1 files changed, 129 insertions, 15 deletions
diff --git a/pkg/varlinkapi/images.go b/pkg/varlinkapi/images.go
index d14c61c39..5e4cb4ccb 100644
--- a/pkg/varlinkapi/images.go
+++ b/pkg/varlinkapi/images.go
@@ -5,6 +5,7 @@ import (
 	"encoding/json"
 	"fmt"
 	"io"
+	"os"
 	"path/filepath"
 	"strings"
 	"time"
@@ -12,13 +13,17 @@ import (
 	"github.com/containers/buildah"
 	"github.com/containers/buildah/imagebuildah"
 	"github.com/containers/image/docker"
+	dockerarchive "github.com/containers/image/docker/archive"
 	"github.com/containers/image/manifest"
+	"github.com/containers/image/transports/alltransports"
 	"github.com/containers/image/types"
+	"github.com/containers/libpod/cmd/podman/shared"
 	"github.com/containers/libpod/cmd/podman/varlink"
 	"github.com/containers/libpod/libpod"
 	"github.com/containers/libpod/libpod/image"
 	sysreg "github.com/containers/libpod/pkg/registries"
 	"github.com/containers/libpod/pkg/util"
+	"github.com/containers/libpod/utils"
 	"github.com/docker/go-units"
 	"github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/opencontainers/runtime-spec/specs-go"
@@ -127,7 +132,7 @@ func (i *LibpodAPI) BuildImage(call iopodman.VarlinkCall, config iopodman.BuildI
 	if config.Pull_always {
 		pullPolicy = imagebuildah.PullAlways
 	}
-	manifestType := "oci"
+	manifestType := "oci" //nolint
 	if config.Image_format != "" {
 		manifestType = config.Image_format
 	}
@@ -271,6 +276,9 @@ func (i *LibpodAPI) InspectImage(call iopodman.VarlinkCall, name string) error {
 		return call.ReplyImageNotFound(name)
 	}
 	inspectInfo, err := newImage.Inspect(getContext())
+	if err != nil {
+		return call.ReplyErrorOccurred(err.Error())
+	}
 	b, err := json.Marshal(inspectInfo)
 	if err != nil {
 		return call.ReplyErrorOccurred(fmt.Sprintf("unable to serialize"))
@@ -305,8 +313,12 @@ func (i *LibpodAPI) HistoryImage(call iopodman.VarlinkCall, name string) error {
 }
 
 // PushImage pushes an local image to registry
-// TODO We need to add options for signing, credentials, tls, and multi-tag
-func (i *LibpodAPI) PushImage(call iopodman.VarlinkCall, name, tag string, tlsVerify bool) error {
+func (i *LibpodAPI) PushImage(call iopodman.VarlinkCall, name, tag string, tlsVerify bool, signaturePolicy, creds, certDir string, compress bool, format string, removeSignatures bool, signBy string) error {
+	var (
+		registryCreds *types.DockerAuthConfig
+		manifestType  string
+	)
+
 	newImage, err := i.Runtime.ImageRuntime().NewFromLocal(name)
 	if err != nil {
 		return call.ReplyImageNotFound(err.Error())
@@ -315,14 +327,38 @@ func (i *LibpodAPI) PushImage(call iopodman.VarlinkCall, name, tag string, tlsVe
 	if tag != "" {
 		destname = tag
 	}
-
+	if creds != "" {
+		creds, err := util.ParseRegistryCreds(creds)
+		if err != nil {
+			return err
+		}
+		registryCreds = creds
+	}
 	dockerRegistryOptions := image.DockerRegistryOptions{
-		DockerInsecureSkipTLSVerify: !tlsVerify,
+		DockerRegistryCreds: registryCreds,
+		DockerCertPath:      certDir,
+	}
+	if !tlsVerify {
+		dockerRegistryOptions.DockerInsecureSkipTLSVerify = types.OptionalBoolTrue
+	}
+	if format != "" {
+		switch format {
+		case "oci": //nolint
+			manifestType = v1.MediaTypeImageManifest
+		case "v2s1":
+			manifestType = manifest.DockerV2Schema1SignedMediaType
+		case "v2s2", "docker":
+			manifestType = manifest.DockerV2Schema2MediaType
+		default:
+			return call.ReplyErrorOccurred(fmt.Sprintf("unknown format %q. Choose on of the supported formats: 'oci', 'v2s1', or 'v2s2'", format))
+		}
+	}
+	so := image.SigningOptions{
+		RemoveSignatures: removeSignatures,
+		SignBy:           signBy,
 	}
 
-	so := image.SigningOptions{}
-
-	if err := newImage.PushImageToHeuristicDestination(getContext(), destname, "", "", "", nil, false, so, &dockerRegistryOptions, false, nil); err != nil {
+	if err := newImage.PushImageToHeuristicDestination(getContext(), destname, manifestType, "", signaturePolicy, nil, compress, so, &dockerRegistryOptions, nil); err != nil {
 		return call.ReplyErrorOccurred(err.Error())
 	}
 	return call.ReplyPushImage(newImage.ID())
@@ -421,7 +457,7 @@ func (i *LibpodAPI) Commit(call iopodman.VarlinkCall, name, imageName string, ch
 	sc := image.GetSystemContext(i.Runtime.GetConfig().SignaturePolicyPath, "", false)
 	var mimeType string
 	switch manifestType {
-	case "oci", "":
+	case "oci", "": //nolint
 		mimeType = buildah.OCIv1ImageManifest
 	case "docker":
 		mimeType = manifest.DockerV2Schema2MediaType
@@ -482,18 +518,96 @@ func (i *LibpodAPI) ExportImage(call iopodman.VarlinkCall, name, destination str
 		return err
 	}
 
