From a4a70b4506ec4abb8b3bbc3873ee5ca015a8ed08 Mon Sep 17 00:00:00 2001 From: Nalin Dahyabhai Date: Thu, 24 Oct 2019 10:37:22 -0400 Subject: bump containers/image to v5.0.0, buildah to v1.11.4 Move to containers/image v5 and containers/buildah to v1.11.4. Replace an equality check with a type assertion when checking for a docker.ErrUnauthorizedForCredentials in `podman login`. Signed-off-by: Nalin Dahyabhai --- cmd/podman/login.go | 17 +++++++++-------- cmd/podman/logout.go | 4 ++-- cmd/podman/pull.go | 8 ++++---- cmd/podman/push.go | 6 +++--- cmd/podman/runlabel.go | 2 +- cmd/podman/search.go | 2 +- cmd/podman/shared/container.go | 2 +- cmd/podman/shared/create.go | 2 +- cmd/podman/sign.go | 6 +++--- 9 files changed, 25 insertions(+), 24 deletions(-) (limited to 'cmd') diff --git a/cmd/podman/login.go b/cmd/podman/login.go index 96b4ac2a2..f91366eac 100644 --- a/cmd/podman/login.go +++ b/cmd/podman/login.go @@ -6,14 +6,15 @@ import ( "os" "strings" - "github.com/containers/image/v4/docker" - "github.com/containers/image/v4/pkg/docker/config" - "github.com/containers/image/v4/types" + "github.com/containers/image/v5/docker" + "github.com/containers/image/v5/pkg/docker/config" + "github.com/containers/image/v5/types" "github.com/containers/libpod/cmd/podman/cliconfig" "github.com/containers/libpod/cmd/podman/shared" "github.com/containers/libpod/libpod/image" "github.com/docker/docker-credential-helpers/credentials" "github.com/pkg/errors" + "github.com/sirupsen/logrus" "github.com/spf13/cobra" "golang.org/x/crypto/ssh/terminal" ) @@ -134,15 +135,15 @@ func loginCmd(c *cliconfig.LoginValues) error { return err } } - switch err { - case nil: + if err == nil { fmt.Println("Login Succeeded!") return nil - case docker.ErrUnauthorizedForCredentials: + } + if unauthorizedError, ok := err.(docker.ErrUnauthorizedForCredentials); ok { + logrus.Debugf("error logging into %q: %v", server, unauthorizedError) return errors.Errorf("error logging into %q: invalid username/password", server) - default: - return errors.Wrapf(err, "error authenticating creds for %q", server) } + return errors.Wrapf(err, "error authenticating creds for %q", server) } // getUserAndPass gets the username and password from STDIN if not given diff --git a/cmd/podman/logout.go b/cmd/podman/logout.go index 6d6db4b41..ef3452afe 100644 --- a/cmd/podman/logout.go +++ b/cmd/podman/logout.go @@ -3,8 +3,8 @@ package main import ( "fmt" - "github.com/containers/image/v4/docker" - "github.com/containers/image/v4/pkg/docker/config" + "github.com/containers/image/v5/docker" + "github.com/containers/image/v5/pkg/docker/config" "github.com/containers/libpod/cmd/podman/cliconfig" "github.com/containers/libpod/cmd/podman/shared" "github.com/containers/libpod/libpod/image" diff --git a/cmd/podman/pull.go b/cmd/podman/pull.go index f8a658297..905b1987d 100644 --- a/cmd/podman/pull.go +++ b/cmd/podman/pull.go @@ -6,10 +6,10 @@ import ( "os" "strings" - "github.com/containers/image/v4/docker" - dockerarchive "github.com/containers/image/v4/docker/archive" - "github.com/containers/image/v4/transports/alltransports" - "github.com/containers/image/v4/types" + "github.com/containers/image/v5/docker" + dockerarchive "github.com/containers/image/v5/docker/archive" + "github.com/containers/image/v5/transports/alltransports" + "github.com/containers/image/v5/types" "github.com/containers/libpod/cmd/podman/cliconfig" "github.com/containers/libpod/cmd/podman/shared" "github.com/containers/libpod/libpod/image" diff --git a/cmd/podman/push.go b/cmd/podman/push.go index 36c4988a1..0fdfb6202 100644 --- a/cmd/podman/push.go +++ b/cmd/podman/push.go @@ -6,9 +6,9 @@ import ( "os" "strings" - "github.com/containers/image/v4/directory" - "github.com/containers/image/v4/manifest" - "github.com/containers/image/v4/types" + "github.com/containers/image/v5/directory" + "github.com/containers/image/v5/manifest" + "github.com/containers/image/v5/types" "github.com/containers/libpod/cmd/podman/cliconfig" "github.com/containers/libpod/cmd/podman/shared" "github.com/containers/libpod/libpod/image" diff --git a/cmd/podman/runlabel.go b/cmd/podman/runlabel.go index 0369612b9..7359bc0c7 100644 --- a/cmd/podman/runlabel.go +++ b/cmd/podman/runlabel.go @@ -6,7 +6,7 @@ import ( "os" "strings" - "github.com/containers/image/v4/types" + "github.com/containers/image/v5/types" "github.com/containers/libpod/cmd/podman/cliconfig" "github.com/containers/libpod/cmd/podman/libpodruntime" "github.com/containers/libpod/cmd/podman/shared" diff --git a/cmd/podman/search.go b/cmd/podman/search.go index 9dad69297..cdcb30a59 100644 --- a/cmd/podman/search.go +++ b/cmd/podman/search.go @@ -5,7 +5,7 @@ import ( "strings" "github.com/containers/buildah/pkg/formats" - "github.com/containers/image/v4/types" + "github.com/containers/image/v5/types" "github.com/containers/libpod/cmd/podman/cliconfig" "github.com/containers/libpod/cmd/podman/shared" "github.com/containers/libpod/libpod/image" diff --git a/cmd/podman/shared/container.go b/cmd/podman/shared/container.go index 15bbb46d2..bc64d63a9 100644 --- a/cmd/podman/shared/container.go +++ b/cmd/podman/shared/container.go @@ -13,7 +13,7 @@ import ( "sync" "time" - "github.com/containers/image/v4/types" + "github.com/containers/image/v5/types" "github.com/containers/libpod/libpod" "github.com/containers/libpod/libpod/define" "github.com/containers/libpod/libpod/image" diff --git a/cmd/podman/shared/create.go b/cmd/podman/shared/create.go index bf9410b72..f37f5fa62 100644 --- a/cmd/podman/shared/create.go +++ b/cmd/podman/shared/create.go @@ -12,7 +12,7 @@ import ( "syscall" "time" - "github.com/containers/image/v4/manifest" + "github.com/containers/image/v5/manifest" "github.com/containers/libpod/cmd/podman/shared/parse" "github.com/containers/libpod/libpod" "github.com/containers/libpod/libpod/image" diff --git a/cmd/podman/sign.go b/cmd/podman/sign.go index b6e82ba0b..bc909b64e 100644 --- a/cmd/podman/sign.go +++ b/cmd/podman/sign.go @@ -8,9 +8,9 @@ import ( "strconv" "strings" - "github.com/containers/image/v4/signature" - "github.com/containers/image/v4/transports" - "github.com/containers/image/v4/transports/alltransports" + "github.com/containers/image/v5/signature" + "github.com/containers/image/v5/transports" + "github.com/containers/image/v5/transports/alltransports" "github.com/containers/libpod/cmd/podman/cliconfig" "github.com/containers/libpod/cmd/podman/libpodruntime" "github.com/containers/libpod/libpod/image" -- cgit v1.2.3-54-g00ecf From b9313d355e8cd6307d8772ad9c21958ffe981e5b Mon Sep 17 00:00:00 2001 From: Nalin Dahyabhai Date: Wed, 16 Oct 2019 11:57:45 -0400 Subject: pull/create: add --override-arch/--override-os flags Add --override-arch and --override-os as hidden flags, in line with the global flag names that skopeo uses, so that we can test behavior around manifest lists without having to conditionalize more of it by arch. Signed-off-by: Nalin Dahyabhai --- API.md | 4 ++++ cmd/podman/build.go | 7 ++++++- cmd/podman/cliconfig/config.go | 2 ++ cmd/podman/common.go | 10 ++++++++++ cmd/podman/pull.go | 6 ++++++ cmd/podman/shared/create.go | 7 ++++++- cmd/podman/shared/intermediate.go | 2 ++ cmd/podman/shared/intermediate_varlink.go | 4 ++++ cmd/podman/varlink/io.podman.varlink | 2 ++ libpod/image/docker_registry_options.go | 8 ++++++++ libpod/image/pull.go | 8 ++++++++ 11 files changed, 58 insertions(+), 2 deletions(-) (limited to 'cmd') diff --git a/API.md b/API.md index 1cbdacb12..e79f6ee5e 100755 --- a/API.md +++ b/API.md @@ -1557,6 +1557,10 @@ oomKillDisable [?bool](#?bool) oomScoreAdj [?int](#?int) +overrideArch [?string](#?string) + +overrideOS [?string](#?string) + pid [?string](#?string) pidsLimit [?int](#?int) diff --git a/cmd/podman/build.go b/cmd/podman/build.go index f4efea544..e9ebc50aa 100644 --- a/cmd/podman/build.go +++ b/cmd/podman/build.go @@ -9,6 +9,7 @@ import ( "github.com/containers/buildah" "github.com/containers/buildah/imagebuildah" buildahcli "github.com/containers/buildah/pkg/cli" + "github.com/containers/image/v5/types" "github.com/containers/libpod/cmd/podman/cliconfig" "github.com/containers/libpod/libpod" "github.com/containers/libpod/pkg/adapter" @@ -360,7 +361,11 @@ func buildCmd(c *cliconfig.BuildValues) error { RuntimeArgs: runtimeFlags, SignaturePolicyPath: c.SignaturePolicy, Squash: c.Squash, - Target: c.Target, + SystemContext: &types.SystemContext{ + OSChoice: c.OverrideOS, + ArchitectureChoice: c.OverrideArch, + }, + Target: c.Target, } return runtime.Build(getContext(), c, options, containerfiles) } diff --git a/cmd/podman/cliconfig/config.go b/cmd/podman/cliconfig/config.go index 86258a543..1bb5fa30c 100644 --- a/cmd/podman/cliconfig/config.go +++ b/cmd/podman/cliconfig/config.go @@ -431,6 +431,8 @@ type PullValues struct { Authfile string CertDir string Creds string + OverrideArch string + OverrideOS string Quiet bool SignaturePolicy string TlsVerify bool diff --git a/cmd/podman/common.go b/cmd/podman/common.go index e93586b62..33a848553 100644 --- a/cmd/podman/common.go +++ b/cmd/podman/common.go @@ -370,6 +370,16 @@ func getCreateFlags(c *cliconfig.PodmanCommand) { "oom-score-adj", 0, "Tune the host's OOM preferences (-1000 to 1000)", ) + createFlags.String( + "override-arch", "", + "use `ARCH` instead of the architecture of the machine for choosing images", + ) + markFlagHidden(createFlags, "override-arch") + createFlags.String( + "override-os", "", + "use `OS` instead of the running OS for choosing images", + ) + markFlagHidden(createFlags, "override-os") createFlags.String( "pid", "", "PID namespace to use", diff --git a/cmd/podman/pull.go b/cmd/podman/pull.go index 905b1987d..d64793147 100644 --- a/cmd/podman/pull.go +++ b/cmd/podman/pull.go @@ -54,6 +54,10 @@ func init() { flags.BoolVar(&pullCommand.AllTags, "all-tags", false, "All tagged images in the repository will be pulled") flags.StringVar(&pullCommand.Creds, "creds", "", "`Credentials` (USERNAME:PASSWORD) to use for authenticating to a registry") flags.BoolVarP(&pullCommand.Quiet, "quiet", "q", false, "Suppress output information when pulling images") + flags.StringVar(&pullCommand.OverrideArch, "override-arch", "", "use `ARCH` instead of the architecture of the machine for choosing images") + markFlagHidden(flags, "override-arch") + flags.StringVar(&pullCommand.OverrideOS, "override-os", "", "use `OS` instead of the running OS for choosing images") + markFlagHidden(flags, "override-os") // Disabled flags for the remote client if !remote { flags.StringVar(&pullCommand.Authfile, "authfile", shared.GetAuthFile(""), "Path of the authentication file. Use REGISTRY_AUTH_FILE environment variable to override") @@ -122,6 +126,8 @@ func pullCmd(c *cliconfig.PullValues) (retError error) { dockerRegistryOptions := image.DockerRegistryOptions{ DockerRegistryCreds: registryCreds, DockerCertPath: c.CertDir, + OSChoice: c.OverrideOS, + ArchitectureChoice: c.OverrideArch, } if c.IsSet("tls-verify") { dockerRegistryOptions.DockerInsecureSkipTLSVerify = types.NewOptionalBool(!c.TlsVerify) diff --git a/cmd/podman/shared/create.go b/cmd/podman/shared/create.go index f37f5fa62..759903c19 100644 --- a/cmd/podman/shared/create.go +++ b/cmd/podman/shared/create.go @@ -89,7 +89,12 @@ func CreateContainer(ctx context.Context, c *GenericCLIResults, runtime *libpod. return nil, nil, err } - newImage, err := runtime.ImageRuntime().New(ctx, name, rtc.SignaturePolicyPath, GetAuthFile(c.String("authfile")), writer, nil, image.SigningOptions{}, nil, pullType) + dockerRegistryOptions := image.DockerRegistryOptions{ + OSChoice: c.String("override-os"), + ArchitectureChoice: c.String("override-arch"), + } + + newImage, err := runtime.ImageRuntime().New(ctx, name, rtc.SignaturePolicyPath, GetAuthFile(c.String("authfile")), writer, &dockerRegistryOptions, image.SigningOptions{}, nil, pullType) if err != nil { return nil, nil, err } diff --git a/cmd/podman/shared/intermediate.go b/cmd/podman/shared/intermediate.go index 0f71dc087..bc12bd2a5 100644 --- a/cmd/podman/shared/intermediate.go +++ b/cmd/podman/shared/intermediate.go @@ -428,6 +428,8 @@ func NewIntermediateLayer(c *cliconfig.PodmanCommand, remote bool) GenericCLIRes m["no-hosts"] = newCRBool(c, "no-hosts") m["oom-kill-disable"] = newCRBool(c, "oom-kill-disable") m["oom-score-adj"] = newCRInt(c, "oom-score-adj") + m["override-arch"] = newCRString(c, "override-arch") + m["override-os"] = newCRString(c, "override-os") m["pid"] = newCRString(c, "pid") m["pids-limit"] = newCRInt64(c, "pids-limit") m["pod"] = newCRString(c, "pod") diff --git a/cmd/podman/shared/intermediate_varlink.go b/cmd/podman/shared/intermediate_varlink.go index c95470a72..89bd52324 100644 --- a/cmd/podman/shared/intermediate_varlink.go +++ b/cmd/podman/shared/intermediate_varlink.go @@ -131,6 +131,8 @@ func (g GenericCLIResults) MakeVarlink() iopodman.Create { Network: StringToPtr(g.Find("network")), OomKillDisable: BoolToPtr(g.Find("oom-kill-disable")), OomScoreAdj: AnyIntToInt64Ptr(g.Find("oom-score-adj")), + OverrideOS: StringToPtr(g.Find("override-os")), + OverrideArch: StringToPtr(g.Find("override-arch")), Pid: StringToPtr(g.Find("pid")), PidsLimit: AnyIntToInt64Ptr(g.Find("pids-limit")), Pod: StringToPtr(g.Find("pod")), @@ -389,6 +391,8 @@ func VarlinkCreateToGeneric(opts iopodman.Create) GenericCLIResults { m["no-hosts"] = boolFromVarlink(opts.NoHosts, "no-hosts", false) m["oom-kill-disable"] = boolFromVarlink(opts.OomKillDisable, "oon-kill-disable", false) m["oom-score-adj"] = intFromVarlink(opts.OomScoreAdj, "oom-score-adj", nil) + m["override-os"] = stringFromVarlink(opts.OverrideOS, "override-os", nil) + m["override-arch"] = stringFromVarlink(opts.OverrideArch, "override-arch", nil) m["pid"] = stringFromVarlink(opts.Pid, "pid", nil) m["pids-limit"] = int64FromVarlink(opts.PidsLimit, "pids-limit", nil) m["pod"] = stringFromVarlink(opts.Pod, "pod", nil) diff --git a/cmd/podman/varlink/io.podman.varlink b/cmd/podman/varlink/io.podman.varlink index dca366bc5..9ec7d1172 100644 --- a/cmd/podman/varlink/io.podman.varlink +++ b/cmd/podman/varlink/io.podman.varlink @@ -342,6 +342,8 @@ type Create ( noHosts: ?bool, oomKillDisable: ?bool, oomScoreAdj: ?int, + overrideArch: ?string, + overrideOS: ?string, pid: ?string, pidsLimit: ?int, pod: ?string, diff --git a/libpod/image/docker_registry_options.go b/libpod/image/docker_registry_options.go index 75417fe8b..62a4af465 100644 --- a/libpod/image/docker_registry_options.go +++ b/libpod/image/docker_registry_options.go @@ -26,6 +26,10 @@ type DockerRegistryOptions struct { // certificates and allows connecting to registries without encryption // - or forces it on even if registries.conf has the registry configured as insecure. DockerInsecureSkipTLSVerify types.OptionalBool + // If not "", overrides the use of platform.GOOS when choosing an image or verifying OS match. + OSChoice string + // If not "", overrides the use of platform.GOARCH when choosing an image or verifying architecture match. + ArchitectureChoice string } // GetSystemContext constructs a new system context from a parent context. the values in the DockerRegistryOptions, and other parameters. @@ -35,12 +39,16 @@ func (o DockerRegistryOptions) GetSystemContext(parent *types.SystemContext, add DockerCertPath: o.DockerCertPath, DockerInsecureSkipTLSVerify: o.DockerInsecureSkipTLSVerify, DockerArchiveAdditionalTags: additionalDockerArchiveTags, + OSChoice: o.OSChoice, + ArchitectureChoice: o.ArchitectureChoice, } if parent != nil { sc.SignaturePolicyPath = parent.SignaturePolicyPath sc.AuthFilePath = parent.AuthFilePath sc.DirForceCompress = parent.DirForceCompress sc.DockerRegistryUserAgent = parent.DockerRegistryUserAgent + sc.OSChoice = parent.OSChoice + sc.ArchitectureChoice = parent.ArchitectureChoice } return sc } diff --git a/libpod/image/pull.go b/libpod/image/pull.go index 7584ed9d8..7f5dc33b9 100644 --- a/libpod/image/pull.go +++ b/libpod/image/pull.go @@ -223,6 +223,10 @@ func (ir *Runtime) pullImageFromHeuristicSource(ctx context.Context, inputName s var goal *pullGoal sc := GetSystemContext(signaturePolicyPath, authfile, false) + if dockerOptions != nil { + sc.OSChoice = dockerOptions.OSChoice + sc.ArchitectureChoice = dockerOptions.ArchitectureChoice + } sc.BlobInfoCacheDir = filepath.Join(ir.store.GraphRoot(), "cache") srcRef, err := alltransports.ParseImageName(inputName) if err != nil { @@ -246,6 +250,10 @@ func (ir *Runtime) pullImageFromReference(ctx context.Context, srcRef types.Imag defer span.Finish() sc := GetSystemContext(signaturePolicyPath, authfile, false) + if dockerOptions != nil { + sc.OSChoice = dockerOptions.OSChoice + sc.ArchitectureChoice = dockerOptions.ArchitectureChoice + } goal, err := ir.pullGoalFromImageReference(ctx, srcRef, transports.ImageName(srcRef), sc) if err != nil { return nil, errors.Wrapf(err, "error determining pull goal for image %q", transports.ImageName(srcRef)) -- cgit v1.2.3-54-g00ecf From 07195ff09fdcb0d2d3a044c92665b082d6e742b1 Mon Sep 17 00:00:00 2001 From: Nalin Dahyabhai Date: Wed, 16 Oct 2019 12:00:12 -0400 Subject: API: report multiple digests for images Be prepared to report multiple image digests for images which contain multiple manifests but, because they continue to have the same set of layers and the same configuration, are considered to be the same image. Signed-off-by: Nalin Dahyabhai --- API.md | 2 ++ cmd/podman/images.go | 16 ++++++++++------ cmd/podman/varlink/io.podman.varlink | 3 ++- libpod/image/image.go | 5 +++++ pkg/adapter/runtime_remote.go | 11 +++++++++++ 5 files changed, 30 insertions(+), 7 deletions(-) (limited to 'cmd') diff --git a/API.md b/API.md index e79f6ee5e..d96ea6cd0 100755 --- a/API.md +++ b/API.md @@ -1675,6 +1675,8 @@ id [string](https://godoc.org/builtin#string) digest [string](https://godoc.org/builtin#string) +digests [[]string](#[]string) + parentId [string](https://godoc.org/builtin#string) repoTags [[]string](#[]string) diff --git a/cmd/podman/images.go b/cmd/podman/images.go index e363fa3bb..6bb08e195 100644 --- a/cmd/podman/images.go +++ b/cmd/podman/images.go @@ -27,6 +27,7 @@ type imagesTemplateParams struct { Tag string ID string Digest digest.Digest + Digests []digest.Digest Created string CreatedTime time.Time Size string @@ -34,12 +35,13 @@ type imagesTemplateParams struct { } type imagesJSONParams struct { - ID string `json:"id"` - Name []string `json:"names"` - Digest digest.Digest `json:"digest"` - Created time.Time `json:"created"` - Size *uint64 `json:"size"` - ReadOnly bool `json:"readonly"` + ID string `json:"id"` + Name []string `json:"names"` + Digest digest.Digest `json:"digest"` + Digests []digest.Digest `json:"digests"` + Created time.Time `json:"created"` + Size *uint64 `json:"size"` + ReadOnly bool `json:"readonly"` } type imagesOptions struct { @@ -290,6 +292,7 @@ func getImagesTemplateOutput(ctx context.Context, images []*adapter.ContainerIma Tag: tag, ID: imageID, Digest: img.Digest(), + Digests: img.Digests(), CreatedTime: createdTime, Created: units.HumanDuration(time.Since(createdTime)) + " ago", Size: sizeStr, @@ -321,6 +324,7 @@ func getImagesJSONOutput(ctx context.Context, images []*adapter.ContainerImage) ID: img.ID(), Name: img.Names(), Digest: img.Digest(), + Digests: img.Digests(), Created: img.Created(), Size: size, ReadOnly: img.IsReadOnly(), diff --git a/cmd/podman/varlink/io.podman.varlink b/cmd/podman/varlink/io.podman.varlink index 9ec7d1172..f9339fccb 100644 --- a/cmd/podman/varlink/io.podman.varlink +++ b/cmd/podman/varlink/io.podman.varlink @@ -58,7 +58,8 @@ type VolumeRemoveOpts ( type Image ( id: string, - digest: string, + digest: string, + digests: []string, parentId: string, repoTags: []string, repoDigests: []string, diff --git a/libpod/image/image.go b/libpod/image/image.go index 2ab88f2e9..faa3b648a 100644 --- a/libpod/image/image.go +++ b/libpod/image/image.go @@ -299,6 +299,11 @@ func (i *Image) Digest() digest.Digest { return i.image.Digest } +// Digests returns the image's digests +func (i *Image) Digests() []digest.Digest { + return i.image.Digests +} + // GetManifest returns the image's manifest as a byte array // and manifest type as a string. func (i *Image) GetManifest(ctx context.Context, instanceDigest *digest.Digest) ([]byte, string, error) { diff --git a/pkg/adapter/runtime_remote.go b/pkg/adapter/runtime_remote.go index fef3986f1..12bf550f2 100644 --- a/pkg/adapter/runtime_remote.go +++ b/pkg/adapter/runtime_remote.go @@ -146,6 +146,7 @@ type remoteImage struct { InputName string Names []string Digest digest.Digest + Digests []digest.Digest isParent bool Runtime *LocalRuntime TopLayer string @@ -226,10 +227,15 @@ func imageInListToContainerImage(i iopodman.Image, name string, runtime *LocalRu if err != nil { return nil, err } + var digests []digest.Digest + for _, d := range i.Digests { + digests = append(digests, digest.Digest(d)) + } ri := remoteImage{ InputName: name, ID: i.Id, Digest: digest.Digest(i.Digest), + Digests: digests, Labels: i.Labels, RepoTags: i.RepoTags, RepoDigests: i.RepoTags, @@ -352,6 +358,11 @@ func (ci *ContainerImage) Digest() digest.Digest { return ci.remoteImage.Digest } +// Digests returns the image's digests +func (ci *ContainerImage) Digests() []digest.Digest { + return append([]digest.Digest{}, ci.remoteImage.Digests...) +} + // Labels returns a map of the image's labels func (ci *ContainerImage) Labels(ctx context.Context) (map[string]string, error) { return ci.remoteImage.Labels, nil -- cgit v1.2.3-54-g00ecf From 248bb61b14a3f0d4e1d244eff85b30f48554a6a8 Mon Sep 17 00:00:00 2001 From: Nalin Dahyabhai Date: Wed, 16 Oct 2019 12:01:30 -0400 Subject: images: distinguish between tags and digests Generate an image's RepoDigests list using all applicable digests, and refrain from outputting a digest in the tag column of the "images" output. Signed-off-by: Nalin Dahyabhai --- cmd/podman/images.go | 14 +++++++----- libpod/image/image.go | 55 ++++++++++++++++++++++++++++++++++++---------- libpod/image/image_test.go | 13 +++++++++++ libpod/image/utils.go | 14 ++++++------ 4 files changed, 72 insertions(+), 24 deletions(-) (limited to 'cmd') diff --git a/cmd/podman/images.go b/cmd/podman/images.go index 6bb08e195..6157fda2a 100644 --- a/cmd/podman/images.go +++ b/cmd/podman/images.go @@ -206,9 +206,9 @@ func (i imagesOptions) setOutputFormat() string { if i.quiet { return formats.IDString } - format := "table {{.Repository}}\t{{.Tag}}\t" + format := "table {{.Repository}}\t{{if .Tag}}{{.Tag}}{{else}}{{end}}\t" if i.noHeading { - format = "{{.Repository}}\t{{.Tag}}\t" + format = "{{.Repository}}\t{{if .Tag}}{{.Tag}}{{else}}{{end}}\t" } if i.digests { format += "{{.Digest}}\t" @@ -270,7 +270,7 @@ func getImagesTemplateOutput(ctx context.Context, images []*adapter.ContainerIma imageID = shortID(img.ID()) } - // get all specified repo:tag pairs and print them separately + // get all specified repo:tag and repo@digest pairs and print them separately repopairs, err := image.ReposToMap(img.Names()) if err != nil { logrus.Errorf("error finding tag/digest for %s", img.ID()) @@ -287,11 +287,16 @@ func getImagesTemplateOutput(ctx context.Context, images []*adapter.ContainerIma lastNumIdx := strings.LastIndexFunc(sizeStr, unicode.IsNumber) sizeStr = sizeStr[:lastNumIdx+1] + " " + sizeStr[lastNumIdx+1:] } + var imageDigest digest.Digest + if len(tag) == 71 && strings.HasPrefix(tag, "sha256:") { + imageDigest = digest.Digest(tag) + tag = "" + } params := imagesTemplateParams{ Repository: repo, Tag: tag, ID: imageID, - Digest: img.Digest(), + Digest: imageDigest, Digests: img.Digests(), CreatedTime: createdTime, Created: units.HumanDuration(time.Since(createdTime)) + " ago", @@ -302,7 +307,6 @@ func getImagesTemplateOutput(ctx context.Context, images []*adapter.ContainerIma if opts.quiet { // Show only one image ID when quiet break outer } - } } } diff --git a/libpod/image/image.go b/libpod/image/image.go index faa3b648a..c912ac2ca 100644 --- a/libpod/image/image.go +++ b/libpod/image/image.go @@ -9,6 +9,7 @@ import ( "io/ioutil" "os" "path/filepath" + "sort" "strings" "syscall" "time" @@ -324,29 +325,54 @@ func (i *Image) Manifest(ctx context.Context) ([]byte, string, error) { return imgRef.Manifest(ctx) } -// Names returns a string array of names associated with the image +// Names returns a string array of names associated with the image, which may be a mixture of tags and digests func (i *Image) Names() []string { return i.image.Names } -// RepoDigests returns a string array of repodigests associated with the image -func (i *Image) RepoDigests() ([]string, error) { - var repoDigests []string - imageDigest := i.Digest() - +// RepoTags returns a string array of repotags associated with the image +func (i *Image) RepoTags() ([]string, error) { + var repoTags []string for _, name := range i.Names() { named, err := reference.ParseNormalizedNamed(name) if err != nil { return nil, err } - - canonical, err := reference.WithDigest(reference.TrimNamed(named), imageDigest) - if err != nil { - return nil, err + if tagged, isTagged := named.(reference.NamedTagged); isTagged { + repoTags = append(repoTags, tagged.String()) } + } + return repoTags, nil +} + +// RepoDigests returns a string array of repodigests associated with the image +func (i *Image) RepoDigests() ([]string, error) { + var repoDigests []string + added := make(map[string]struct{}) - repoDigests = append(repoDigests, canonical.String()) + for _, name := range i.Names() { + for _, imageDigest := range append(i.Digests(), i.Digest()) { + if imageDigest == "" { + continue + } + + named, err := reference.ParseNormalizedNamed(name) + if err != nil { + return nil, err + } + + canonical, err := reference.WithDigest(reference.TrimNamed(named), imageDigest) + if err != nil { + return nil, err + } + + if _, alreadyInList := added[canonical.String()]; !alreadyInList { + repoDigests = append(repoDigests, canonical.String()) + added[canonical.String()] = struct{}{} + } + } } + sort.Strings(repoDigests) return repoDigests, nil } @@ -944,6 +970,11 @@ func (i *Image) Inspect(ctx context.Context) (*inspect.ImageData, error) { size = int64(*usize) } + repoTags, err := i.RepoTags() + if err != nil { + return nil, err + } + repoDigests, err := i.RepoDigests() if err != nil { return nil, err @@ -965,7 +996,7 @@ func (i *Image) Inspect(ctx context.Context) (*inspect.ImageData, error) { data := &inspect.ImageData{ ID: i.ID(), - RepoTags: i.Names(), + RepoTags: repoTags, RepoDigests: repoDigests, Comment: comment, Created: ociv1Img.Created, diff --git a/libpod/image/image_test.go b/libpod/image/image_test.go index ef39d09c3..5aff7d860 100644 --- a/libpod/image/image_test.go +++ b/libpod/image/image_test.go @@ -247,6 +247,19 @@ func TestImage_RepoDigests(t *testing.T) { } assert.Equal(t, test.expected, actual) + + image = &Image{ + image: &storage.Image{ + Names: test.names, + Digests: []digest.Digest{dgst}, + }, + } + actual, err = image.RepoDigests() + if err != nil { + t.Fatal(err) + } + + assert.Equal(t, test.expected, actual) }) } } diff --git