summaryrefslogtreecommitdiff
path: root/pkg/bindings/images
Commit message (Collapse)AuthorAge
* import: allow users to set os, arch and variant of importsAditya R2022-03-23
| | | | | | | | | | Allows users to set `--os` , `--arch` and `--variant` of the image created from the custom import. Following is useful when user is already aware of the values which are correct for their generated rootfs Signed-off-by: Aditya R <arajan@redhat.com>
* podman rmi --ignoreValentin Rothberg2022-03-19
| | | | | | | | | | | Add an `--ignore` flag to `podman image rm` to instruct ignoring image if a specified image does not exist and to not throw an error. Other commands (e.g., `podman container rm`) already support this flag. Such an `--ignore` flag can come in handy in clean-up scripcts such as the teardown phases in the Podman tests. Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* go fmt: use go 1.18 conditional-build syntaxValentin Rothberg2022-03-18
| | | | Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* Make sure building with relative paths work correctly.Daniel J Walsh2022-02-10
| | | | | | Fixes: https://github.com/containers/podman/issues/12763 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* pkg/bindings/images.Build(): slashify "dockerfile" values, tooNalin Dahyabhai2022-02-02
| | | | | | | | | | | When the Dockerfile isn't in the root directory of the build context, the client supplies its pathname to the server, but it needs to do so using "/" as the path separator, not the client OS's path separator. CI can't test Windows clients, so [NO NEW TESTS NEEDED] Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
* bump go module to version 4Valentin Rothberg2022-01-18
| | | | | | | | | | | | | Automated for .go files via gomove [1]: `gomove github.com/containers/podman/v3 github.com/containers/podman/v4` Remaining files via vgrep [2]: `vgrep github.com/containers/podman/v3` [1] https://github.com/KSubedi/gomove [2] https://github.com/vrothberg/vgrep Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Refactor manifest list operationsJhon Honce2022-01-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Update method/function signatures use the manifest list name and images associated with the operation explicitly, in general func f(ctx context.Context, manifestListName string, ImageNames []string, options *fOptions) * Leverage gorilla/mux Subrouters to support API v3.x and v4.x for manifests * Make manifest API endpoints more RESTful * Add PUT /manifest/{id} to update existing manifests * Add manifests.Annotate to go bindings, uncommented unit test * Add DELETE /manifest/{Id} to remove existing manifest list, use PUT /manifest/{id} to remove images from a list * Deprecated POST /manifest/{id}/add and /manifest/{id}/remove, use PUT /manifest/{id} instead * Corrected swagger godoc and updated to cover API changes * Update podman manifest commands to use registry.Context() * Expose utils.GetVar() to obtain query parameters by name * Unexpose server.registerSwaggerHandlers, not sure why this was ever exposed. * Refactored code to use http.Header instead of map[string]string when operating on HTTP headers. * Add API-Version header support in bindings to allow calling explicate versions of the API. Header is _NOT_ forwarded to the API service. Signed-off-by: Jhon Honce <jhonce@redhat.com>
* podman build enable --all-platforms and --unsetenvPaul Holzinger2022-01-13
| | | | | | | Make sure we add support for allplatforms and unsetenv to both local and remote podman. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* Remove the authfile parameter of MakeXRegistryAuthHeaderMiloslav Trmač2021-12-10
| | | | | | | | | | | | | | Having a parameter that modifies the provides types.SystemContext seems rather unexpected and risky to have around - and the only user of that is actually a no-op, others only provide a nil SystemContext; so, remove that option and simplify (well, somewhat; many callers now have extra &types.SystemContext{AuthFilePath} boilerplate; at least that's consistent with that code carrying a TODO to create a larger-scope SystemContext). Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Simplify the header decision in pkg/bindings/images.Build a bitMiloslav Trmač2021-12-10
| | | | | | | | ... now that two of the three cases are the same. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Remove the authfile parameter of MakeXRegistryConfigHeaderMiloslav Trmač2021-12-10
| | | | | | | | | | Having a parameter that modifies the provides types.SystemContext seems rather unexpected and risky to have around - and the only user of that is actually a no-op; so, remove that option and simplify. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Call MakeXRegistryAuthHeader instead of Header(..., XRegistryAuthHeader)Miloslav Trmač2021-12-10
| | | | | | | | All callers hard-code a header value, so this is actually shorter. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Call MakeXRegistryConfigHeader instead of Header(..., XRegistryConfigHeader)Miloslav Trmač2021-12-10
| | | | | | | | All callers hard-code a header value, so this is actually shorter. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Merge pull request #12425 from tnk4on/remote-build-eval-containerfileOpenShift Merge Robot2021-12-02
|\ | | | | Fixed the containerfile not found during remote build
