package libpod import ( "fmt" "io" "net" "os" "strings" "syscall" "time" cp "github.com/containers/image/copy" "github.com/containers/image/directory" "github.com/containers/image/docker" dockerarchive "github.com/containers/image/docker/archive" "github.com/containers/image/docker/reference" "github.com/containers/image/docker/tarfile" ociarchive "github.com/containers/image/oci/archive" "github.com/containers/image/pkg/sysregistries" "github.com/containers/image/signature" is "github.com/containers/image/storage" "github.com/containers/image/tarball" "github.com/containers/image/transports" "github.com/containers/image/transports/alltransports" "github.com/containers/image/types" "github.com/containers/storage" "github.com/containers/storage/pkg/archive" digest "github.com/opencontainers/go-digest" ociv1 "github.com/opencontainers/image-spec/specs-go/v1" "github.com/pkg/errors" "github.com/projectatomic/libpod/libpod/common" ) // Runtime API var ( // DockerArchive is the transport we prepend to an image name // when saving to docker-archive DockerArchive = dockerarchive.Transport.Name() // OCIArchive is the transport we prepend to an image name // when saving to oci-archive OCIArchive = ociarchive.Transport.Name() // DirTransport is the transport for pushing and pulling // images to and from a directory DirTransport = directory.Transport.Name() // TransportNames are the supported transports in string form TransportNames = [...]string{DefaultTransport, DockerArchive, OCIArchive, "ostree:", "dir:"} // TarballTransport is the transport for importing a tar archive // and creating a filesystem image TarballTransport = tarball.Transport.Name() // Docker is the transport for docker registries Docker = docker.Transport.Name() // Atomic is the transport for atomic registries Atomic = "atomic" ) // CopyOptions contains the options given when pushing or pulling images type CopyOptions struct { // Compression specifies the type of compression which is applied to // layer blobs. The default is to not use compression, but // archive.Gzip is recommended. Compression archive.Compression // DockerRegistryOptions encapsulates settings that affect how we // connect or authenticate to a remote registry to which we want to // push the image. common.DockerRegistryOptions // SigningOptions encapsulates settings that control whether or not we // strip or add signatures to the image when pushing (uploading) the // image to a registry. common.SigningOptions // SigningPolicyPath this points to a alternative signature policy file, used mainly for testing SignaturePolicyPath string // AuthFile is the path of the cached credentials file defined by the user AuthFile string // Writer is the reportWriter for the output Writer io.Writer // Reference is the name for the image created when a tar archive is imported Reference string // ImageConfig is the Image spec for the image created when a tar archive is imported ImageConfig ociv1.Image } // Image API // ImageFilterParams contains the filter options that may be given when outputting images type ImageFilterParams struct { Dangling string Label string BeforeImage time.Time SinceImage time.Time ReferencePattern string ImageName string ImageInput string } // struct for when a user passes a short or incomplete // image name type imageDecomposeStruct struct { imageName string tag string registry string hasRegistry bool transport string } func (k *Image) assembleFqName() string { return fmt.Sprintf("%s/%s:%s", k.Registry, k.ImageName, k.Tag) } func (k *Image) assembleFqNameTransport() string { return fmt.Sprintf("%s%s/%s:%s", k.Transport, k.Registry, k.ImageName, k.Tag) } //Image describes basic attributes of an image type Image struct { Name string ID string fqname string runtime *Runtime Registry string ImageName string Tag string HasRegistry bool Transport string beenDecomposed bool PullName string LocalName string } // NewImage creates a new image object based on its name func (r *Runtime) NewImage(name string) Image { return Image{ Name: name, runtime: r, } } // IsImageID determines if the input is a valid image ID. // The input can be a full or partial image ID func (r *Runtime) IsImageID(input string) (bool, error) { images, err := r.GetImages(&ImageFilterParams{}) if err != nil { return false, errors.Wrapf(err, "unable to get images") } for _, image := range images { if strings.HasPrefix(image.ID, input) { return true, nil } } return false, nil } // GetNameByID returns the name of the image when supplied // the full or partion ID func (k *Image) GetNameByID() (string, error) { images, err := k.runtime.GetImages(&ImageFilterParams{}) if err != nil { return "", errors.Wrapf(err, "unable to get images") } for _, image := range images { if strings.HasPrefix(image.ID, k.Name) { return image.Names[0], nil } } return "", errors.Errorf("unable to determine image for %s", k.Name) } // GetImageID returns the image ID of the image func (k *Image) GetImageID() (string, error) { // If the ID field is already populated, then // return it. if k.ID != "" { return k.ID, nil } // If we have the name of the image locally, then // get the image and returns its ID if k.LocalName != "" { img, err := k.runtime.GetImage(k.LocalName) if err == nil { return img.ID, nil } } // If neither the ID is known and no local name // is know, we search it out. image, _ := k.GetFQName() img, err := k.runtime.GetImage(image) if err != nil { return "", err } return img.ID, nil } // GetFQName returns the fully qualified image name if it can be determined func (k *Image) GetFQName() (string, error) { // Check if the fqname has already been found if k.fqname != "" { return k.fqname, nil } if err := k.Decompose(); err != nil { return "", err } k.fqname = k.assembleFqName() return k.fqname, nil } func (k *Image) findImageOnRegistry() error { searchRegistries, err := GetRegistries() if err != nil { return errors.Wrapf(err, " the image name '%s' is incomplete.", k.Name) } for _, searchRegistry := range searchRegistries { k.Registry = searchRegistry err = k.GetManifest() if err == nil { k.fqname = k.assembleFqName() return nil } } return errors.Errorf("unable to find image on any configured registries") } // GetManifest tries to GET an images manifest, returns nil on success and err on failure func (k *Image) GetManifest() error { pullRef, err := alltransports.ParseImageName(k.assembleFqNameTransport()) if err != nil { return errors.Errorf("unable to parse1 '%s'", k.assembleFqName()) } imageSource, err := pullRef.NewImageSource(nil) if err != nil { return errors.Wrapf(err, "unable to create new image source") } _, _, err = imageSource.GetManifest(nil) if err == nil { return nil } return err } //Decompose breaks up an image name into its parts func (k *Image) Decompose() error { if k.beenDecomposed { return nil } k.beenDecomposed = true k.Transport = k.runtime.config.ImageDefaultTransport decomposeName := k.Name for _, transport := range TransportNames { if strings.HasPrefix(k.Name, transport) { k.Transport = transport decomposeName = strings.Replace(k.Name, transport, "", -1) break } } if k.Transport == "dir:" { return nil } var imageError = fmt.Sprintf("unable to parse '%s'\n", decomposeName) imgRef, err := reference.Parse(decomposeName) if err != nil { return errors.Wrapf(err, imageError) } tagged, isTagged := imgRef.(reference.NamedTagged) k.Tag = "latest" if isTagged { k.Tag = tagged.Tag() } k.HasRegistry = true registry := reference.Domain(imgRef.(reference.Named)) if registry == "" { k.HasRegistry = false } k.ImageName = reference.Path(imgRef.(reference.Named)) // account for image names with directories in them like // umohnani/get-started:part1 if k.HasRegistry { k.Registry = registry k.fqname = k.assembleFqName() k.PullName = k.assembleFqName() registries, err := getRegistries() if err != nil { return nil } if StringInSlice(k.Registry, registries) { return nil } // We need to check if the registry name is legit _, err = net.LookupAddr(k.Registry) if err == nil { return nil } // Combine the Registry and Image Name together and blank out the Registry Name k.ImageName = fmt.Sprintf("%s/%s", k.Registry, k.ImageName) k.Registry = "" } // No Registry means we check the globals registries configuration file // and assemble a list of candidate sources to try //searchRegistries, err := GetRegistries() err = k.findImageOnRegistry() k.PullName = k.assembleFqName() if err != nil { return errors.Wrapf(err, " the image name '%s' is incomplete.", k.Name) } return nil } func getTags(nameInput string) (reference.NamedTagged, bool, error) { inputRef, err := reference.Parse(nameInput) if err != nil { return nil, false, errors.Wrapf(err, "unable to obtain tag from input name") } tagged, isTagged := inputRef.(reference.NamedTagged) return tagged, isTagged, nil } // GetLocalImageName returns the name of the image if it is local. // It will return an empty string and error if not found. func (k *Image) GetLocalImageName() (string, error) { _, err := k.runtime.GetImage(k.Name) if err != nil { return "", errors.Wrapf(err, "unable to obtain local image") } localImages, err := k.runtime.GetImages(&ImageFilterParams{}) if err != nil { return "", errors.Wrapf(err, "unable to obtain local image") } _, isTagged, err := getTags(k.Name) if err != nil { return "", err } for _, image := range localImages { if strings.HasPrefix(image.ID, k.Name) { return image.ID, nil } for _, name := range image.Names { imgRef, err := reference.Parse(name) if err != nil { continue } var imageName string imageNameOnly := reference.Path(imgRef.