a/libpod/image/utils.go b/libpod/image/utils.go index 5c971cb2b..b7ea63c66 100644 --- a/libpod/image/utils.go +++ b/libpod/image/utils.go @@ -87,18 +87,18 @@ func hasTransport(image string) bool { } // ReposToMap parses the specified repotags and returns a map with repositories -// as keys and the corresponding arrays of tags as values. -func ReposToMap(repotags []string) (map[string][]string, error) { - // map format is repo -> tag +// as keys and the corresponding arrays of tags or digests-as-strings as values. +func ReposToMap(names []string) (map[string][]string, error) { + // map format is repo -> []tag-or-digest repos := make(map[string][]string) - for _, repo := range repotags { + for _, name := range names { var repository, tag string - if len(repo) > 0 { - named, err := reference.ParseNormalizedNamed(repo) - repository = named.Name() + if len(name) > 0 { + named, err := reference.ParseNormalizedNamed(name) if err != nil { return nil, err } + repository = named.Name() if ref, ok := named.(reference.NamedTagged); ok { tag = ref.Tag() } else if ref, ok := named.(reference.Canonical); ok { -- cgit v1.2.3-54-g00ecf From 66c126d6dee178f96f8a120f13372802d46ea9b5 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Tue, 29 Oct 2019 13:33:44 -0400 Subject: Set default seccomp.json file for podman play kube Currently podman play kube is not using the system default seccomp.json file. This PR will use the default or override location for podman play. Signed-off-by: Daniel J Walsh --- cmd/podman/shared/create.go | 17 ++++------------- libpod/util.go | 17 +++++++++++++++++ pkg/adapter/pods.go | 5 +++++ 3 files changed, 26 insertions(+), 13 deletions(-) (limited to 'cmd') diff --git a/cmd/podman/shared/create.go b/cmd/podman/shared/create.go index 759903c19..dc343e694 100644 --- a/cmd/podman/shared/create.go +++ b/cmd/podman/shared/create.go @@ -251,19 +251,10 @@ func parseSecurityOpt(config *cc.CreateConfig, securityOpts []string, runtime *l } if config.SeccompProfilePath == "" { - if _, err := os.Stat(libpod.SeccompOverridePath); err == nil { - config.SeccompProfilePath = libpod.SeccompOverridePath - } else { - if !os.IsNotExist(err) { - return errors.Wrapf(err, "can't check if %q exists", libpod.SeccompOverridePath) - } - if _, err := os.Stat(libpod.SeccompDefaultPath); err != nil { - if !os.IsNotExist(err) { - return errors.Wrapf(err, "can't check if %q exists", libpod.SeccompDefaultPath) - } - } else { - config.SeccompProfilePath = libpod.SeccompDefaultPath - } + var err error + config.SeccompProfilePath, err = libpod.DefaultSeccompPath() + if err != nil { + return err } } config.LabelOpts = labelOpts diff --git a/libpod/util.go b/libpod/util.go index 84fd490bf..5ae5ab491 100644 --- a/libpod/util.go +++ b/libpod/util.go @@ -189,3 +189,20 @@ func programVersion(mountProgram string) (string, error) { } return strings.TrimSuffix(output, "\n"), nil } + +func DefaultSeccompPath() (string, error) { + _, err := os.Stat(SeccompOverridePath) + if err == nil { + return SeccompOverridePath, nil + } + if !os.IsNotExist(err) { + return "", errors.Wrapf(err, "can't check if %q exists", SeccompOverridePath) + } + if _, err := os.Stat(SeccompDefaultPath); err != nil { + if !os.IsNotExist(err) { + return "", errors.Wrapf(err, "can't check if %q exists", SeccompDefaultPath) + } + return "", nil + } + return SeccompDefaultPath, nil +} diff --git a/pkg/adapter/pods.go b/pkg/adapter/pods.go index 9be294929..d8d5b884f 100644 --- a/pkg/adapter/pods.go +++ b/pkg/adapter/pods.go @@ -713,6 +713,11 @@ func kubeContainerToCreateConfig(ctx context.Context, containerYAML v1.Container } } } + var err error + containerConfig.SeccompProfilePath, err = libpod.DefaultSeccompPath() + if err != nil { + return nil, err + } containerConfig.Command = []string{} if imageData != nil && imageData.Config != nil { -- cgit v1.2.3-54-g00ecf