summaryrefslogtreecommitdiff
path: root/libpod/image
Commit message (Collapse)AuthorAge
* podman rmi: handle corrupted storage betterValentin Rothberg2021-03-01
| | | | | | | | | | | | | | | The storage can easily be corrupted when a build or pull process (or any process *writing* to the storage) has been killed. The corruption surfaces in Podman reporting that a given layer could not be found in the layer tree. Those errors must not be fatal but only logged, such that the image removal may continue. Otherwise, a user may be unable to remove an image. [NO TESTS NEEDED] as I do not yet have a reliable way to cause such a storage corruption. Reported-in: https://github.com/containers/podman/issues/8148#issuecomment-787598940 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Correct compat images/create?fromImage responseMilivoje Legenovic2021-02-26
| | | | Signed-off-by: Milivoje Legenovic <m.legenovic@gmail.com>
* bump go module to v3Valentin Rothberg2021-02-22
| | | | | | | | | We missed bumping the go module, so let's do it now :) * Automated go code with github.com/sirkon/go-imports-rename * Manually via `vgrep podman/v2` the rest Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #9341 from vrothberg/layer-tree-errorsOpenShift Merge Robot2021-02-12
|\ | | | | make layer-tree lookup errors non-fatal
| * make layer-tree lookup errors non-fatalValentin Rothberg2021-02-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Internally, Podman constructs a tree of layers in containers/storage to quickly compute relations among layers and hence images. To compute the tree, we intersect all local layers with all local images. So far, lookup errors have been fatal which has turned out to be a mistake since it seems fairly easy to cause storage corruptions, for instance, when killing builds. In that case, a (partial) image may list a layer which does not exist (anymore). Since the errors were fatal, there was no easy way to clean up and many commands were erroring out. To improve usability, turn the fatal errors into warnings that guide the user into resolving the issue. In this case, a `podman system reset` may be the approriate way for now. [NO TESTS NEEDED] because I have no reliable way to force it. [1] https://github.com/containers/podman/issues/8148#issuecomment-778253474 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Enable whitespace linterPaul Holzinger2021-02-11
| | | | | | | | | | | | | | | | Use the whitespace linter and fix the reported problems. [NO TESTS NEEDED] Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | Enable golint linterPaul Holzinger2021-02-11
|/ | | | | | | | Use the golint linter and fix the reported problems. [NO TESTS NEEDED] Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* Fixup searchDaniel J Walsh2021-01-25
| | | | | | | | | | | | | | | | | podman-remote search had some FIXMEs in tests that were failing. So I reworked the search handler to use the local abi. This means the podman search and podman-remote search will use the same functions. While doing this, I noticed we were just outputing errors via logrus.Error rather then returning them, which works ok for podman but the messages get lost on podman-remote. Changed the code to actually return the error messages to the caller. This allows us to turn on the remaining podman-remote FIXME tests. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* podman manifest existsPaul Holzinger2021-01-22
| | | | | | Add podman manifest exists command with remote support. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* Merge pull request #8950 from mheon/exorcise_driverOpenShift Merge Robot2021-01-12
|\ | | | | Exorcise Driver code from libpod/define
| * Exorcise Driver code from libpod/defineMatthew Heon2021-01-12
| | | | | | | | | | | | | | | | | | | | | | | | The libpod/define code should not import any large dependencies, as it is intended to be structures and definitions only. It included the libpod/driver package for information on the storage driver, though, which brought in all of c/storage. Split the driver package so that define has the struct, and thus does not need to import Driver. And simplify the driver code while we're at it. Signed-off-by: Matthew Heon <mheon@redhat.com>
* | Fix problems reported by staticcheckPaul Holzinger2021-01-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | `staticcheck` is a golang code analysis tool. https://staticcheck.io/ This commit fixes a lot of problems found in our code. Common problems are: - unnecessary use of fmt.Sprintf - duplicated imports with different names - unnecessary check that a key exists before a delete call There are still a lot of reported problems in the test files but I have not looked at those. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | Merge pull request #8831 from bblenard/issue-8658-system-prune-reclaimed-spaceOpenShift Merge Robot2021-01-05