(reference.Named)) if isTagged { imageNameTag, _, err := getTags(name) if err != nil { continue } imageName = fmt.Sprintf("%s:%s", imageNameOnly, imageNameTag.Tag()) } else { imageName = imageNameOnly } if imageName == k.Name { return name, nil } imageSplit := strings.Split(imageName, "/") baseName := imageSplit[len(imageSplit)-1] if baseName == k.Name { return name, nil } } } fqname, _ := k.GetFQName() return fqname, nil } // HasLatest determines if we have the latest image local func (k *Image) HasLatest() (bool, error) { localName, err := k.GetLocalImageName() if err != nil { return false, err } if localName == "" { return false, nil } fqname, err := k.GetFQName() if err != nil { return false, err } pullRef, err := alltransports.ParseImageName(fqname) if err != nil { return false, err } _, _, err = pullRef.(types.ImageSource).GetManifest(nil) return false, err } // Pull is a wrapper function to pull and image func (k *Image) Pull() error { // If the image hasn't been decomposed yet if !k.beenDecomposed { err := k.Decompose() if err != nil { return err } } k.runtime.PullImage(k.PullName, CopyOptions{Writer: os.Stdout, SignaturePolicyPath: k.runtime.config.SignaturePolicyPath}) return nil } // GetRegistries gets the searchable registries from the global registration file. func GetRegistries() ([]string, error) { registryConfigPath := "" envOverride := os.Getenv("REGISTRIES_CONFIG_PATH") if len(envOverride) > 0 { registryConfigPath = envOverride } searchRegistries, err := sysregistries.GetRegistries(&types.SystemContext{SystemRegistriesConfPath: registryConfigPath}) if err != nil { return nil, errors.Errorf("unable to parse the registries.conf file") } return searchRegistries, nil } // GetInsecureRegistries obtains the list of inseure registries from the global registration file. func GetInsecureRegistries() ([]string, error) { registryConfigPath := "" envOverride := os.Getenv("REGISTRIES_CONFIG_PATH") if len(envOverride) > 0 { registryConfigPath = envOverride } registries, err := sysregistries.GetInsecureRegistries(&types.SystemContext{SystemRegistriesConfPath: registryConfigPath}) if err != nil { return nil, errors.Errorf("unable to parse the registries.conf file") } return registries, nil } // getRegistries returns both searchable and insecure registries from the global conf file. func getRegistries() ([]string, error) { var r []string registries, err := GetRegistries() if err != nil { return r, err } insecureRegistries, err := GetInsecureRegistries() if err != nil { return r, err } r = append(registries, insecureRegistries...) return r, nil } // ImageFilter is a function to determine whether an image is included in // command output. Images to be outputted are tested using the function. A true // return will include the image, a false return will exclude it. type ImageFilter func(*storage.Image, *types.ImageInspectInfo) bool func (ips imageDecomposeStruct) returnFQName() string { return fmt.Sprintf("%s%s/%s:%s", ips.transport, ips.registry, ips.imageName, ips.tag) } func getRegistriesToTry(image string, store storage.Store, defaultTransport string) ([]*pullStruct, error) { var pStructs []*pullStruct var imageError = fmt.Sprintf("unable to parse '%s'\n", image) imgRef, err := reference.Parse(image) if err != nil { return nil, errors.Wrapf(err, imageError) } tagged, isTagged := imgRef.(reference.NamedTagged) tag := "latest" if isTagged { tag = tagged.Tag() } hasDomain := true registry := reference.Domain(imgRef.(reference.Named)) if registry == "" { hasDomain = false } imageName := reference.Path(imgRef.(reference.Named)) pImage := imageDecomposeStruct{ imageName, tag, registry, hasDomain, defaultTransport, } if pImage.hasRegistry { // If input has a registry, we have to assume they included an image // name but maybe not a tag srcRef, err := alltransports.ParseImageName(pImage.returnFQName()) if err != nil { return nil, errors.Errorf(imageError) } pStruct := &pullStruct{ image: srcRef.DockerReference().String(), srcRef: srcRef, } pStructs = append(pStructs, pStruct) } else { // No registry means we check the globals registries configuration file // and assemble a list of candidate sources to try registryConfigPath := "" envOverride := os.Getenv("REGISTRIES_CONFIG_PATH") if