aboutsummaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
...
| * Use getPullRefPair / getSinglePullRefPairGoal in ↵Miloslav Trmač2019-01-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | pullGoalFromPossiblyUnqualifiedName This shortens the code a bit, but most importantly ensures that all pulls from docker.Transport are processed exactly the same way, and there is only a single store.ParseStoreReference in the pull code. It's a bit wasteful to call decompose() in getPullRefPair just after pullGoalFromPossiblyUnqualifiedName has qualified the name, but on balance only having exactly one code path seems worth it. Alternatively we could split getPullRefPairToQualifiedDestination from getPullRefPair. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * Use imageParts.referenceWithRegistry in pullGoalFromPossiblyUnqualifiedNameMiloslav Trmač2019-01-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | CHANGES BEHAVIOR. This bypasses .assemble, and preserves the original lack of tag / original digest instead of adding :latest/:none (still subject to ParseStoreReference normalization). Using the original digest seems clearly correct; dropping the :latest suffix from .image strings, and adding /library to docker.io/shortname, only affects user-visible input; later uses of the return value of pullImageFrom... use ParseStoreReference, which calls reference.ParseNormalizedNamed and reference.TagNameOnly, so the image name should be processed the same way whether it contains a tag, or libray/, or not. This also allows us to drop the problematic hasShaInInputName heuristic/condition/helper. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * Use imageParts.referenceWithRegistry in getPullRefPairMiloslav Trmač2019-01-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | CHANGES BEHAVIOR. This bypasses .assemble, and preserves the original lack of tag / original digest instead of adding :latest/:none (still subject to ParseStoreReference normalization). Using the original digest seems clearly correct; dropping the :latest suffix from .image strings only affects user-visible input; later uses of the return value of pullImageFrom... use ParseStoreReference, which calls reference.TagNameOnly, so the image name should be processed the same way whether it contains a tag or not. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * Add imageParts.referenceWithRegistryMiloslav Trmač2019-01-14
| | | | | | | | | | | | | | | | | | This is the primary goal of decompose()+assemble(), to support qualifying an image name. Does not have any users yet, so does not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * Don't use imageParts.assemble when pulling from a qualified nameMiloslav Trmač2019-01-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | CHANGES BEHAVIOR. If the name is qualified, instead of decomposing it into components and re-assembling, just use the input name unmodified: - For name:tag values, .assemble() just recreates the input. - For untagged values, .assemble() adds ":latest"; we keep the input as is, but both docker.ParseReference and storage.Transport.ParseStoreReference use reference.TagNameOnly() already. - For digested references, .assemble() adds ":none", but the code was already bypassing .assemble() on that path already - for the source reference. For the destination, this replaces a :none destination with a the @digest reference, as expected. Note that while decompose() has already parsed the input, it (intentionally) bypassed the docker.io/library normalization; therefore we parse the input again (via docker.ParseReference) to ensure that the reference is normalized. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * Reorganize normalizeTagMiloslav Trmač2019-01-14
| | | | | | | | | | | | | | | | Move the registry defaulting before tag defaulting. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * Simplify pullGoalFromPossiblyUnqualifiedNameMiloslav Trmač2019-01-14
| | | | | | | | | | | | | | | | | | | | Both imageParts and this function implicitly assume docker.Transport troughout, so instead of pretending to be flexible about DefaultTransport, just hard-code docker.ParseReference directly. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * Remove imageParts.transportMiloslav Trmač2019-01-14
| | | | | | | | | | | | | | | | | | | | It is only ever set to DefaulTransport, and all of the code is docker/reference-specific anyway, so there's no point in making this a variable. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * Simplify pullGoalFromPossiblyUnqualifiedNameMiloslav Trmač2019-01-14
| | | | | | | | | | | | | | | | | | | | After inlining assembleWithTransport, we have two branches with the same prepending of decomposedImage.transport; move that out of the branches. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * Inline imageParts.assembleWithTransport into callersMiloslav Trmač2019-01-14
