From baed81029b74c8d801ea9d5cf67a78005472e6ed Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Sat, 11 May 2019 07:26:05 -0400 Subject: Fixup Flags Mark hidden all references to signature-policy Default all uses of --authfile Add --authfile support to podman run and podman create. Signed-off-by: Daniel J Walsh --- pkg/adapter/runtime_remote.go | 41 ++++--------------------- pkg/varlinkapi/images.go | 70 +++++++++---------------------------------- 2 files changed, 19 insertions(+), 92 deletions(-) (limited to 'pkg') diff --git a/pkg/adapter/runtime_remote.go b/pkg/adapter/runtime_remote.go index e86287462..e0c0898bd 100644 --- a/pkg/adapter/runtime_remote.go +++ b/pkg/adapter/runtime_remote.go @@ -182,10 +182,7 @@ func (r *LocalRuntime) NewImageFromLocal(name string) (*ContainerImage, error) { // LoadFromArchiveReference creates an image from a local archive func (r *LocalRuntime) LoadFromArchiveReference(ctx context.Context, srcRef types.ImageReference, signaturePolicyPath string, writer io.Writer) ([]*ContainerImage, error) { var iid string - // TODO We need to find a way to leak certDir, creds, and the tlsverify into this function, normally this would - // come from cli options but we don't want want those in here either. - tlsverify := true - reply, err := iopodman.PullImage().Send(r.Conn, varlink.More, srcRef.DockerReference().String(), "", "", signaturePolicyPath, &tlsverify) + reply, err := iopodman.PullImage().Send(r.Conn, varlink.More, srcRef.DockerReference().String()) if err != nil { return nil, err } @@ -217,21 +214,7 @@ func (r *LocalRuntime) New(ctx context.Context, name, signaturePolicyPath, authf if label != nil { return nil, errors.New("the remote client function does not support checking a remote image for a label") } - var ( - tlsVerify bool - tlsVerifyPtr *bool - ) - if dockeroptions.DockerInsecureSkipTLSVerify == types.OptionalBoolFalse { - tlsVerify = true - tlsVerifyPtr = &tlsVerify - - } - if dockeroptions.DockerInsecureSkipTLSVerify == types.OptionalBoolTrue { - tlsVerify = false - tlsVerifyPtr = &tlsVerify - } - - reply, err := iopodman.PullImage().Send(r.Conn, varlink.More, name, dockeroptions.DockerCertPath, "", signaturePolicyPath, tlsVerifyPtr) + reply, err := iopodman.PullImage().Send(r.Conn, varlink.More, name) if err != nil { return nil, err } @@ -429,9 +412,8 @@ func (r *LocalRuntime) Build(ctx context.Context, c *cliconfig.BuildValues, opti Quiet: options.Quiet, RemoteIntermediateCtrs: options.RemoveIntermediateCtrs, // ReportWriter: - RuntimeArgs: options.RuntimeArgs, - SignaturePolicyPath: options.SignaturePolicyPath, - Squash: options.Squash, + RuntimeArgs: options.RuntimeArgs, + Squash: options.Squash, } // tar the file outputFile, err := ioutil.TempFile("", "varlink_tar_send") @@ -570,20 +552,7 @@ func (r *LocalRuntime) RemoveVolumes(ctx context.Context, c *cliconfig.VolumeRmV func (r *LocalRuntime) Push(ctx context.Context, srcName, destination, manifestMIMEType, authfile, signaturePolicyPath string, writer io.Writer, forceCompress bool, signingOptions image.SigningOptions, dockerRegistryOptions *image.DockerRegistryOptions, additionalDockerArchiveTags []reference.NamedTagged) error { - var ( - tls *bool - tlsVerify bool - ) - if dockerRegistryOptions.DockerInsecureSkipTLSVerify == types.OptionalBoolTrue { - tlsVerify = false - tls = &tlsVerify - } - if dockerRegistryOptions.DockerInsecureSkipTLSVerify == types.OptionalBoolFalse { - tlsVerify = true - tls = &tlsVerify - } - - reply, err := iopodman.PushImage().Send(r.Conn, varlink.More, srcName, destination, tls, signaturePolicyPath, "", dockerRegistryOptions.DockerCertPath, forceCompress, manifestMIMEType, signingOptions.RemoveSignatures, signingOptions.SignBy) + reply, err := iopodman.PushImage().Send(r.Conn, varlink.More, srcName, destination, forceCompress, manifestMIMEType, signingOptions.RemoveSignatures, signingOptions.SignBy) if err != nil { return err } diff --git a/pkg/varlinkapi/images.go b/pkg/varlinkapi/images.go index 20f82a1c6..fa1a0a109 100644 --- a/pkg/varlinkapi/images.go +++ b/pkg/varlinkapi/images.go @@ -188,7 +188,6 @@ func (i *LibpodAPI) BuildImage(call iopodman.VarlinkCall, config iopodman.BuildI RemoveIntermediateCtrs: config.RemoteIntermediateCtrs, ReportWriter: &output, RuntimeArgs: config.RuntimeArgs, - SignaturePolicyPath: config.SignaturePolicyPath, Squash: config.Squash, SystemContext: &systemContext, } @@ -311,10 +310,9 @@ func (i *LibpodAPI) HistoryImage(call iopodman.VarlinkCall, name string) error { } // PushImage pushes an local image to registry -func (i *LibpodAPI) PushImage(call iopodman.VarlinkCall, name, tag string, tlsVerify *bool, signaturePolicy, creds, certDir string, compress bool, format string, removeSignatures bool, signBy string) error { +func (i *LibpodAPI) PushImage(call iopodman.VarlinkCall, name, tag string, compress bool, format string, removeSignatures bool, signBy string) error { var ( - registryCreds *types.DockerAuthConfig - manifestType string + manifestType string ) newImage, err := i.Runtime.ImageRuntime().NewFromLocal(name) if err != nil { @@ -324,20 +322,7 @@ func (i *LibpodAPI) PushImage(call iopodman.VarlinkCall, name, tag string, tlsVe if tag != "" { destname = tag } - if creds != "" { - creds, err := util.ParseRegistryCreds(creds) - if err != nil { - return err - } - registryCreds = creds - } - dockerRegistryOptions := image.DockerRegistryOptions{ - DockerRegistryCreds: registryCreds, - DockerCertPath: certDir, - } - if tlsVerify != nil { - dockerRegistryOptions.DockerInsecureSkipTLSVerify = types.NewOptionalBool(!*tlsVerify) - } + dockerRegistryOptions := image.DockerRegistryOptions{} if format != "" { switch format { case "oci": //nolint @@ -362,7 +347,7 @@ func (i *LibpodAPI) PushImage(call iopodman.VarlinkCall, name, tag string, tlsVe output := bytes.NewBuffer([]byte{}) c := make(chan error) go func() { - err := newImage.PushImageToHeuristicDestination(getContext(), destname, manifestType, "", signaturePolicy, output, compress, so, &dockerRegistryOptions, nil) + err := newImage.PushImageToHeuristicDestination(getContext(), destname, manifestType, "", "", output, compress, so, &dockerRegistryOptions, nil) c <- err close(c) }() @@ -439,18 +424,14 @@ func (i *LibpodAPI) RemoveImage(call iopodman.VarlinkCall, name string, force bo // SearchImages searches all registries configured in /etc/containers/registries.conf for an image // Requires an image name and a search limit as int -func (i *LibpodAPI) SearchImages(call iopodman.VarlinkCall, query string, limit *int64, tlsVerify *bool, filter iopodman.ImageSearchFilter) error { +func (i *LibpodAPI) SearchImages(call iopodman.VarlinkCall, query string, limit *int64, filter iopodman.ImageSearchFilter) error { // Transform all arguments to proper types first argLimit := 0 - argTLSVerify := types.OptionalBoolUndefined argIsOfficial := types.OptionalBoolUndefined argIsAutomated := types.OptionalBoolUndefined if limit != nil { argLimit = int(*limit) } - if tlsVerify != nil { - argTLSVerify = types.NewOptionalBool(!