| * Fixed the containerfile not found during remote build.Shion Tanaka2021-11-30
| | | | | | | | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Shion Tanaka <shtanaka@redhat.com>
* | podman-remote: copy secret to contextdir is absolute path on hostAditya Rajan2021-11-30
| | | | | | | | | | | | | | | | Podman remote must treat build secrets as part of context directory. If secret path is absolute path on host copy it to tar file and pass it to remote server. Signed-off-by: Aditya Rajan <arajan@redhat.com>
* | api: allow build api to accept secretsAditya Rajan2021-11-30
|/ | | | | | | | | | | Following commit makes sure that `build` api can accept external secret and allows currently `NOOP` `podman-remote build -t tag --secret id=mysecret,src=/path/on/remote` to become functional. Just like `docker` following api is a hidden field and only exposed to `podman-remote` but could document it if it needs exposed on `swagger`. Signed-off-by: Aditya Rajan <arajan@redhat.com>
* bindings: reuse context for API requestsMoritz "WanzenBug" Wanzenböck2021-11-15
| | | | | | | | | | | | | | | | | | One of the main uses of context.Context is to provide cancellation for go-routines, including API requests. While all user-facing bindings already used a context parameter, it was only used to pass the client information around. This commit changes the internal DoRequest wrapper to take an additional context argument, and pass that to the http request. Previously, the context was derived from context.Background(), which made it impossible to cancel once started. All the convenience wrappers already supported the context parameter, so the only user facing change is that cancelling those context now works as one would expect. Signed-off-by: Moritz "WanzenBug" Wanzenböck <moritz@wanzenbug.xyz>
* Refactor podman search to be more code friendlyJhon Honce2021-10-12
| | | | | | | | | | | * JSON and API description fields are no longer truncated. Formatting moved to client, better support of MVP. * --no-trunc now defaults to true * Updated tests for changes Closes #11894 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* Add guard for BuildOptions.CommonBuildOptsJhon Honce2021-09-30
| | | | | | | Existing images.Build() bindings code panicked when field was not initialized. Signed-off-by: Jhon Honce <jhonce@redhat.com>
* image prune: support removing external containersValentin Rothberg2021-09-28
| | | | | | | | Support removing external containers (e.g., build containers) during image prune. Fixes: #11472 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* remote build: EvalSymlinks() the context directoryNalin Dahyabhai2021-09-27
| | | | | | | Use EvalSymlinks() to find the context directory, in case there's shenanigans. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
* standardize logrus messages to upper caseDaniel J Walsh2021-09-22
| | | | | | | | Remove ERROR: Error stutter from logrus messages also. [ NO TESTS NEEDED] This is just code cleanup. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* podman save: add `--uncompressed`Valentin Rothberg2021-09-22
| | | | | | | | | | Add an option to `podman save` to allow uncompressed layers when copying OCI images. Do the neccessary plumbing for the remote client, add tests and vendor in the latest commit from c/common to fetch the neccessary changes in libimage. Closes: #11613 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* build: take advantage of --platform listsNalin Dahyabhai2021-09-14
| | | | | | | | | | | The builder can take a list of platforms in the Platforms field of its BuildOptions argument, and we should definitely take advantage of that. The `bud-multiple-platform-values` test from buildah exercises support for this, so [NO TESTS NEEDED] Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
* Enhance bindings for IDE hintsJhon Honce2021-09-14
| | | | | | | | | | | * Follow https://pkg.go.dev/cmd/go#hdr-Generate_Go_files_by_processing_source for leading comment * Add godoc strings for all exposed methods for IDE support * Copy field godoc strings into generated code as function godoc string * Remove unused/unnecessary fields from generator.go structures * Cleanup code regarding template usage Signed-off-by: Jhon Honce <jhonce@redhat.com>
* pkg/bindings/images.nTar(): set ownership of build context to 0:0Nalin Dahyabhai2021-09-07
| | | | | | | | | | | | | | | | | | When attempting to run remote builds, users with UID/GID values that were high enough that they wouldn't be mapped into their default user namespace configurations would see their builds fail when the server attempted to extract the build contexts that they supplied, and failed to set ownership of the build context content to the UID/GID that were originally assigned to them. When archiving the build context at the client, set ownership of everything to 0:0, which we know is always mapped. Both ADD and COPY require that we set the ownership of newly-added content to 0:0 (unless the --chown flag is used), so throwing away the original ownership information doesn't hurt, anyway. As usual, tarballs that we extract as part of ADD aren't going to be affected. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
* Fix file descriptor leaks and add testJhon Honce2021-08-24
