21 files changed, 279 insertions, 122 deletions
diff --git a/pkg/api/handlers/compat/containers_create.go b/pkg/api/handlers/compat/containers_create.go
index 729639928..409a74de2 100644
--- a/pkg/api/handlers/compat/containers_create.go
+++ b/pkg/api/handlers/compat/containers_create.go
@@ -37,6 +37,9 @@ func CreateContainer(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	// Override the container name in the body struct
+	body.Name = query.Name
+
 	if len(body.HostConfig.Links) > 0 {
 		utils.Error(w, utils.ErrLinkNotSupport.Error(), http.StatusBadRequest, errors.Wrapf(utils.ErrLinkNotSupport, "bad parameter"))
 		return
@@ -69,9 +72,6 @@ func CreateContainer(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	// Override the container name in the body struct
-	body.Name = query.Name
-
 	ic := abi.ContainerEngine{Libpod: runtime}
 	report, err := ic.ContainerCreate(r.Context(), sg)
 	if err != nil {
diff --git a/pkg/api/handlers/compat/ping.go b/pkg/api/handlers/compat/ping.go
index 9f6611b30..5513e902e 100644
--- a/pkg/api/handlers/compat/ping.go
+++ b/pkg/api/handlers/compat/ping.go
@@ -15,6 +15,7 @@ import (
 func Ping(w http.ResponseWriter, r *http.Request) {
 	// Note API-Version and Libpod-API-Version are set in handler_api.go
 	w.Header().Set("BuildKit-Version", "")
+	w.Header().Set("Builder-Version", "")
 	w.Header().Set("Docker-Experimental", "true")
 	w.Header().Set("Cache-Control", "no-cache")
 	w.Header().Set("Pragma", "no-cache")
diff --git a/pkg/api/handlers/compat/system.go b/pkg/api/handlers/compat/system.go
index 322bfa7ed..e21ae160a 100644
--- a/pkg/api/handlers/compat/system.go
+++ b/pkg/api/handlers/compat/system.go
@@ -2,17 +2,91 @@ package compat
 
 import (
 	"net/http"
+	"strings"
 
+	"github.com/containers/podman/v2/libpod"
 	"github.com/containers/podman/v2/pkg/api/handlers"
 	"github.com/containers/podman/v2/pkg/api/handlers/utils"
+	"github.com/containers/podman/v2/pkg/domain/entities"
+	"github.com/containers/podman/v2/pkg/domain/infra/abi"
 	docker "github.com/docker/docker/api/types"
 )
 
 func GetDiskUsage(w http.ResponseWriter, r *http.Request) {
+	options := entities.SystemDfOptions{}
+	runtime := r.Context().Value("runtime").(*libpod.Runtime)
+	ic := abi.ContainerEngine{Libpod: runtime}
+	df, err := ic.SystemDf(r.Context(), options)
+	if err != nil {
+		utils.InternalServerError(w, err)
+	}
+
+	imgs := make([]*docker.ImageSummary, len(df.Images))
+	for i, o := range df.Images {
+		t := docker.ImageSummary{
+			Containers:  int64(o.Containers),
+			Created:     o.Created.Unix(),
+			ID:          o.ImageID,
+			Labels:      map[string]string{},
+			ParentID:    "",
+			RepoDigests: nil,
+			RepoTags:    []string{o.Tag},
+			SharedSize:  o.SharedSize,
+			Size:        o.Size,
+			VirtualSize: o.Size - o.UniqueSize,
+		}
+		imgs[i] = &t
+	}
+
+	ctnrs := make([]*docker.Container, len(df.Containers))
+	for i, o := range df.Containers {
+		t := docker.Container{
+			ID:         o.ContainerID,
+			Names:      []string{o.Names},
+			Image:      o.Image,
+			ImageID:    o.Image,
+			Command:    strings.Join(o.Command, " "),
+			Created:    o.Created.Unix(),
+			Ports:      nil,
+			SizeRw:     o.RWSize,
+			SizeRootFs: o.Size,
+			Labels:     map[string]string{},
+			State:      o.Status,
+			Status:     o.Status,
+			HostConfig: struct {
+				NetworkMode string `json:",omitempty"`
+			}{},
+			NetworkSettings: nil,
+			Mounts:          nil,
+		}
+		ctnrs[i] = &t
+	}
+
+	vols := make([]*docker.Volume, len(df.Volumes))
+	for i, o := range df.Volumes {
+		t := docker.Volume{
+			CreatedAt:  "",
+			Driver:     "",
+			Labels:     map[string]string{},
+			Mountpoint: "",
+			Name:       o.VolumeName,
+			Options:    nil,
+			Scope:      "local",
+			Status:     nil,
+			UsageData: &docker.VolumeUsageData{
+				RefCount: 1,
+				Size:     o.Size,
+			},
+		}
+		vols[i] = &t
+	}
+
 	utils.WriteResponse(w, http.StatusOK, handlers.DiskUsage{DiskUsage: docker.DiskUsage{
-		LayersSize: 0,
-		Images:     nil,
-		Containers: nil,
-		Volumes:    nil,
+		LayersSize:  0,
+		Images:      imgs,
+		Containers:  ctnrs,
+		Volumes:     vols,
+		BuildCache:  []*docker.BuildCache{},
+		BuilderSize: 0,
 	}})
 }
diff --git a/pkg/api/handlers/libpod/generate.go b/pkg/api/handlers/libpod/generate.go
index 33bb75391..b3b8c1f16 100644
--- a/pkg/api/handlers/libpod/generate.go
+++ b/pkg/api/handlers/libpod/generate.go
@@ -60,7 +60,8 @@ func GenerateKube(w http.ResponseWriter, r *http.Request) {
 	runtime := r.Context().Value("runtime").(*libpod.Runtime)
 	decoder := r.Context().Value("decoder").(*schema.Decoder)
 	query := struct {
-		Service bool `schema:"service"`
+		Names   []string `schema:"names"`
+		Service bool     `schema:"service"`
 	}{
 		// Defaults would go here.
 	}
@@ -73,7 +74,7 @@ func GenerateKube(w http.ResponseWriter, r *http.Request) {
 
