summaryrefslogtreecommitdiff
path: root/pkg/domain/infra/abi/images.go
Commit message (Collapse)AuthorAge
* Fix --arch and --os flags to work correctlyDaniel J Walsh2021-01-25
| | | | | | | | | | | | | | | Currently podman implements --override-arch and --overide-os But Podman has made these aliases for --arch and --os. No reason to have to specify --override, since it is clear what the user intends. Currently if the user specifies an --override-arch field but the image was previously pulled for a different Arch, podman run uses the different arch. This PR also fixes this issue. Fixes: https://github.com/containers/podman/issues/8001 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Allow podman push to push manifest listsDaniel J Walsh2021-01-15
| | | | | | | | | | | | | | | | | | | | | | When doing a podman images, manifests lists look just like images, so it is logical that users would assume that they can just podman push them to a registry. The problem is we throw out weird errors when this happens and users need to somehow figure out this is a manifest list rather then an image, and frankly the user will not understand the difference. This PR will make podman push just do the right thing, by failing over and attempting to push the manifest if it fails to push the image. Fix up handling of manifest push Protocol should bring back a digest string, which can either be printed or stored in a file. We should not reimplement the manifest push setup code in the tunnel code but take advantage of the api path, to make sure remote and local work the same way. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Remove the ability to use [name:tag] in podman load commandDaniel J Walsh2021-01-12
| | | | | | | | | | Docker does not support this, and it is confusing what to do if the image has more then one tag. We are dropping support for this in podman 3.0 Fixes: https://github.com/containers/podman/issues/7387 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Fix problems reported by staticcheckPaul Holzinger2021-01-12
| | | | | | | | | | | | | | `staticcheck` is a golang code analysis tool. https://staticcheck.io/ This commit fixes a lot of problems found in our code. Common problems are: - unnecessary use of fmt.Sprintf - duplicated imports with different names - unnecessary check that a key exists before a delete call There are still a lot of reported problems in the test files but I have not looked at those. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* Rework pruning to report reclaimed spaceBaron Lenardson2020-12-30
| | | | | | | | | | | | This change adds code to report the reclaimed space after a prune. Reclaimed space from volumes, images, and containers is recorded during the prune call in a PruneReport struct. These structs are collected into a slice during a system prune and processed afterwards to calculate the total reclaimed space. Closes #8658 Signed-off-by: Baron Lenardson <lenardson.baron@gmail.com>
* Sign multi-arch imagesQi Wang2020-12-11
| | | | | | | podman image sign handles muti-arch images. --all option to create signature for each manifest from the image manifest list. Signed-off-by: Qi Wang <qiwan@redhat.com>
* image sign using per user registries.dQi Wang2020-12-07
| | | | | | Support per user ~/.config/containers/registries.d to allow rootless image sign configurations. Signed-off-by: Qi Wang <qiwan@redhat.com>
* Close image rawSource when each loop endsQi Wang2020-12-04
| | | | | | | Previously close rawSouce in the middle makes future use of rawSource invalid. Move the rawSource.Close() to the end of each loop. Signed-off-by: Qi Wang <qiwan@redhat.com>
* Do not pass name argument to Load APIQi Wang2020-12-02
| | | | | | | Not pass the name argument to Load API. Specify in the document the usage of the optional argument is tagging an additional image. Close #7337 Signed-off-by: Qi Wang <qiwan@redhat.com>
* NewFromLocal can return multiple imagesDaniel J Walsh2020-10-28
| | | | | | | | | | If you use additional stores and pull the same image into writable stores, you can end up with the situation where you have the same image twice. This causes image exists to return the wrong error. It should return true in this situation rather then an error. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* save image remove signaturesQi Wang2020-10-21
| | | | | | | remove signatures to podman save since the image formats do not support signatures Close: #7659 Signed-off-by: Qi Wang <qiwan@redhat.com>
* Search repository tags using --list-tagsQi Wang2020-10-09
| | | | | | | For fix of BZ: https://bugzilla.redhat.com/show_bug.cgi?id=1684263 Add --list-tags to podman search to return a table the repository tags. Signed-off-by: Qi Wang <qiwan@redhat.com>
* Remove excessive error wrappingKir Kolyshkin2020-10-05
