjectMeta.Annotations)
+	seccompPaths, err := initializeSeccompPaths(podYAML.ObjectMeta.Annotations, c.SeccompProfileRoot)
 	if err != nil {
 		return nil, err
 	}
@@ -847,7 +848,8 @@ func (k *kubeSeccompPaths) findForContainer(ctrName string) string {
 
 // initializeSeccompPaths takes annotations from the pod object metadata and finds annotations pertaining to seccomp
 // it parses both pod and container level
-func initializeSeccompPaths(annotations map[string]string) (*kubeSeccompPaths, error) {
+// if the annotation is of the form "localhost/%s", the seccomp profile will be set to profileRoot/%s
+func initializeSeccompPaths(annotations map[string]string, profileRoot string) (*kubeSeccompPaths, error) {
 	seccompPaths := &kubeSeccompPaths{containerPaths: make(map[string]string)}
 	var err error
 	if annotations != nil {
@@ -863,7 +865,7 @@ func initializeSeccompPaths(annotations map[string]string) (*kubeSeccompPaths, e
 				return nil, errors.Errorf("Invalid seccomp path: %s", prefixAndCtr[0])
 			}
 
-			path, err := verifySeccompPath(seccomp)
+			path, err := verifySeccompPath(seccomp, profileRoot)
 			if err != nil {
 				return nil, err
 			}
@@ -872,7 +874,7 @@ func initializeSeccompPaths(annotations map[string]string) (*kubeSeccompPaths, e
 
 		podSeccomp, ok := annotations[v1.SeccompPodAnnotationKey]
 		if ok {
-			seccompPaths.podPath, err = verifySeccompPath(podSeccomp)
+			seccompPaths.podPath, err = verifySeccompPath(podSeccomp, profileRoot)
 		} else {
 			seccompPaths.podPath, err = libpod.DefaultSeccompPath()
 		}
@@ -885,7 +887,7 @@ func initializeSeccompPaths(annotations map[string]string) (*kubeSeccompPaths, e
 
 // verifySeccompPath takes a path and checks whether it is a default, unconfined, or a path
 // the available options are parsed as defined in https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp
-func verifySeccompPath(path string) (string, error) {
+func verifySeccompPath(path string, profileRoot string) (string, error) {
 	switch path {
 	case v1.DeprecatedSeccompProfileDockerDefault:
 		fallthrough
@@ -894,13 +896,9 @@ func verifySeccompPath(path string) (string, error) {
 	case "unconfined":
 		return path, nil
 	default:
-		// TODO we have an inconsistency here
-		// k8s parses `localhost/<path>` which is found at `<seccomp_root>`
-		// we currently parse `localhost:<seccomp_root>/<path>
-		// to fully conform, we need to find a good location for the seccomp root
-		parts := strings.Split(path, ":")
+		parts := strings.Split(path, "/")
 		if parts[0] == "localhost" {
-			return parts[1], nil
+			return filepath.Join(profileRoot, parts[1]), nil
 		}
 		return "", errors.Errorf("invalid seccomp path: %s", path)
 	}
diff --git a/pkg/adapter/runtime.go b/pkg/adapter/runtime.go
index ac843b655..5f880e807 100644
--- a/pkg/adapter/runtime.go
+++ b/pkg/adapter/runtime.go
@@ -84,7 +84,7 @@ func getRuntime(runtime *libpod.Runtime) (*LocalRuntime, error) {
 	}, nil
 }
 
-// GetFilterImages returns a slice of images in containerimages that are "filtered"
+// GetFilteredImages returns a slice of images in containerimages that are "filtered"
 func (r *LocalRuntime) GetFilteredImages(filters []string, rwOnly bool) ([]*ContainerImage, error) {
 	images, err := r.ImageRuntime().GetImagesWithFilters(filters)
 	if err != nil {
@@ -111,6 +111,8 @@ func (r *LocalRuntime) getImages(rwOnly bool) ([]*ContainerImage, error) {
 	return r.ImagestoContainerImages(images, rwOnly)
 }
 
+// ImagestoContainerImages converts the slice of *image.Image to a slice of
+// *ContainerImage.  ReadOnly images are skipped when rwOnly is set.
 func (r *LocalRuntime) ImagestoContainerImages(images []*image.Image, rwOnly bool) ([]*ContainerImage, error) {
 	var containerImages []*ContainerImage
 	for _, i := range images {
@@ -155,7 +157,7 @@ func (r *LocalRuntime) New(ctx context.Context, name, signaturePolicyPath, authf
 }
 
 // RemoveImage calls into local storage and removes an image
-func (r *LocalRuntime) RemoveImage(ctx context.Context, img *ContainerImage, force bool) (string, error) {
+func (r *LocalRuntime) RemoveImage(ctx context.Context, img *ContainerImage, force bool) (*image.ImageDeleteResponse, error) {
 	return r.Runtime.RemoveImage(ctx, img.Image, force)
 }
 
@@ -284,20 +286,20 @@ func libpodVolumeToVolume(volumes []*libpod.Volume) []*Volume {
 }
 