| | | | | | | | | | * Add response.Body.Close() where needed to release HTTP connections to API server. * Add tests to ensure no general leaks occur. 100% coverage would be required to ensure no leaks on any call. * Update code comments to be godoc correct Signed-off-by: Jhon Honce <jhonce@redhat.com>
* pkg/bindings/images.nTar(): slashify hdr.Name valuesNalin Dahyabhai2021-08-18
| | | | | | | | | | | | | When setting path names in the build context archive, convert path names to use forward slashes, as is normal for those archives, so that directory hierarchies archived on Windows hosts extract correctly everywhere. Not really sure how to run the remote client in CI on a system that uses `\` as a path separator, which is where this error crops up, so [NO TESTS NEEDED] Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
* Bump Buildah to v1.22.0 [NO TESTS NEEDED]TomSweeneyRedHat2021-08-04
| | | | | | | | | Bump Buildah to v1.22.0 in preparation for RHEL 8.5 and RHEL 9.0beta. Also bump c/common to v0.42.1 [NO TESTS NEEDED] Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* remote build: fix streaming and error handlingValentin Rothberg2021-07-28
| | | | | | | | | | | | | | | | | | | | Address a number of issues in the streaming logic in remote build, most importantly an error in using buffered channels on the server side. The pattern below does not guarantee that the channel is entirely read before the context fires. for { select { case <- bufferedChannel: ... case <- ctx.Done(): ... } } Fixes: #10154 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* podman-remote build use .containerignore over .dockerignoreDaniel J Walsh2021-07-14
| | | | | | | | | | | | | | | | | | | | | | $ mkdir zzz;cd zzz $ printf "FROM quay.io/libpod/testimage:20210610\nCOPY ./ ./\nCOPY subdir ./\n" >Dockerfile $ printf "*\nsubdir\n\!*/sub1*\n" >.dockerignore $ mkdir subdir; touch subdir/sub1.txt $ ../bin/podman-remote build . Should fail, but succeeds because we are not sending over the .dockerignore file to the server side. This PR will send the .dockerignore so the server side and use it. Fixes: #10907 Also if both .containerignore and .dockerignore in the context directory, podman-remote should prefer .containerignore and not use .dockerignore. Fixes: #10908 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Don't exclude Dockerfile, Containerfiles from tar contentDaniel J Walsh2021-07-10
| | | | | | | | | | | | | If the user specifies "*" in a .dockerignore or a .containerignore then podman-remote build should not exclude the Dockerfile or Containerfile or any content pointed to by `-f` in the context directory. We still need these files on the server side to complete the build. Fixes: https://github.com/containers/podman/issues/9867 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* podman diff accept two images or containersPaul Holzinger2021-07-02
| | | | | | | | | | | | | | | | | | | First, make podman diff accept optionally a second argument. This allows the user to specify a second image/container to compare the first with. If it is not set the parent layer will be used as before. Second, podman container diff should only use containers and podman image diff should only use images. Previously, podman container diff would use the image when both an image and container with this name exists. To make this work two new parameters have been added to the api. If they are not used the previous behaviour is used. The same applies to the bindings. Fixes #10649 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* Bump github.com/containers/storage from 1.32.3 to 1.32.5Daniel J Walsh2021-06-29
| | | | | | | | | | | | | | | | | Bumps [github.com/containers/storage](https://github.com/containers/storage) from 1.32.3 to 1.32.5. - [Release notes](https://github.com/containers/storage/releases) - [Changelog](https://github.com/containers/storage/blob/main/docs/containers-storage-changes.md) - [Commits](https://github.com/containers/storage/compare/v1.32.3...v1.32.5) --- updated-dependencies: - dependency-name: github.com/containers/storage dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* create: support images with invalid platformValentin Rothberg2021-06-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Much to my regret, there is a number of images in the wild with invalid platforms breaking the platform checks in libimage that want to make sure that a local image is matching the expected platform. Imagine a `podman run --arch=arm64 fedora` with a local amd64 fedora image. We really shouldn't use the local one in this case and pull down the arm64 one. The strict platform checks in libimage in combination with invalid platforms in images surfaced in Podman being able to pull an image but failing to look it up in subsequent presence checks. A `podman run` would hence pull such an image but fail to create the container. Support images with invalid platforms by vendoring the latest HEAD from containers/common. Also remove the partially implemented pull-policy logic from Podman and let libimage handle that entirely. However, whenever --arch, --os or --platform are specified, the pull policy will be forced to "newer". This way, we pessimistically assume that the local image has an invalid platform and we reach out to the registry. If there's a newer image (i.e., one with a different digest), we'll pull it down. Please note that most of the logic has either already been implemented in libimage or been moved down which allows for removing some clutter from Podman. [NO TESTS NEEDED] since c/common has new tests. Podman can rely on the existing tests. Fixes: #10648 Fixes: #10682 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Add support for podman remote build -f - .Daniel J Walsh2021-06-11