 	containerEngine := abi.ContainerEngine{Libpod: runtime}
 	options := entities.GenerateKubeOptions{Service: query.Service}
-	report, err := containerEngine.GenerateKube(r.Context(), utils.GetName(r), options)
+	report, err := containerEngine.GenerateKube(r.Context(), query.Names, options)
 	if err != nil {
 		utils.Error(w, "Something went wrong.", http.StatusInternalServerError, errors.Wrap(err, "error generating YAML"))
 		return
diff --git a/pkg/api/server/register_generate.go b/pkg/api/server/register_generate.go
index 60e5b03f7..bce5484ab 100644
--- a/pkg/api/server/register_generate.go
+++ b/pkg/api/server/register_generate.go
@@ -70,7 +70,7 @@ func (s *APIServer) registerGenerateHandlers(r *mux.Router) error {
 	//     $ref: "#/responses/InternalError"
 	r.HandleFunc(VersionedPath("/libpod/generate/{name:.*}/systemd"), s.APIHandler(libpod.GenerateSystemd)).Methods(http.MethodGet)
 
-	// swagger:operation GET /libpod/generate/{name:.*}/kube libpod libpodGenerateKube
+	// swagger:operation GET /libpod/generate/kube libpod libpodGenerateKube
 	// ---
 	// tags:
 	//  - containers
@@ -78,9 +78,11 @@ func (s *APIServer) registerGenerateHandlers(r *mux.Router) error {
 	// summary: Generate a Kubernetes YAML file.
 	// description: Generate Kubernetes YAML based on a pod or container.
 	// parameters:
-	//  - in: path
-	//    name: name:.*
-	//    type: string
+	//  - in: query
+	//    name: names
+	//    type: array
+	//    items:
+	//       type: string
 	//    required: true
 	//    description: Name or ID of the container or pod.
 	//  - in: query
@@ -98,6 +100,6 @@ func (s *APIServer) registerGenerateHandlers(r *mux.Router) error {
 	//      format: binary
 	//   500:
 	//     $ref: "#/responses/InternalError"
-	r.HandleFunc(VersionedPath("/libpod/generate/{name:.*}/kube"), s.APIHandler(libpod.GenerateKube)).Methods(http.MethodGet)
+	r.HandleFunc(VersionedPath("/libpod/generate/kube"), s.APIHandler(libpod.GenerateKube)).Methods(http.MethodGet)
 	return nil
 }
diff --git a/pkg/bindings/generate/generate.go b/pkg/bindings/generate/generate.go
index dde1cc29c..8d0146ec1 100644
--- a/pkg/bindings/generate/generate.go
+++ b/pkg/bindings/generate/generate.go
@@ -2,6 +2,7 @@ package generate
 
 import (
 	"context"
+	"errors"
 	"net/http"
 	"net/url"
 	"strconv"
@@ -37,15 +38,21 @@ func Systemd(ctx context.Context, nameOrID string, options entities.GenerateSyst
 	return report, response.Process(&report.Units)
 }
 
-func Kube(ctx context.Context, nameOrID string, options entities.GenerateKubeOptions) (*entities.GenerateKubeReport, error) {
+func Kube(ctx context.Context, nameOrIDs []string, options entities.GenerateKubeOptions) (*entities.GenerateKubeReport, error) {
 	conn, err := bindings.GetClient(ctx)
 	if err != nil {
 		return nil, err
 	}
+	if len(nameOrIDs) < 1 {
+		return nil, errors.New("must provide the name or ID of one container or pod")
+	}
 	params := url.Values{}
+	for _, name := range nameOrIDs {
+		params.Add("names", name)
+	}
 	params.Set("service", strconv.FormatBool(options.Service))
 