|\ \ | |/ |/| Rework pruning to report reclaimed space
| * Rework pruning to report reclaimed spaceBaron Lenardson2020-12-30
| | | | | | | | | | | | | | | | | | | | | | | | This change adds code to report the reclaimed space after a prune. Reclaimed space from volumes, images, and containers is recorded during the prune call in a PruneReport struct. These structs are collected into a slice during a system prune and processed afterwards to calculate the total reclaimed space. Closes #8658 Signed-off-by: Baron Lenardson <lenardson.baron@gmail.com>
* | Allow image errors to bubble up from lower level functions.Daniel J Walsh2021-01-04
|/ | | | | | | | Currently we ignore ErrMultipleImages being returned from findImageInRepoTags. Fixes: https://github.com/containers/podman/issues/8868 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #8609 from rhatdan/imageOpenShift Merge Robot2020-12-23
|\ | | | | Prefer read/write images over read/only images
| * Prefer read/write images over read/only imagesDaniel J Walsh2020-12-22
| | | | | | | | | | | | | | | | | | | | | | | | | | With additional stores there is a risk that you could have multiple images with the same name. IE An older image in a read/only store versus a newer version in the read/write store. This patch will ignore multiple images with the same name iff one is read/write and all of the others are read/only. Fixes: https://github.com/containers/podman/issues/8176 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | SpellingJosh Soref2020-12-22
|/ | | | Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* enable short-name aliasingValentin Rothberg2020-12-05
| | | | | | | | | | | | Short-name aliasing was introduced with Podman 2.2 as an opt-in preview by enabling an environment variable. Now, as we're preparing for the 3.0 release, we can enable short-name aliasing by default. Opting out can be done by configuring the `registries.conf` config file. Please refer to the following blog post for more details: https://www.redhat.com/sysadmin/container-image-short-names Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* More docker compat API fixesMilivoje Legenovic2020-12-04
| | | | | | Fixes wrong VirtualSize, ParentId, Architecture, Author, Os and OsVersion value Signed-off-by: Milivoje Legenovic <m.legenovic@gmail.com>
* Not use local image create/add manifestQi Wang2020-11-24
| | | | | | | | Avoid using the image from load storage for `manifest create` and `manifest add` since the local image does not include other entries of the list from the registry. `--all` flag of `manifest create` and `manifest add` can not add all of the lists as expected. Signed-off-by: Qi Wang <qiwan@redhat.com>
* short-name aliasingValentin Rothberg2020-11-13
| | | | | | Add support for short-name aliasing. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* NewFromLocal can return multiple imagesDaniel J Walsh2020-10-28
| | | | | | | | | | If you use additional stores and pull the same image into writable stores, you can end up with the situation where you have the same image twice. This causes image exists to return the wrong error. It should return true in this situation rather then an error. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #8098 from vrothberg/fix-8082OpenShift Merge Robot2020-10-22
|\ | | | | container create: record correct image name
| * container create: record correct image nameValentin Rothberg2020-10-21
| | | | | | | | | | | | | | | | | | | | Record the correct image name when creating a container by using the resolved image name if present. Otherwise, default to using the first available name or an empty string in which case the image must have been referenced by ID. Fixes: #8082 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #7956 from QiWang19/save-rm-sigOpenShift Merge Robot2020-10-22
|\ \ | | | | | | Allow save image remove-signatures
| * | save image remove signaturesQi Wang2020-10-21
| |/ | | | | | | | | | | | | remove signatures to podman save since the image formats do not support signatures Close: #7659 Signed-off-by: Qi Wang <qiwan@redhat.com>
* / Convert Split() calls with an equal sign to SplitN()TomSweeneyRedHat2020-10-13
|/ | | | | | | | | | | | | | | | After seeing #7759, I decided to look at the calls in Podman and Buildah to see if we had issues with strings.Split() calls where an "=" (equals) sign was in play and we expected to split on only the first one. There were only one or two that I found in here that I think might have been troubling, the remainder are just adding some extra safety. I also had another half dozen or so that were checking length expectations appropriately, those I left alone. Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* Search repository tags using --list-tagsQi Wang2020-10-09