-	if err := newImage.PushImageToHeuristicDestination(getContext(), destination, "", "", "", nil, compress, image.SigningOptions{}, &image.DockerRegistryOptions{}, false, additionalTags); err != nil {
+	if err := newImage.PushImageToHeuristicDestination(getContext(), destination, "", "", "", nil, compress, image.SigningOptions{}, &image.DockerRegistryOptions{}, additionalTags); err != nil {
 		return call.ReplyErrorOccurred(err.Error())
 	}
 	return call.ReplyExportImage(newImage.ID())
 }
 
 // PullImage pulls an image from a registry to the image store.
-// TODO This implementation is incomplete
-func (i *LibpodAPI) PullImage(call iopodman.VarlinkCall, name string) error {
-	newImage, err := i.Runtime.ImageRuntime().New(getContext(), name, "", "", nil, &image.DockerRegistryOptions{}, image.SigningOptions{}, true, false)
+func (i *LibpodAPI) PullImage(call iopodman.VarlinkCall, name string, certDir, creds, signaturePolicy string, tlsVerify bool) error {
+	var (
+		registryCreds *types.DockerAuthConfig
+		imageID       string
+	)
+	if creds != "" {
+		creds, err := util.ParseRegistryCreds(creds)
+		if err != nil {
+			return err
+		}
+		registryCreds = creds
+	}
+
+	dockerRegistryOptions := image.DockerRegistryOptions{
+		DockerRegistryCreds: registryCreds,
+		DockerCertPath:      certDir,
+	}
+	if tlsVerify {
+		dockerRegistryOptions.DockerInsecureSkipTLSVerify = types.NewOptionalBool(!tlsVerify)
+	}
+
+	so := image.SigningOptions{}
+
+	if strings.HasPrefix(name, dockerarchive.Transport.Name()+":") {
+		srcRef, err := alltransports.ParseImageName(name)
+		if err != nil {
+			return errors.Wrapf(err, "error parsing %q", name)
+		}
+		newImage, err := i.Runtime.ImageRuntime().LoadFromArchiveReference(getContext(), srcRef, signaturePolicy, nil)
+		if err != nil {
+			return errors.Wrapf(err, "error pulling image from %q", name)
+		}
+		imageID = newImage[0].ID()
+	} else {
+		newImage, err := i.Runtime.ImageRuntime().New(getContext(), name, signaturePolicy, "", nil, &dockerRegistryOptions, so, false)
+		if err != nil {
+			return call.ReplyErrorOccurred(fmt.Sprintf("unable to pull %s: %s", name, err.Error()))
+		}
+		imageID = newImage.ID()
+	}
+	return call.ReplyPullImage(imageID)
+}
+
+// ImageExists returns bool as to whether the input image exists in local storage
+func (i *LibpodAPI) ImageExists(call iopodman.VarlinkCall, name string) error {
+	_, err := i.Runtime.ImageRuntime().NewFromLocal(name)
+	if errors.Cause(err) == image.ErrNoSuchImage {
+		return call.ReplyImageExists(1)
+	}
+	if err != nil {
+		return call.ReplyErrorOccurred(err.Error())
+	}
+	return call.ReplyImageExists(0)
+}
+
+// ContainerRunlabel ...
+func (i *LibpodAPI) ContainerRunlabel(call iopodman.VarlinkCall, input iopodman.Runlabel) error {
+	ctx := getContext()
+	dockerRegistryOptions := image.DockerRegistryOptions{
+		DockerCertPath: input.CertDir,
+	}
+	if !input.TlsVerify {
+		dockerRegistryOptions.DockerInsecureSkipTLSVerify = types.OptionalBoolTrue
+	}
+
+	stdErr := os.Stderr
+	stdOut := os.Stdout
+	stdIn := os.Stdin
+
+	runLabel, imageName, err := shared.GetRunlabel(input.Label, input.Image, ctx, i.Runtime, input.Pull, input.Creds, dockerRegistryOptions, input.Authfile, input.SignaturePolicyPath, nil)
+	if err != nil {
+		return err
+	}
+	if runLabel == "" {
+		return nil
+	}
+
+	cmd, env, err := shared.GenerateRunlabelCommand(runLabel, imageName, input.Name, input.Opts, input.ExtraArgs)
 	if err != nil {
-		return call.ReplyErrorOccurred(fmt.Sprintf("unable to pull %s: %s", name, err.Error()))
+		return err
+	}
+	if err := utils.ExecCmdWithStdStreams(stdIn, stdOut, stdErr, env, cmd[0], cmd[1:]...); err != nil {
+		return call.ReplyErrorOccurred(err.Error())
 	}
-	return call.ReplyPullImage(newImage.ID())
+	return call.ReplyContainerRunlabel()
 }