-	response, err := conn.DoRequest(nil, http.MethodGet, "/generate/%s/kube", params, nil, nameOrID)
+	response, err := conn.DoRequest(nil, http.MethodGet, "/generate/kube", params, nil)
 	if err != nil {
 		return nil, err
 	}
diff --git a/pkg/domain/entities/engine_container.go b/pkg/domain/entities/engine_container.go
index e1f40e307..5ad475133 100644
--- a/pkg/domain/entities/engine_container.go
+++ b/pkg/domain/entities/engine_container.go
@@ -46,7 +46,7 @@ type ContainerEngine interface {
 	ContainerWait(ctx context.Context, namesOrIds []string, options WaitOptions) ([]WaitReport, error)
 	Events(ctx context.Context, opts EventsOptions) error
 	GenerateSystemd(ctx context.Context, nameOrID string, opts GenerateSystemdOptions) (*GenerateSystemdReport, error)
-	GenerateKube(ctx context.Context, nameOrID string, opts GenerateKubeOptions) (*GenerateKubeReport, error)
+	GenerateKube(ctx context.Context, nameOrIDs []string, opts GenerateKubeOptions) (*GenerateKubeReport, error)
 	SystemPrune(ctx context.Context, options SystemPruneOptions) (*SystemPruneReport, error)
 	HealthCheckRun(ctx context.Context, nameOrID string, options HealthCheckOptions) (*define.HealthCheckResults, error)
 	Info(ctx context.Context) (*define.Info, error)
@@ -55,6 +55,7 @@ type ContainerEngine interface {
 	NetworkDisconnect(ctx context.Context, networkname string, options NetworkDisconnectOptions) error
 	NetworkInspect(ctx context.Context, namesOrIds []string, options InspectOptions) ([]NetworkInspectReport, []error, error)
 	NetworkList(ctx context.Context, options NetworkListOptions) ([]*NetworkListReport, error)
+	NetworkReload(ctx context.Context, names []string, options NetworkReloadOptions) ([]*NetworkReloadReport, error)
 	NetworkRm(ctx context.Context, namesOrIds []string, options NetworkRmOptions) ([]*NetworkRmReport, error)
 	PlayKube(ctx context.Context, path string, opts PlayKubeOptions) (*PlayKubeReport, error)
 	PodCreate(ctx context.Context, opts PodCreateOptions) (*PodCreateReport, error)
diff --git a/pkg/domain/entities/network.go b/pkg/domain/entities/network.go
index 65a110fd9..b76bfcac7 100644
--- a/pkg/domain/entities/network.go
+++ b/pkg/domain/entities/network.go
@@ -22,6 +22,19 @@ type NetworkListReport struct {
 // NetworkInspectReport describes the results from inspect networks
 type NetworkInspectReport map[string]interface{}
 
+// NetworkReloadOptions describes options for reloading container network
+// configuration.
+type NetworkReloadOptions struct {
+	All    bool
+	Latest bool
+}
+
+// NetworkReloadReport describes the results of reloading a container network.
+type NetworkReloadReport struct {
+	Id  string
+	Err error
+}
+
 // NetworkRmOptions describes options for removing networks
 type NetworkRmOptions struct {
 	Force bool
diff --git a/pkg/domain/infra/abi/generate.go b/pkg/domain/infra/abi/generate.go
index 79bf2291e..79f55e2bd 100644
--- a/pkg/domain/infra/abi/generate.go
+++ b/pkg/domain/infra/abi/generate.go
@@ -41,28 +41,48 @@ func (ic *ContainerEngine) GenerateSystemd(ctx context.Context, nameOrID string,
 	return &entities.GenerateSystemdReport{Units: units}, nil
 }
 