| | | | | | | | | | | | | | | | | In case os.Open[File], os.Mkdir[All], ioutil.ReadFile and the like fails, the error message already contains the file name and the operation that fails, so there is no need to wrap the error with something like "open %s failed". While at it - replace a few places with os.Open, ioutil.ReadAll with ioutil.ReadFile. - replace errors.Wrapf with errors.Wrap for cases where there are no %-style arguments. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
* image prune: remove all candidatesValentin Rothberg2020-10-02
| | | | | | | | Make sure to remove images until there's nothing left to prune. A single iteration may not be sufficient. Fixes: #7872 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Properly handle podman run --pull commandDaniel J Walsh2020-09-27
| | | | | | | | | | | | | | | | | | Currently the --pull missing|always|never is ignored This PR implements this for local API. For remote we need to default to pullpolicy specified in the containers.conf file. Also fixed an issue when images were matching other images names based on prefix, causing images to always be pulled. I had named an image myfedora and when ever I pulled fedora, the system thought that it there were two images named fedora since it was checking for the name fedora as well as the prefix fedora. I changed it to check for fedora and the prefix /fedora, to prefent failures like I had. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Fix podman image unmount to only report images unmountedDaniel J Walsh2020-09-21
| | | | | | | Currently `podman image unmount` report every image that is mounted when it unmounts them. We should only report unmounted actually mounted images. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Supports import&run--signature-policyQi Wang2020-09-15
| | | | | | Enables podman create, pull, run, import to use --signature-policy option. Set it as hidden flag to be consistent with other commands. Signed-off-by: Qi Wang <qiwan@redhat.com>
* Refactor API build endpoint to be more compliantJhon Honce2020-09-14
| | | | | | | | | | | | | | | | | * Refactor/Rename channel.WriteCloser() to encapsulate the channel * Refactor build endpoint to "live" stream buildah output channels over API rather then buffering output * Refactor bindings/tunnel build because endpoint changes * building tar file now in bindings rather then depending on caller * Cleanup initiating extra image engine * Remove setting fields to zero values (less noise in code) * Update tests to support remote builds Fixes #7136 Fixes #7137 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* podman container runlabel should pull the image if it does not existDaniel J Walsh2020-09-10
| | | | | | | | | | | Since --pull is deprecated, remove it from help and hide if from --help Also set it to true by default. Share image pull code betweern podman image pull and podman container runlabel. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1877181 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* support multi-image (docker) archivesValentin Rothberg2020-09-08
| | | | | | | | | | | | | Support loading and saving tarballs with more than one image. Add a new `/libpod/images/export` endpoint to the rest API to allow for exporting/saving multiple images into an archive. Note that a non-release version of containers/image is vendored. A release version must be vendored before cutting a new Podman release. We force the containers/image version via a replace in the go.mod file; this way go won't try to match the versions. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Add support for variant when pulling imagesDaniel J Walsh2020-08-28
| | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Error pass through for more accurate error reportingParker Van Roy2020-08-10
| | | | | | Included old error + wrapped Signed-off-by: Parker Van Roy <pvanroy@redhat.com>
* fix bug podman sign storage pathQi Wang2020-08-04
| | | | | | | | | - fix the bud podman not using specified --directory as signature storage. - use manifest and image referce to set repo@digest. close #6994 close #6993 Signed-off-by: Qi Wang <qiwan@redhat.com>
* Fix `podman image search` missing descriptionRalf Haferkamp2020-07-29
| | | | | | | `podman image search` returned wrong results for the image "Description" as it was mapped to the wrong field ("ID") in the search results. Signed-off-by: Ralf Haferkamp <rhafer@suse.com>
* Add podman image mountDaniel J Walsh2020-07-28
| | | | | | | | | | | | | There are many use cases where you want to just mount an image without creating a container on it. For example you might want to just examine the content in an image after you pull it for security analysys. Or you might want to just use the executables on the image without running it in a container. The image is mounted readonly since we do not want people changing images. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Switch all references to github.com/containers/libpod -> podmanDaniel J Walsh2020-07-28
| | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* move go module to v2Valentin Rothberg2020-07-06
| | | | | | | | | | | | | | | With the advent of Podman 2.0.0 we crossed the magical barrier of go modules. While we were able to continue importing all packages inside of the project, the project could not be vendored anymore from the outside. Move the go module to new major version and change all imports to `github.com/containers/libpod/v2`. The renaming of the imports was done via `gomove` [1]. [1] https://github.com/KSubedi/gomove Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Fix podman inspect on overlapping/missing objectsMatthew Heon2020-06-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | This started as a small fix to `podman inspect` where a container and image, with the same name/tag, were present, and `podman inspect` was run on that name. `podman inspect` in 1.9 (and `docker inspect`) will give you the container; in v2.0, we gave the image. This was an easy fix (just reorder how we check for image/container). Unfortunately, in the process of testing this fix, I determined that we regressed in a different area. When you run inspect on a number of containers, some of which do not exist, `podman inspect` should return an array of inspect results for the objects that exist, then print a number of errors, one for each object that could not be found. We were bailing after the first error, and not printing output for the containers that succeeded. (For reference, this applied to images as well). This required a much more substantial set of changes to properly handle - signatures for the inspect functions in ContainerEngine and ImageEngine, plus the implementations of these interfaces, plus the actual inspect frontend code needed to be adjusted to use this. Fixes #6556 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Turn on More lintersDaniel J Walsh2020-06-15
| | | | | | | | | - misspell - prealloc - unparam - nakedret Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Fix Id->ID where possible for lintDaniel J Walsh2020-06-10
| | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* compat handlers: add X-Registry-Auth header supportValentin Rothberg2020-05-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Support the `X-Registry-Auth` http-request header. * The content of the header is a base64 encoded JSON payload which can either be a single auth config or a map of auth configs (user+pw or token) with the corresponding registries being the keys. Vanilla Docker, projectatomic Docker and the bindings are transparantly supported. * Add a hidden `--registries-conf` flag. Buildah exposes the same flag, mostly for testing purposes. * Do all credential parsing in the client (i.e., `cmd/podman`) pass the username and password in the backend instead of unparsed credentials. * Add a `pkg/auth` which handles most of the heavy lifting. * Go through the authentication-handling code of most commands, bindings and endpoints. Migrate them to the new code and fix issues as seen. A final evaluation and more tests is still required *after* this change. * The manifest-push endpoint is missing certain parameters and should use the ABI function instead. Adding auth-support isn't really possible without these parts working. * The container commands and endpoints (i.e., create and run) have not been changed yet. The APIs don't yet account for the authfile. * Add authentication tests to `pkg/bindings`. Fixes: #6384 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* v2podman image signBrent Baude2020-05-11
| | | | | | this is a straight port to add the podman image sign command. no improvements or refactoring done Signed-off-by: Brent Baude <bbaude@redhat.com>
* image removal: refactor part 2Valentin Rothberg2020-05-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Continue the refactoring of image removal. I didn't manage to break all the following changes into smaller and easier to digest commits due to time constraints: * Return an error slice instead of a single error. Use multierror only in the client/frontend. Reflect that in the types. * Use the batch image removal in the client while preserving the more rest-idiomatic single-image removal endpoint. * Add a new handler for the single-image removal endpoint to make it share the same code as the batch endpoint. * Expose bindings for the single and batch endpoints, so we can properly test them. * Add several convenience functions for error handling to pkg/errorhandling. * Set the correct error type in libpod to set the exit code to 2 when one or more containers are using an image. * Massage the bindings tests a bit and tackle compilation errors. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* And system prune feature for v2.Sujil022020-05-01