| | | | | | | | | | | | | | | | | | | | | | | | | | imageParts.transport is a constant, and the design of imageParts is not transport-independent in any sense; we will want to eliminate the transport member entirely. As a first step, drop assembleWithTransport and inline an exact equivalent into all callers. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * Record the original reference.Named in imagePartsMiloslav Trmač2019-01-14
| | | | | | | | | | | | | | | | | | | | | | | | We will eventually want to eliminate most members of imageParts in favor of using the c/image/docker/reference API directly. For now, just record the reference.Named value, and we will replace uses of the other members before removing them. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * Drop image.DecomposeString, make image.Parts private imageParts againMiloslav Trmač2019-01-14
| | | | | | | | | | | | | | | | | | Now that DecomposeString has no users, make the type private again. Any new users of it should come with a rationale - and new users of the "none"/"latest" handling of untagged/digested names that is currently implemented should have an exceptionaly unusual rationale. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * Don't call image.DecomposeString in imageInListToContainerImageMiloslav Trmač2019-01-14
|/ | | | | | | | | | | | | | | - It is used to fill Repository(misnamed)/Tag members which have no users; so it's completely unclear why this is useful. - Given the mishandling of tags by imageParts.tag, at the very least all new code should primarily use reference.Named (even if after a decompose() to internally deal with unqualified names first), introducing new uses of original decompose() just reintroduces known trouble - so without any provided rationale, reverting seems a reasonable default action. - This drags in all of libpod/image into the "remote client" build, which seems undesirable. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Merge pull request #2141 from baude/remotetagOpenShift Merge Robot2019-01-13
|\ | | | | Add darwin support for remote-client
| * Add darwin support for remote-clientbaude2019-01-11
| | | | | | | | | | | | | | | | Add the ability to cross-compile podman remote for OSX. Also, add image exists and tag to remote-client. Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #2137 from rhatdan/noexecOpenShift Merge Robot2019-01-13
|\ \ | | | | | | Add troubleshooting statement for homedirs mounted noexec
| * | Add troubleshooting statement for homedirs mounted noexecDaniel J Walsh2019-01-13
| | | | | | | | | | | | | | | | | | | | | | | | This fixes https://bugzilla.redhat.com/show_bug.cgi?id=1651228 Users were surprised when they were not able to run a contianer on a noexec homedir. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #2008 from harche/multi-archOpenShift Merge Robot2019-01-13
|\ \ \ | |/ / |/| | Use multi-arch images in test cases
| * | Use multi-arch images in test case scriptsHarshal Patil2019-01-11
| | | | | | | | | | | | Signed-off-by: Harshal Patil <harshal.patil@in.ibm.com>
* | | Merge pull request #2148 from rhatdan/storage-optOpenShift Merge Robot2019-01-12
|\ \ \ | | | | | | | | Set default storage options from mounts.conf file.
| * | | Set default storage options from mounts.conf file.Daniel J Walsh2019-01-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We were never loading the storage.conf file to grab mountOptions. This is causing us to not use metacopyup option when running with overlay. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #2145 from baude/playcontainerintopodOpenShift Merge Robot2019-01-12
|\ \ \ \ | |/ / / |/| | | podman play kube: add containers to pod
| * | | podman play kube: add containers to podbaude2019-01-11
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | when defining containers, we missed the conditional logic to allow the container to be defined with "WithPod" and so forth. I had to slightly modify the createcontainer process to pass a libpod.Pod that could override things; use nil as no pod. Signed-off-by: baude <bbaude@redhat.com>
* | | Merge pull request #2138 from giuseppe/rootless-pod-fixOpenShift Merge Robot2019-01-11
|\ \ \ | |/ / |/| | rootless: fix usage of create --pod=new:FOO
| * | rootless: create the userns immediately when creating a new podGiuseppe Scrivano2019-01-11
| | | | | | | | | | | | | | | | | | Closes: https://github.com/containers/libpod/issues/2124 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | rootless: join both userns and mount namespace with --podGiuseppe Scrivano2019-01-11
| | | | | | | | | | | | | | | | | | | | | When --pod is specified then join both the user and mount namespace for the pod so we can initialize the storage. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | spec: add nosuid,noexec,nodev to ro bind mountGiuseppe Scrivano2019-01-11