-func (ic *ContainerEngine) GenerateKube(ctx context.Context, nameOrID string, options entities.GenerateKubeOptions) (*entities.GenerateKubeReport, error) {
+func (ic *ContainerEngine) GenerateKube(ctx context.Context, nameOrIDs []string, options entities.GenerateKubeOptions) (*entities.GenerateKubeReport, error) {
 	var (
-		pod          *libpod.Pod
+		pods         []*libpod.Pod
 		podYAML      *k8sAPI.Pod
 		err          error
-		ctr          *libpod.Container
+		ctrs         []*libpod.Container
 		servicePorts []k8sAPI.ServicePort
 		serviceYAML  k8sAPI.Service
 	)
-	// Get the container in question.
-	ctr, err = ic.Libpod.LookupContainer(nameOrID)
-	if err != nil {
-		pod, err = ic.Libpod.LookupPod(nameOrID)
+	for _, nameOrID := range nameOrIDs {
+		// Get the container in question
+		ctr, err := ic.Libpod.LookupContainer(nameOrID)
 		if err != nil {
-			return nil, err
+			pod, err := ic.Libpod.LookupPod(nameOrID)
+			if err != nil {
+				return nil, err
+			}
+			pods = append(pods, pod)
+			if len(pods) > 1 {
+				return nil, errors.New("can only generate single pod at a time")
+			}
+		} else {
+			if len(ctr.Dependencies()) > 0 {
+				return nil, errors.Wrapf(define.ErrNotImplemented, "containers with dependencies")
+			}
+			// we cannot deal with ctrs already in a pod
+			if len(ctr.PodID()) > 0 {
+				return nil, errors.Errorf("container %s is associated with pod %s: use generate on the pod itself", ctr.ID(), ctr.PodID())
+			}
+			ctrs = append(ctrs, ctr)
 		}
-		podYAML, servicePorts, err = pod.GenerateForKube()
+	}
+
+	// check our inputs
+	if len(pods) > 0 && len(ctrs) > 0 {
+		return nil, errors.New("cannot generate pods and containers at the same time")
+	}
+
+	if len(pods) == 1 {
+		podYAML, servicePorts, err = pods[0].GenerateForKube()
 	} else {
-		if len(ctr.Dependencies()) > 0 {
-			return nil, errors.Wrapf(define.ErrNotImplemented, "containers with dependencies")
-		}
-		podYAML, err = ctr.GenerateForKube()
+		podYAML, err = libpod.GenerateForKube(ctrs)
 	}
 	if err != nil {
 		return nil, err
@@ -72,7 +92,7 @@ func (ic *ContainerEngine) GenerateKube(ctx context.Context, nameOrID string, op
 		serviceYAML = libpod.GenerateKubeServiceFromV1Pod(podYAML, servicePorts)
 	}
 
-	content, err := generateKubeOutput(podYAML, &serviceYAML)
+	content, err := generateKubeOutput(podYAML, &serviceYAML, options.Service)
 	if err != nil {
 		return nil, err
 	}
@@ -80,7 +100,7 @@ func (ic *ContainerEngine) GenerateKube(ctx context.Context, nameOrID string, op
 	return &entities.GenerateKubeReport{Reader: bytes.NewReader(content)}, nil
 }
 
-func generateKubeOutput(podYAML *k8sAPI.Pod, serviceYAML *k8sAPI.Service) ([]byte, error) {
+func generateKubeOutput(podYAML *k8sAPI.Pod, serviceYAML *k8sAPI.Service, hasService bool) ([]byte, error) {
 	var (
 		output            []byte
 		marshalledPod     []byte
@@ -93,7 +113,7 @@ func generateKubeOutput(podYAML *k8sAPI.Pod, serviceYAML *k8sAPI.Service) ([]byt
 		return nil, err
 	}
 
-	if serviceYAML != nil {
+	if hasService {
 		marshalledService, err = yaml.Marshal(serviceYAML)
 		if err != nil {
 			return nil, err
@@ -114,7 +134,7 @@ func generateKubeOutput(podYAML *k8sAPI.Pod, serviceYAML *k8sAPI.Service) ([]byt
 
 	output = append(output, []byte(fmt.Sprintf(header, podmanVersion.Version))...)
 	output = append(output, marshalledPod...)
-	if serviceYAML != nil {
+	if hasService {
 		output = append(output, []byte("---\n")...)
 		output = append(output, marshalledService...)
 	}
diff --git a/pkg/domain/infra/abi/images.go b/pkg/domain/infra/abi/images.go
index ff2f2e7ae..57a2bc4cf 100644
--- a/pkg/domain/infra/abi/images.go
+++ b/pkg/domain/infra/abi/images.go
@@ -26,7 +26,6 @@ import (
 	"github.com/containers/podman/v2/pkg/domain/entities"
 	domainUtils "github.com/containers/podman/v2/pkg/domain/utils"
 	"github.com/containers/podman/v2/pkg/rootless"
-	"github.com/containers/podman/v2/pkg/trust"
 	"github.com/containers/podman/v2/pkg/util"
 	"github.com/containers/storage"
 	imgspecv1 "github.com/opencontainers/image-spec/specs-go/v1"
@@ -34,9 +33,6 @@ import (
 	"github.com/sirupsen/logrus"
 )
 