| | | | | | | | Adds podman system prune for v2. Refactoring for code reuse from pods containers images and volume prune. Adds and enables testcases to support the added feature. Signed-off-by: Sujil02 <sushah@redhat.com>
* V2 Restore images list testsJhon Honce2020-04-29
| | | | | | | | * Fix history --quiet formatting * Fix image inspect --format=json * Fix image list --sort Signed-off-by: Jhon Honce <jhonce@redhat.com>
* pull/search options: tls verify -> skipValentin Rothberg2020-04-29
| | | | | | | | | Change the logic in the options from tls-verify to skipping verification. It require a constant brain yoga to translate from doing verification (CLI logic) to skipping it (c/image logic). As the code is using c/image, let's make it consistent. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* push: fix --tls-verifyValentin Rothberg2020-04-29
| | | | | | | | Fix --tls-verify parsing and make the associated options reflect the correct logic. Other commands are affected as well but will be fixed later. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* enable inspect testsValentin Rothberg2020-04-29
| | | | | | | | | | A surprisingly big change. A core problem was that `podman inspect` allows for passing containers AND images with the default `--type=all`. This only worked partially as the data was processed in isolation which caused various issues (e.g., two separate outputs instead of one) but it also caused issues regarding error handling. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #5907 from sujil02/systemprune-v2OpenShift Merge Robot2020-04-28
|\ | | | | Adding system prune for podman v2
| * Adding system prune for podman v2Sujil022020-04-24
| | | | | | | | | | | | | | Register system prune route, handler to support system prune, Adds testcase to validate the system prune flow. Signed-off-by: Sujil02 <sushah@redhat.com>
* | enable load integration testsBrent Baude2020-04-27
| | | | | | | | | | | | fix bug where multiple images can be loaded and have to be able to handle the return of multiple names Signed-off-by: Brent Baude <bbaude@redhat.com>
* | Merge pull request #5946 from jwhonce/wip/shutdownOpenShift Merge Robot2020-04-23
|\ \ | | | | | | V2 restore libpod.Shutdown() when exiting podman commands
| * | V2 restore libpod.Shutdown() when exiting podman commandsJhon Honce2020-04-22
| | | | | | | | | | | | Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | Stop wrapping pull messagesDaniel J Walsh2020-04-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The length and size of our error messages on failure to pull is huge. This patch at least eliminates some of the wrapping. But I think eventually we need to look at containers/image and see if we can modify the error messages to something a little more human friendly. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | V2 Restore rmi testsJhon Honce2020-04-22
|/ / | | | | | | | | | | | | * Introduced define.ErrImageInUse to assist in determining the exit code without resorting string searches. Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | Fix integration tests for untagBrent Baude2020-04-22
| | | | | | | | | | Signed-off-by: Brent Baude <bbaude@redhat.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | podman rmi: refactor logicValentin Rothberg2020-04-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | While this commit was initially meant to fix #5847, it has turned into a bigger refactoring which I did not manage to break into smaller pieces: * Fix #5847 by refactoring the image-removal logic. * Make the api handler for image-removal use the ABI code. This way, both (i.e., ABI and Tunnel) end up using the same code. Achieving this code share required to move some code around to prevent circular dependencies. * Everything in pkg/api (excluding pkg/api/types) must now only be accessed from code using `ABISupport`. * Avoid imports from entities on handlers to prevent circular dependencies. * Move `podman system service` logic into `cmd` to prevent circular dependencies - it depends on pkg/api. * Also remove the build header from infra/abi files. It will otherwise confuse swagger and other tools; errors we cannot fix as go doesn't expose a build-tag env variable. Fixes: #5847 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | V2 podman image treeJhon Honce2020-04-20
|/ | | | | | | | | | * Basic port of V1 podman image tree ID TODO: Refactor to return tree from service and format in presentation layer TODO: Support tunneling mode Signed-off-by: Jhon Honce <jhonce@redhat.com>
* podmanV2: implement buildValentin Rothberg2020-04-17
| | | | | | | | Implement `podman build` for the local client. The remote client will require some rather large work in the backend and a new build endpoint for the libpod rest API. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* More system test fixes on regressionsBrent Baude2020-04-14
| | | | | | Fix more regressions between v1 and v2 Signed-off-by: Brent Baude <bbaude@redhat.com>