| | | | | | Fixes: https://github.com/containers/podman/issues/10621 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* podman-remote build should handle -f option properlyDaniel J Walsh2021-06-08
| | | | | | | | | | podman-remote build has to handle multiple different locations for the Containerfile. Currently this works in local mode but not when using podman-remote. Fixes: https://github.com/containers/podman/issues/9871 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Handle hard links in different directoriesDaniel J Walsh2021-05-24
| | | | | | Fixes: https://github.com/containers/podman/issues/10444 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Handle hard links in remote buildsDaniel J Walsh2021-05-22
| | | | | | Fixes: https://github.com/containers/podman/issues/9893 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Fix podman-remote build --rm=false ...Daniel J Walsh2021-05-10
| | | | | | | | | Fixes: https://github.com/containers/podman/issues/9869 [NO TESTS NEEDED] Since the podman-remote buildah tests will test this, and this is clearly correct. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* build: improve regex for iidfileGiuseppe Scrivano2021-05-06
| | | | | | | | | | | improve the regex to match only at the beginning of the line. It prevents matching "Copying %s $CHECKSUM" messages returned by the containers/image copy process. Closes: https://github.com/containers/podman/issues/10233 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* migrate Podman to containers/common/libimageValentin Rothberg2021-05-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Migrate the Podman code base over to `common/libimage` which replaces `libpod/image` and a lot of glue code entirely. Note that I tried to leave bread crumbs for changed tests. Miscellaneous changes: * Some errors yield different messages which required to alter some tests. * I fixed some pre-existing issues in the code. Others were marked as `//TODO`s to prevent the PR from exploding. * The `NamesHistory` of an image is returned as is from the storage. Previously, we did some filtering which I think is undesirable. Instead we should return the data as stored in the storage. * Touched handlers use the ABI interfaces where possible. * Local image resolution: previously Podman would match "foo" on "myfoo". This behaviour has been changed and Podman will now only match on repository boundaries such that "foo" would match "my/foo" but not "myfoo". I consider the old behaviour to be a bug, at the very least an exotic corner case. * Futhermore, "foo:none" does *not* resolve to a local image "foo" without tag anymore. It's a hill I am (almost) willing to die on. * `image prune` prints the IDs of pruned images. Previously, in some cases, the names were printed instead. The API clearly states ID, so we should stick to it. * Compat endpoint image removal with _force_ deletes the entire not only the specified tag. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Fix flake on failed podman-remote build : try 2Daniel J Walsh2021-04-14
| | | | | | | | | | | This time we are checking if the function actually succeeded, otherwise we will report an error. Also if we did not get the id, report unexpected failure. [NO TESTS NEEDED] Still no good way to test this, but manually. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Handle podman-remote --arch, --platform, --osDaniel J Walsh2021-04-07
| | | | | | | | | Podman remote should be able to handle remote specification of arches. Requires: https://github.com/containers/buildah/pull/3116 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Fix missing podman-remote build optionsDaniel J Walsh2021-04-02
| | | | | | | | | | | | | Fix handling of SecurityOpts LabelOpts SeccompProfilePath ApparmorProfile Fix Ulimits Fixes: https://github.com/containers/podman/issues/9869 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* [NO TESTS NEEDED] Shrink the size of podman-remoteDaniel J Walsh2021-03-29
| | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Fix podman build --pull-neverDaniel J Walsh2021-03-27
| | | | | | | | | | | Currently pull policy is set incorrectly when users set --pull-never. Also pull-policy is not being translated correctly when using podman-remote. Fixes: #9573 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* pkg/bindings/images.Build(): fix a race condition in error reportingNalin Dahyabhai2021-03-16
| | | | | | | | | | | | In nTar(), don't return the error value when the goroutine that's populating the error value can continue running long after nTar() returns. Instead, wrap the Close() method of the pipe that we're returning in a function that collects those errors, along with any error we get from closing the pipe, and returns them from Close() wrapper. In Build(), if the Close() method returns an error, at least log it. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
* Handle podman build --dns-searchDaniel J Walsh2021-03-07
| | | | | | Fixes: https://github.com/containers/podman/issues/9574 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>