-// SignatureStoreDir defines default directory to store signatures
-const SignatureStoreDir = "/var/lib/containers/sigstore"
-
 func (ir *ImageEngine) Exists(_ context.Context, nameOrID string) (*entities.BoolReport, error) {
 	_, err := ir.Libpod.ImageRuntime().NewFromLocal(nameOrID)
 	if err != nil {
@@ -707,12 +703,6 @@ func (ir *ImageEngine) Sign(ctx context.Context, names []string, options entitie
 	sc := ir.Libpod.SystemContext()
 	sc.DockerCertPath = options.CertDir
 
-	systemRegistriesDirPath := trust.RegistriesDirPath(sc)
-	registryConfigs, err := trust.LoadAndMergeConfig(systemRegistriesDirPath)
-	if err != nil {
-		return nil, errors.Wrapf(err, "error reading registry configuration")
-	}
-
 	for _, signimage := range names {
 		err = func() error {
 			srcRef, err := alltransports.ParseImageName(signimage)
@@ -738,37 +728,25 @@ func (ir *ImageEngine) Sign(ctx context.Context, names []string, options entitie
 			}
 			var sigStoreDir string
 			if options.Directory != "" {
-				sigStoreDir = options.Directory
-			}
-			if sigStoreDir == "" {
-				if rootless.IsRootless() {
-					sigStoreDir = filepath.Join(filepath.Dir(ir.Libpod.StorageConfig().GraphRoot), "sigstore")
-				} else {
-					var sigStoreURI string
-					registryInfo := trust.HaveMatchRegistry(rawSource.Reference().DockerReference().String(), registryConfigs)
-					if registryInfo != nil {
-						if sigStoreURI = registryInfo.SigStoreStaging; sigStoreURI == "" {
-							sigStoreURI = registryInfo.SigStore
-						}
-					}
-					if sigStoreURI == "" {
-						return errors.Errorf("no signature storage configuration found for %s", rawSource.Reference().DockerReference().String())
-
-					}
-					sigStoreDir, err = localPathFromURI(sigStoreURI)
-					if err != nil {
-						return errors.Wrapf(err, "invalid signature storage %s", sigStoreURI)
-					}
+				repo := reference.Path(dockerReference)
+				if path.Clean(repo) != repo { // Coverage: This should not be reachable because /./ and /../ components are not valid in docker references
+					return errors.Errorf("Unexpected path elements in Docker reference %s for signature storage", dockerReference.String())
+				}
+				sigStoreDir = filepath.Join(options.Directory, repo)
+			} else {
+				signatureURL, err := docker.SignatureStorageBaseURL(sc, rawSource.Reference(), true)
+				if err != nil {
+					return err
+				}
+				sigStoreDir, err = localPathFromURI(signatureURL)
+				if err != nil {
+					return err
 				}
 			}
 			manifestDigest, err := manifest.Digest(getManifest)
 			if err != nil {
 				return err
 			}
-			repo := reference.Path(dockerReference)
-			if path.Clean(repo) != repo { // Coverage: This should not be reachable because /./ and /../ components are not valid in docker references
-				return errors.Errorf("Unexpected path elements in Docker reference %s for signature storage", dockerReference.String())
-			}
 
 			// create signature
 			newSig, err := signature.SignDockerManifest(getManifest, dockerReference.String(), mech, options.SignBy)
@@ -776,7 +754,7 @@ func (ir *ImageEngine) Sign(ctx context.Context, names []string, options entitie
 				return errors.Wrapf(err, "error creating new signature")
 			}
 			// create the signstore file
-			signatureDir := fmt.Sprintf("%s@%s=%s", filepath.Join(sigStoreDir, repo), manifestDigest.Algorithm(), manifestDigest.Hex())
+			signatureDir := fmt.Sprintf("%s@%s=%s", sigStoreDir, manifestDigest.Algorithm(), manifestDigest.Hex())
 			if err := os.MkdirAll(signatureDir, 0751); err != nil {
 				// The directory is allowed to exist
 				if !os.IsExist(err) {
@@ -822,14 +800,9 @@ func getSigFilename(sigStoreDirPath string) (string, error) {
 	}
 }
 