| | | | | | | | | | | | | | | | | | | | | runc fails to change the ro mode of a rootless bind mount if the other flags are not kept. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #2135 from baude/varlinkpruneOpenShift Merge Robot2019-01-11
|\ \ \ | | | | | | | | Add varlink support for prune
| * | | Add varlink support for prunebaude2019-01-10
| |/ / | | | | | | | | | | | | | | | | | | Add the ability to prune unused images using the varlink API. Signed-off-by: baude <bbaude@redhat.com>
* | | Merge pull request #2113 from baude/remoteimagesOpenShift Merge Robot2019-01-11
|\ \ \ | | | | | | | | remote-client support for images
| * | | remote-client support for imagesbaude2019-01-10
| | | | | | | | | | | | | | | | Signed-off-by: baude <bbaude@redhat.com>
* | | | Merge pull request #2102 from vrothberg/vendor-updateOpenShift Merge Robot2019-01-11
|\ \ \ \ | | | | | | | | | | vendor: update everything
| * | | | vendor: update everythingValentin Rothberg2019-01-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * If possible, update each dependency to the latest available version. * Use releases over commit IDs and avoid vendoring branches. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | | | vendor make targetValentin Rothberg2019-01-11
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | Add a `make vendor` target calls `vndr` with a specified whitelist to avoid deleting important files (currently the varlink/go project). Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | Merge pull request #2105 from mheon/jsoniterOpenShift Merge Robot2019-01-11
|\ \ \ \ | |_|/ / |/| | | Use jsoniter instead of easyjson
| * | | Replace tab with spaces in MarshalIndent in libpodMatthew Heon2019-01-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The json-iterator package will panic on attempting to use MarshalIndent with a non-space indentation. This is sort of silly but swapping from tabs to spaces is not a big issue for us, so let's work around the silly panic. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | | Remove one more usage of encoding/json in libpodMatthew Heon2019-01-10
| | | | | | | | | | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | | Update vendor.conf for jsoniter vendor changesMatthew Heon2019-01-10
| | | | | | | | | | | | | | | | | | | | | | | | The vndr tool isn't updating vendor.conf so do it manually. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | | Move all libpod/ JSON references over to jsoniterMatthew Heon2019-01-10
| | | | | | | | | | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | | Update json-iterator vendor to v1.1.5Matthew Heon2019-01-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We already have it vendored for a Kube package we import, but we want a more recent version with additional bugfixes over the 1.0 release we originally had. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | | Remove easyjson in preparation for switch to jsoniterMatthew Heon2019-01-10
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | The jsoniter library does not require code generation, which is a massive advantage over easyjson (it's also about the same in performance). Begin moving over to it by removing the existing easyjson code. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Merge pull request #2131 from mheon/restore_storage_defaultsOpenShift Merge Robot2019-01-10
|\ \ \ | | | | | | | | Use defaults if paths are not specified in storage.conf
| * | | Use defaults if paths are not specified in storage.confMatthew Heon2019-01-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | For rootless Podman, if storage.conf exists but does not specify one or both of RunRoot and GraphRoot, set them to rootless defaults so we don't end up with an unusable configuration. Fixes #2125 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | Merge pull request #2120 from rhatdan/volumeOpenShift Merge Robot2019-01-10
|\ \ \ \ | | | | | | | | | | Fix handling of nil volumes
| * | | | Fix handling of nil volumesDaniel J Walsh2019-01-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently if a user passes in a -v with -v $bogus:/foobar We crash. This will throw a proper error. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | Merge pull request #2108 from QiWang19/from1899OpenShift Merge Robot2019-01-10
|\ \ \ \ \ | | | | | | | | | | | | Fix 'image trust' from PR1899
| * | | | | Fix 'image trust' from PR1899Qi Wang2019-01-09
| | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | | | | Merge pull request #2127 from QiWang19/fixsigstoreOpenShift Merge Robot2019-01-10
|\ \ \ \ \ \ | | | | | | | | | | | | | | fix up sigstore path
| * | | | | | fix up sigstore pathQi Wang2019-01-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | | | | | Merge pull request #2126 from giuseppe/set-prlimitOpenShift Merge Robot2019-01-10
|\ \ \ \ \ \ \ | |_|_|_|_|/ / |/| | | | | | podman: bump RLIMIT_NOFILE also without CAP_SYS_RESOURCE