*tlsVerify) - } if filter.Is_official != nil { argIsOfficial = types.NewOptionalBool(*filter.Is_official) } @@ -466,9 +447,8 @@ func (i *LibpodAPI) SearchImages(call iopodman.VarlinkCall, query string, limit } searchOptions := image.SearchOptions{ - Limit: argLimit, - Filter: sFilter, - InsecureSkipTLSVerify: argTLSVerify, + Limit: argLimit, + Filter: sFilter, } results, err := image.SearchImages(query, searchOptions) if err != nil { @@ -600,27 +580,11 @@ func (i *LibpodAPI) ExportImage(call iopodman.VarlinkCall, name, destination str } // PullImage pulls an image from a registry to the image store. -func (i *LibpodAPI) PullImage(call iopodman.VarlinkCall, name string, certDir, creds, signaturePolicy string, tlsVerify *bool) error { +func (i *LibpodAPI) PullImage(call iopodman.VarlinkCall, name string) error { var ( - registryCreds *types.DockerAuthConfig - imageID string + imageID string ) - if creds != "" { - creds, err := util.ParseRegistryCreds(creds) - if err != nil { - return err - } - registryCreds = creds - } - - dockerRegistryOptions := image.DockerRegistryOptions{ - DockerRegistryCreds: registryCreds, - DockerCertPath: certDir, - } - if tlsVerify != nil { - dockerRegistryOptions.DockerInsecureSkipTLSVerify = types.NewOptionalBool(!*tlsVerify) - } - + dockerRegistryOptions := image.DockerRegistryOptions{} so := image.SigningOptions{} if call.WantsMore() { @@ -634,14 +598,14 @@ func (i *LibpodAPI) PullImage(call iopodman.VarlinkCall, name string, certDir, c if err != nil { c <- errors.Wrapf(err, "error parsing %q", name) } - newImage, err := i.Runtime.ImageRuntime().LoadFromArchiveReference(getContext(), srcRef, signaturePolicy, output) + newImage, err := i.Runtime.ImageRuntime().LoadFromArchiveReference(getContext(), srcRef, "", output) if err != nil { c <- errors.Wrapf(err, "error pulling image from %q", name) } else { imageID = newImage[0].ID() } } else { - newImage, err := i.Runtime.ImageRuntime().New(getContext(), name, signaturePolicy, "", output, &dockerRegistryOptions, so, false, nil) + newImage, err := i.Runtime.ImageRuntime().New(getContext(), name, "", "", output, &dockerRegistryOptions, so, false, nil) if err != nil { c <- errors.Wrapf(err, "unable to pull %s", name) } else { @@ -709,18 +673,12 @@ func (i *LibpodAPI) ImageExists(call iopodman.VarlinkCall, name string) error { // ContainerRunlabel ... func (i *LibpodAPI) ContainerRunlabel(call iopodman.VarlinkCall, input iopodman.Runlabel) error { ctx := getContext() - dockerRegistryOptions := image.DockerRegistryOptions{ - DockerCertPath: input.CertDir, - } - if input.TlsVerify != nil { - dockerRegistryOptions.DockerInsecureSkipTLSVerify = types.NewOptionalBool(!*input.TlsVerify) - } - + dockerRegistryOptions := image.DockerRegistryOptions{} stdErr := os.Stderr stdOut := os.Stdout stdIn := os.Stdin - runLabel, imageName, err := shared.GetRunlabel(input.Label, input.Image, ctx, i.Runtime, input.Pull, input.Creds, dockerRegistryOptions, input.Authfile, input.SignaturePolicyPath, nil) + runLabel, imageName, err := shared.GetRunlabel(input.Label, input.Image, ctx, i.Runtime, input.Pull, "", dockerRegistryOptions, input.Authfile, "", nil) if err != nil { return call.ReplyErrorOccurred(err.Error()) } -- cgit v1.2.3-54-g00ecf