-func localPathFromURI(sigStoreDir string) (string, error) {
-	url, err := url.Parse(sigStoreDir)
-	if err != nil {
-		return sigStoreDir, errors.Wrapf(err, "invalid directory %s", sigStoreDir)
-	}
+func localPathFromURI(url *url.URL) (string, error) {
 	if url.Scheme != "file" {
-		return sigStoreDir, errors.Errorf("writing to %s is not supported. Use a supported scheme", sigStoreDir)
+		return "", errors.Errorf("writing to %s is not supported. Use a supported scheme", url.String())
 	}
-	sigStoreDir = url.Path
-	return sigStoreDir, nil
+	return url.Path, nil
 }
diff --git a/pkg/domain/infra/abi/manifest.go b/pkg/domain/infra/abi/manifest.go
index ad7128b42..600d64b1d 100644
--- a/pkg/domain/infra/abi/manifest.go
+++ b/pkg/domain/infra/abi/manifest.go
@@ -54,7 +54,7 @@ func (ir *ImageEngine) ManifestInspect(ctx context.Context, name string) ([]byte
 			}
 			return buf, nil
 			// no return if local image is not a list of images type
-			// continue on getting valid manifest through remote serice
+			// continue on getting valid manifest through remote service
 		} else if errors.Cause(err) != buildahManifests.ErrManifestTypeNotSupported {
 			return nil, errors.Wrapf(err, "loading manifest %q", name)
 		}
diff --git a/pkg/domain/infra/abi/network.go b/pkg/domain/infra/abi/network.go
index 6a219edd5..e5ecf5c72 100644
--- a/pkg/domain/infra/abi/network.go
+++ b/pkg/domain/infra/abi/network.go
@@ -60,6 +60,26 @@ func (ic *ContainerEngine) NetworkInspect(ctx context.Context, namesOrIds []stri
 	return rawCNINetworks, errs, nil
 }
 
+func (ic *ContainerEngine) NetworkReload(ctx context.Context, names []string, options entities.NetworkReloadOptions) ([]*entities.NetworkReloadReport, error) {
+	ctrs, err := getContainersByContext(options.All, options.Latest, names, ic.Libpod)
+	if err != nil {
+		return nil, err
+	}
+
+	reports := make([]*entities.NetworkReloadReport, 0, len(ctrs))
+	for _, ctr := range ctrs {
+		report := new(entities.NetworkReloadReport)
+		report.Id = ctr.ID()
+		report.Err = ctr.ReloadNetwork()
+		if options.All && errors.Cause(report.Err) == define.ErrCtrStateInvalid {
+			continue
+		}
+		reports = append(reports, report)
+	}
+
+	return reports, nil
+}
+
 func (ic *ContainerEngine) NetworkRm(ctx context.Context, namesOrIds []string, options entities.NetworkRmOptions) ([]*entities.NetworkRmReport, error) {
 	reports := []*entities.NetworkRmReport{}
 
diff --git a/pkg/domain/infra/abi/system.go b/pkg/domain/infra/abi/system.go
index ec2532bea..7ed58092b 100644
--- a/pkg/domain/infra/abi/system.go
+++ b/pkg/domain/infra/abi/system.go
@@ -168,37 +168,61 @@ func checkInput() error { // nolint:deadcode,unused
 // SystemPrune removes unused data from the system. Pruning pods, containers, volumes and images.
 func (ic *ContainerEngine) SystemPrune(ctx context.Context, options entities.SystemPruneOptions) (*entities.SystemPruneReport, error) {
 	var systemPruneReport = new(entities.SystemPruneReport)
-	podPruneReport, err := ic.prunePodHelper(ctx)
-	if err != nil {
-		return nil, err
-	}
-	systemPruneReport.PodPruneReport = podPruneReport
-
-	containerPruneReport, err := ic.pruneContainersHelper(nil)
-	if err != nil {
-		return nil, err
-	}
-	systemPruneReport.ContainerPruneReport = containerPruneReport
-
-	results, err := ic.Libpod.ImageRuntime().PruneImages(ctx, options.All, nil)
-	if err != nil {
-		return nil, err
-	}
-	report := entities.ImagePruneReport{
-		Report: entities.Report{
-			Id:  results,
-			Err: nil,
-		},
-	}
+	found := true
+	for found {
+		found = false
+		podPruneReport, err := ic.prunePodHelper(ctx)
+		if err != nil {
+			return nil, err
+		}
+		if len(podPruneReport) > 0 {
+			found = true
+		}
+		systemPruneReport.PodPruneReport = append(systemPruneReport.PodPruneReport, podPruneReport...)
+		containerPruneReport, err := ic.pruneContainersHelper(nil)
+		if err != nil {
+			return nil, err
+		}
+		if len(containerPruneReport.ID) > 0 {
+			found = true
+		}
+		if systemPruneReport.ContainerPruneReport == nil {
+			systemPruneReport.ContainerPruneReport = containerPruneReport
+		} else {
+			for name, val := range containerPruneReport.ID {
+				systemPruneReport.ContainerPruneReport.ID[name] = val
+			}
+		}
 
-	systemPruneReport.ImagePruneReport = &report
+		results, err := ic.Libpod.ImageRuntime().PruneImages(ctx, options.All, nil)
 