| | | | | | | For fix of BZ: https://bugzilla.redhat.com/show_bug.cgi?id=1684263 Add --list-tags to podman search to return a table the repository tags. Signed-off-by: Qi Wang <qiwan@redhat.com>
* BlobInfoCacheDir is set incorrectly when copying imagesDaniel J Walsh2020-10-08
| | | | | | | | It is not set based on the root image directory, and always points at the defaults. This change will get it to follow filepath.Join(ir.store.GraphRoot(), "cache") set from libpod. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Lowercase some errorsKir Kolyshkin2020-10-05
| | | | | | | | | | | | | | | | | | | | | This commit is courtesy of ``` for f in $(git ls-files *.go | grep -v ^vendor/); do \ sed -i 's/\(errors\..*\)"Error /\1"error /' $f; done for f in $(git ls-files *.go | grep -v ^vendor/); do \ sed -i 's/\(errors\..*\)"Failed to /\1"failed to /' $f; done ``` etc. Self-reviewed using `git diff --word-diff`, found no issues. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
* image prune: remove all candidatesValentin Rothberg2020-10-02
| | | | | | | | Make sure to remove images until there's nothing left to prune. A single iteration may not be sufficient. Fixes: #7872 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* image look up: consult registries.confValentin Rothberg2020-09-30
| | | | | | | | | | When looking up local images, take the unqualified-serach registries of the registries.conf into account (on top of "localhost/"). Also extend the integration tests to prevent future regressions. Fixes: #6381 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Properly handle podman run --pull commandDaniel J Walsh2020-09-27
| | | | | | | | | | | | | | | | | | Currently the --pull missing|always|never is ignored This PR implements this for local API. For remote we need to default to pullpolicy specified in the containers.conf file. Also fixed an issue when images were matching other images names based on prefix, causing images to always be pulled. I had named an image myfedora and when ever I pulled fedora, the system thought that it there were two images named fedora since it was checking for the name fedora as well as the prefix fedora. I changed it to check for fedora and the prefix /fedora, to prefent failures like I had. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* image list: return all associated namesValentin Rothberg2020-09-17
| | | | | | | | | | | | | | | | Always return all associated names / repo tags of an image and fix a bug with malformed repo tags. Previously, Podman returned all names only with `--all` but this flag only instructs to list intermediate images and should not alter associated names. With `--all` Podman queried the repo tags of an image which splits all *tagged* names into repository and tag which is then reassembled to eventually be parsed again in the frontend. Lot's of redundant CPU heat and buggy as the reassembly didn't consider digests which ultimately broke parsing in the frontend. Fixes: #7651 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Supports import&run--signature-policyQi Wang2020-09-15
| | | | | | Enables podman create, pull, run, import to use --signature-policy option. Set it as hidden flag to be consistent with other commands. Signed-off-by: Qi Wang <qiwan@redhat.com>
* system df: fix image-size calculationsValentin Rothberg2020-09-11
| | | | | | | | | | | | | | | | | Fix the image-size calculations of system-df, where the shared size is the actual shared size with other images (including children) and the (total) size is the sum of the shared and unique size [1]. To calculate parent/child relations, make use of the recently added layer tree which allows for quick (and cached!) calculations. Break calculating image disk usages into the image runtime to a) access the layer tree, and b) make the code easier to maintain and extend. [1] https://docs.docker.com/engine/reference/commandline/system_df/ Fixes: #7406 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #7290 from rhatdan/externalOpenShift Merge Robot2020-09-09
|\ | | | | Show c/storage (Buildah/CRI-O) containers in ps
| * Show c/storage (Buildah/CRI-O) containers in psDaniel J Walsh2020-09-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The `podman ps --all` command will now show containers that are under the control of other c/storage container systems and the new `ps --storage` option will show only containers that are in c/storage but are not controlled by libpod. In the below examples, the '*working-container' entries were created by Buildah. ``` podman ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 9257ef8c786c docker.io/library/busybox:latest ls /etc 8 hours ago Exited (0) 8 hours ago gifted_jang d302c81856da docker.io/library/busybox:latest buildah 30 hours ago storage busybox-working-container 7a5a7b099d33 localhost/tom:latest ls -alF 30 hours ago Exited (0) 30 hours ago hopeful_hellman 01d601fca090 localhost/tom:latest ls -alf 30 hours ago Exited (1) 30 hours ago determined_panini ee58f429ff26 localhost/tom:latest buildah 33 hours ago storage alpine-working-container podman ps --external CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES d302c81856da docker.io/library/busybox:latest buildah 30 hours ago external busybox-working-container ee58f429ff26 localhost/tom:latest buildah 33 hours ago external alpine-working-container ``` Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | support multi-image (docker) archivesValentin Rothberg2020-09-08