 // Build is the wrapper to build images
-func (r *LocalRuntime) Build(ctx context.Context, c *cliconfig.BuildValues, options imagebuildah.BuildOptions, dockerfiles []string) error {
+func (r *LocalRuntime) Build(ctx context.Context, c *cliconfig.BuildValues, options imagebuildah.BuildOptions, dockerfiles []string) (string, reference.Canonical, error) {
 	namespaceOptions, networkPolicy, err := parse.NamespaceOptions(c.PodmanCommand.Command)
 	if err != nil {
-		return errors.Wrapf(err, "error parsing namespace-related options")
+		return "", nil, errors.Wrapf(err, "error parsing namespace-related options")
 	}
 	usernsOption, idmappingOptions, err := parse.IDMappingOptions(c.PodmanCommand.Command, options.Isolation)
 	if err != nil {
-		return errors.Wrapf(err, "error parsing ID mapping options")
+		return "", nil, errors.Wrapf(err, "error parsing ID mapping options")
 	}
 	namespaceOptions.AddOrReplace(usernsOption...)
 
 	systemContext, err := parse.SystemContextFromOptions(c.PodmanCommand.Command)
 	if err != nil {
-		return errors.Wrapf(err, "error building system context")
+		return "", nil, errors.Wrapf(err, "error building system context")
 	}
 
 	authfile := c.Authfile
@@ -308,7 +310,7 @@ func (r *LocalRuntime) Build(ctx context.Context, c *cliconfig.BuildValues, opti
 	systemContext.AuthFilePath = authfile
 	commonOpts, err := parse.CommonBuildOptions(c.PodmanCommand.Command)
 	if err != nil {
-		return err
+		return "", nil, err
 	}
 
 	options.NamespaceOptions = namespaceOptions
diff --git a/pkg/adapter/runtime_remote.go b/pkg/adapter/runtime_remote.go
index 87b4999ce..c908358ff 100644
--- a/pkg/adapter/runtime_remote.go
+++ b/pkg/adapter/runtime_remote.go
@@ -413,9 +413,22 @@ func (ci *ContainerImage) TagImage(tag string) error {
 	return err
 }
 
+// UntagImage removes a single tag from an image
+func (ci *ContainerImage) UntagImage(tag string) error {
+	_, err := iopodman.UntagImage().Call(ci.Runtime.Conn, ci.ID(), tag)
+	return err
+}
+
 // RemoveImage calls varlink to remove an image
-func (r *LocalRuntime) RemoveImage(ctx context.Context, img *ContainerImage, force bool) (string, error) {
-	return iopodman.RemoveImage().Call(r.Conn, img.InputName, force)
+func (r *LocalRuntime) RemoveImage(ctx context.Context, img *ContainerImage, force bool) (*image.ImageDeleteResponse, error) {
+	ir := image.ImageDeleteResponse{}
+	response, err := iopodman.RemoveImageWithResponse().Call(r.Conn, img.InputName, force)
+	if err != nil {
+		return nil, err
+	}
+	ir.Deleted = response.Deleted
+	ir.Untagged = append(ir.Untagged, response.Untagged...)
+	return &ir, nil
 }
 
 // History returns the history of an image and its layers
@@ -494,7 +507,7 @@ func (r *LocalRuntime) Import(ctx context.Context, source, reference string, cha
 	return iopodman.ImportImage().Call(r.Conn, strings.TrimRight(tempFile, ":"), reference, history, changes, true)
 }
 
-func (r *LocalRuntime) Build(ctx context.Context, c *cliconfig.BuildValues, options imagebuildah.BuildOptions, dockerfiles []string) error {
+func (r *LocalRuntime) Build(ctx context.Context, c *cliconfig.BuildValues, options imagebuildah.BuildOptions, dockerfiles []string) (string, reference.Canonical, error) {
 	buildOptions := iopodman.BuildOptions{
 		AddHosts:     options.CommonBuildOpts.AddHost,
 		CgroupParent: options.CommonBuildOpts.CgroupParent,
@@ -539,31 +552,31 @@ func (r *LocalRuntime) Build(ctx context.Context, c *cliconfig.BuildValues, opti
 	// tar the file
 	outputFile, err := ioutil.TempFile("", "varlink_tar_send")
 	if err != nil {
-		return err
+		return "", nil, err
 	}
 	defer outputFile.Close()
 	defer os.Remove(outputFile.Name())
 
 	// Create the tarball of the context dir to a tempfile
 	if err := utils.TarToFilesystem(options.ContextDirectory, outputFile); err != nil {
-		return err
+		return "", nil, err
 	}
 	// Send the context dir tarball over varlink.
 	tempFile, err := r.SendFileOverVarlink(outputFile.Name())
 	if err != nil {
-		return err
+		return "", nil, err
 	}
 	buildinfo.ContextDir = tempFile
 
 	reply, err := iopodman.BuildImage().Send(r.Conn, varlink.More, buildinfo)
 	if err != nil {
-		return err
+		return "", nil, err
 	}
 
 	for {
 		responses, flags, err := reply()
 		if err != nil {
-			return err
+			return "", nil, err
 		}
 		for _, line := range responses.Logs {
 			fmt.Print(line)
@@ -572,7 +585,7 @@ func (r *LocalRuntime) Build(ctx context.Context, c *cliconfig.BuildValues, opti
 			break
 		}
 	}
-	return err
+	return "", nil, err
 }
 
 // SendFileOverVarlink sends a file over varlink in an upgraded connection