-	if options.Volume {
-		volumePruneReport, err := ic.pruneVolumesHelper(ctx)
 		if err != nil {
 			return nil, err
 		}
-		systemPruneReport.VolumePruneReport = volumePruneReport
+		if len(results) > 0 {
+			found = true
+		}
+
+		if systemPruneReport.ImagePruneReport == nil {
+			systemPruneReport.ImagePruneReport = &entities.ImagePruneReport{
+				Report: entities.Report{
+					Id:  results,
+					Err: nil,
+				},
+			}
+		} else {
+			systemPruneReport.ImagePruneReport.Report.Id = append(systemPruneReport.ImagePruneReport.Report.Id, results...)
+		}
+		if options.Volume {
+			volumePruneReport, err := ic.pruneVolumesHelper(ctx)
+			if err != nil {
+				return nil, err
+			}
+			if len(volumePruneReport) > 0 {
+				found = true
+			}
+			systemPruneReport.VolumePruneReport = append(systemPruneReport.VolumePruneReport, volumePruneReport...)
+		}
 	}
 	return systemPruneReport, nil
 }
diff --git a/pkg/domain/infra/tunnel/generate.go b/pkg/domain/infra/tunnel/generate.go
index 966f707b1..ebbfa143f 100644
--- a/pkg/domain/infra/tunnel/generate.go
+++ b/pkg/domain/infra/tunnel/generate.go
@@ -11,6 +11,6 @@ func (ic *ContainerEngine) GenerateSystemd(ctx context.Context, nameOrID string,
 	return generate.Systemd(ic.ClientCxt, nameOrID, options)
 }
 
-func (ic *ContainerEngine) GenerateKube(ctx context.Context, nameOrID string, options entities.GenerateKubeOptions) (*entities.GenerateKubeReport, error) {
-	return generate.Kube(ic.ClientCxt, nameOrID, options)
+func (ic *ContainerEngine) GenerateKube(ctx context.Context, nameOrIDs []string, options entities.GenerateKubeOptions) (*entities.GenerateKubeReport, error) {
+	return generate.Kube(ic.ClientCxt, nameOrIDs, options)
 }
diff --git a/pkg/domain/infra/tunnel/network.go b/pkg/domain/infra/tunnel/network.go
index 10ae03045..4845980f6 100644
--- a/pkg/domain/infra/tunnel/network.go
+++ b/pkg/domain/infra/tunnel/network.go
@@ -35,6 +35,10 @@ func (ic *ContainerEngine) NetworkInspect(ctx context.Context, namesOrIds []stri
 	return reports, errs, nil
 }
 
+func (ic *ContainerEngine) NetworkReload(ctx context.Context, names []string, options entities.NetworkReloadOptions) ([]*entities.NetworkReloadReport, error) {
+	return nil, errors.New("not implemented")
+}
+
 func (ic *ContainerEngine) NetworkRm(ctx context.Context, namesOrIds []string, options entities.NetworkRmOptions) ([]*entities.NetworkRmReport, error) {
 	reports := make([]*entities.NetworkRmReport, 0, len(namesOrIds))
 	for _, name := range namesOrIds {
diff --git a/pkg/specgen/generate/container_create.go b/pkg/specgen/generate/container_create.go
index 95e4eeb8f..4f36744ca 100644
--- a/pkg/specgen/generate/container_create.go
+++ b/pkg/specgen/generate/container_create.go
@@ -98,7 +98,6 @@ func MakeContainer(ctx context.Context, rt *libpod.Runtime, s *specgen.SpecGener
 		// present.
 		imgName := newImage.InputName
 		if s.Image == newImage.InputName && strings.HasPrefix(newImage.ID(), s.Image) {
-			imgName = ""
 			names := newImage.Names()
 			if len(names) > 0 {
 				imgName = names[0]
diff --git a/pkg/specgen/generate/kube/kube.go b/pkg/specgen/generate/kube/kube.go
index 5f72d28bb..5cc7891ac 100644
--- a/pkg/specgen/generate/kube/kube.go
+++ b/pkg/specgen/generate/kube/kube.go
@@ -148,6 +148,11 @@ func ToSpecGen(ctx context.Context, containerYAML v1.Container, iid string, newI
 
 	// Environment Variables
 	envs := map[string]string{}
+	for _, env := range imageData.Config.Env {
+		keyval := strings.Split(env, "=")
+		envs[keyval[0]] = keyval[1]
+	}
+
 	for _, env := range containerYAML.Env {
 		value := envVarValue(env, configMaps)
 
diff --git a/pkg/specgen/generate/kube/volume.go b/pkg/specgen/generate/kube/volume.go
index 2ef0f4c23..bb8edabb7 100644
--- a/pkg/specgen/generate/kube/volume.go
+++ b/pkg/specgen/generate/kube/volume.go
@@ -103,7 +103,7 @@ func VolumeFromSource(volumeSource v1.VolumeSource) (*KubeVolume, error) {
 	} else if volumeSource.PersistentVolumeClaim != nil {
 		return VolumeFromPersistentVolumeClaim(volumeSource.PersistentVolumeClaim)
 	} else {
-		return nil, errors.Errorf("HostPath and PersistentVolumeClaim are currently the conly supported VolumeSource")
+		return nil, errors.Errorf("HostPath and PersistentVolumeClaim are currently the only supported VolumeSource")
 	}
 }
 