|/ | | | | | | | | | | | | Support loading and saving tarballs with more than one image. Add a new `/libpod/images/export` endpoint to the rest API to allow for exporting/saving multiple images into an archive. Note that a non-release version of containers/image is vendored. A release version must be vendored before cutting a new Podman release. We force the containers/image version via a replace in the go.mod file; this way go won't try to match the versions. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* make image parent check more robustValentin Rothberg2020-09-07
| | | | | | | | Follow up on issue #7444 and make the parent checks more robust. We can end up with an incoherent storage when, for instance, a build has been killed. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #7436 from rhatdan/variantOpenShift Merge Robot2020-08-28
|\ | | | | Add support for image pull overrides
| * Add support for variant when pulling imagesDaniel J Walsh2020-08-28
| | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | fix panic when checking len on nil objectBrent Baude2020-08-28
|/ | | | | | issue #7444 describes a problem where an image does not have a manifest file and cannot be processed by our library correctly. the origin of the panic is because we are checking the len of a nil object's attribute. this is a temporary fix to protect from the panic in the future. the origin of the problem is more interesting and requires more work when the code author returns from pto. Signed-off-by: Brent Baude <bbaude@redhat.com>
* Merge pull request #7215 from vrothberg/flatten-the-curveOpenShift Merge Robot2020-08-08
|\ | | | | images: speed up lists
| * image list: speed upValentin Rothberg2020-08-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Listing images has shown increasing performance penalties with an increasing number of images. Unless `--all` is specified, Podman will filter intermediate images. Determining intermediate images has been done by finding (and comparing!) parent images which is expensive. We had to query the storage many times which turned it into a bottleneck. Instead, create a layer tree and assign one or more images to nodes that match the images' top layer. Determining the children of an image is now exponentially faster as we already know the child images from the layer graph and the images using the same top layer, which may also be considered child images based on their history. On my system with 510 images, a rootful image list drops from 6 secs down to 0.3 secs. Also use the tree to compute parent nodes, and to filter intermediate images for pruning. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Retry pulling imageQi Wang2020-08-04
|/ | | | | | Wrap the inner helper in the retry function. Functions pullimage failed with retriable error will default maxretry 3 times using exponential backoff. Signed-off-by: Qi Wang <qiwan@redhat.com>
* Ensure libpod/define does not include libpod/imageMatthew Heon2020-07-31
| | | | | | | | | | | | | The define package under Libpod is intended to be an extremely minimal package, including constants and very little else. However, as a result of some legacy code, it was dragging in all of libpod/image (and, less significantly, the util package). Fortunately, this was just to ensure that error constants were not duplicating, and there's nothing preventing us from importing in the other direction and keeping libpod/define free of dependencies. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Add podman image mountDaniel J Walsh2020-07-28
| | | | | | | | | | | | | There are many use cases where you want to just mount an image without creating a container on it. For example you might want to just examine the content in an image after you pull it for security analysys. Or you might want to just use the executables on the image without running it in a container. The image is mounted readonly since we do not want people changing images. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Switch all references to github.com/containers/libpod -> podmanDaniel J Walsh2020-07-28
| | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>