diff --git a/pkg/specgen/generate/oci.go b/pkg/specgen/generate/oci.go
index 0368ab205..c24dcf4c0 100644
--- a/pkg/specgen/generate/oci.go
+++ b/pkg/specgen/generate/oci.go
@@ -165,7 +165,7 @@ func SpecGenToOCI(ctx context.Context, s *specgen.SpecGenerator, rt *libpod.Runt
 			inUserNS = true
 		}
 	}
-	if inUserNS && s.NetNS.IsHost() {
+	if inUserNS && s.NetNS.NSMode != specgen.NoNetwork {
 		canMountSys = false
 	}
 
diff --git a/pkg/specgen/generate/ports.go b/pkg/specgen/generate/ports.go
index 5c13c95b2..83ded059f 100644
--- a/pkg/specgen/generate/ports.go
+++ b/pkg/specgen/generate/ports.go
@@ -107,7 +107,11 @@ func parsePortMapping(portMappings []specgen.PortMapping) ([]ocicni.PortMapping,
 			var index uint16
 			for index = 0; index < len; index++ {
 				cPort := containerPort + index
-				hPort := hostPort + index
+				hPort := hostPort
+				// Only increment host port if it's not 0.
+				if hostPort != 0 {
+					hPort += index
+				}
 
 				if cPort == 0 {
 					return nil, nil, nil, errors.Errorf("container port cannot be 0")
@@ -162,8 +166,8 @@ func parsePortMapping(portMappings []specgen.PortMapping) ([]ocicni.PortMapping,
 					tempMappings,
 					tempMapping{
 						mapping:      cniPort,
-						startOfRange: port.Range > 0 && index == 0,
-						isInRange:    port.Range > 0,
+						startOfRange: port.Range > 1 && index == 0,
+						isInRange:    port.Range > 1,
 					},
 				)
 			}
@@ -183,7 +187,7 @@ func parsePortMapping(portMappings []specgen.PortMapping) ([]ocicni.PortMapping,
 		for _, tmp := range tempMappings {
 			p := tmp.mapping
 
-			if p.HostPort != 0 && !tmp.isInRange {
+			if p.HostPort != 0 {
 				remadeMappings = append(remadeMappings, p)
 				continue
 			}
diff --git a/pkg/trust/trust.go b/pkg/trust/trust.go
index a61e0ef10..a30611b74 100644
--- a/pkg/trust/trust.go
+++ b/pkg/trust/trust.go
@@ -12,6 +12,7 @@ import (
 	"strings"
 
 	"github.com/containers/image/v5/types"
+	"github.com/docker/docker/pkg/homedir"
 	"github.com/ghodss/yaml"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
@@ -60,6 +61,12 @@ type ShowOutput struct {
 	Sigstore  string
 }
 
+// systemRegistriesDirPath is the path to registries.d.
+const systemRegistriesDirPath = "/etc/containers/registries.d"
+
+// userRegistriesDir is the path to the per user registries.d.
+var userRegistriesDir = filepath.FromSlash(".config/containers/registries.d")
+
 // DefaultPolicyPath returns a path to the default policy of the system.
 func DefaultPolicyPath(sys *types.SystemContext) string {
 	systemDefaultPolicyPath := "/etc/containers/policy.json"
@@ -76,15 +83,17 @@ func DefaultPolicyPath(sys *types.SystemContext) string {
 
 // RegistriesDirPath returns a path to registries.d
 func RegistriesDirPath(sys *types.SystemContext) string {
-	systemRegistriesDirPath := "/etc/containers/registries.d"
-	if sys != nil {
-		if sys.RegistriesDirPath != "" {
-			return sys.RegistriesDirPath
-		}
-		if sys.RootForImplicitAbsolutePaths != "" {
-			return filepath.Join(sys.RootForImplicitAbsolutePaths, systemRegistriesDirPath)
-		}
+	if sys != nil && sys.RegistriesDirPath != "" {
+		return sys.RegistriesDirPath
+	}
+	userRegistriesDirPath := filepath.Join(homedir.Get(), userRegistriesDir)
+	if _, err := os.Stat(userRegistriesDirPath); err == nil {
+		return userRegistriesDirPath
 	}
+	if sys != nil && sys.RootForImplicitAbsolutePaths != "" {
+		return filepath.Join(sys.RootForImplicitAbsolutePaths, systemRegistriesDirPath)
+	}
+
 	return systemRegistriesDirPath
 }