len(envOverride) > 0 { registryConfigPath = envOverride } searchRegistries, err := sysregistries.GetRegistries(&types.SystemContext{SystemRegistriesConfPath: registryConfigPath}) if err != nil { return nil, errors.Wrapf(err, "unable to parse the registries.conf file and"+ " the image name '%s' is incomplete.", imageName) } for _, searchRegistry := range searchRegistries { pImage.registry = searchRegistry srcRef, err := alltransports.ParseImageName(pImage.returnFQName()) if err != nil { return nil, errors.Errorf("unable to parse '%s'", pImage.returnFQName()) } pStruct := &pullStruct{ image: srcRef.DockerReference().String(), srcRef: srcRef, } pStructs = append(pStructs, pStruct) } } for _, pStruct := range pStructs { destRef, err := is.Transport.ParseStoreReference(store, pStruct.image) if err != nil { return nil, errors.Errorf("error parsing dest reference name: %v", err) } pStruct.dstRef = destRef } return pStructs, nil } type pullStruct struct { image string srcRef types.ImageReference dstRef types.ImageReference } func (r *Runtime) getPullStruct(srcRef types.ImageReference, destName string) (*pullStruct, error) { reference := destName if srcRef.DockerReference() != nil { reference = srcRef.DockerReference().String() } destRef, err := is.Transport.ParseStoreReference(r.store, reference) if err != nil { return nil, errors.Errorf("error parsing dest reference name: %v", err) } return &pullStruct{ image: destName, srcRef: srcRef, dstRef: destRef, }, nil } // returns a list of pullStruct with the srcRef and DstRef based on the transport being used func (r *Runtime) getPullListFromRef(srcRef types.ImageReference, imgName string, sc *types.SystemContext) ([]*pullStruct, error) { var pullStructs []*pullStruct splitArr := strings.Split(imgName, ":") archFile := splitArr[len(splitArr)-1] // supports pulling from docker-archive, oci, and registries if srcRef.Transport().Name() == DockerArchive { tarSource := tarfile.NewSource(archFile) manifest, err := tarSource.LoadTarManifest() if err != nil { return nil, errors.Errorf("error retrieving manifest.json: %v", err) } // to pull the first image stored in the tar file if len(manifest) == 0 { // use the hex of the digest if no manifest is found reference, err := getImageDigest(srcRef, sc) if err != nil { return nil, err } pullInfo, err := r.getPullStruct(srcRef, reference) if err != nil { return nil, err } pullStructs = append(pullStructs, pullInfo) } else { pullInfo, err := r.getPullStruct(srcRef, manifest[0].RepoTags[0]) if err != nil { return nil, err } pullStructs = append(pullStructs, pullInfo) } } else if srcRef.Transport().Name() == OCIArchive { // retrieve the manifest from index.json to access the image name manifest, err := ociarchive.LoadManifestDescriptor(srcRef) if err != nil { return nil, errors.Wrapf(err, "error loading manifest for %q", srcRef) } if manifest.Annotations == nil || manifest.Annotations["org.opencontainers.image.ref.name"] == "" { return nil, errors.Errorf("error, archive doesn't have a name annotation. Cannot store image with no name") } pullInfo, err := r.getPullStruct(srcRef, manifest.Annotations["org.opencontainers.image.ref.name"]) if err != nil { return nil, err } pullStructs = append(pullStructs, pullInfo) } else if srcRef.Transport().Name() == DirTransport { // supports pull from a directory image := splitArr[1] // remove leading "/" if image[:1] == "/" { image = image[1:] } pullInfo, err := r.getPullStruct(srcRef, image) if err != nil { return nil, err } pullStructs = append(pullStructs, pullInfo) } else { pullInfo, err := r.getPullStruct(srcRef, imgName) if err != nil { return nil, err } pullStructs = append(pullStructs, pullInfo) } return pullStructs, nil } // PullImage pulls an image from configured registries // By default, only the latest tag (or a specific tag if requested) will be // pulled. If allTags is true, all tags for the requested image will be pulled. // Signature validation will be performed if the Runtime has been appropriately // configured func (r *Runtime) PullImage(imgName string, options CopyOptions) (string, error) { r.lock.Lock() defer r.lock.Unlock() if !r.valid { return "", ErrRuntimeStopped } // PullImage copies the image from the source to the destination var pullStructs []*pullStruct signaturePolicyPath := r.config.SignaturePolicyPath if options.SignaturePolicyPath != "" { signaturePolicyPath = options.SignaturePolicyPath } sc := common.GetSystemContext(signaturePolicyPath, options.AuthFile) srcRef, err := alltransports.ParseImageName(imgName) if err != nil { // could be trying to pull from registry with short name pullStructs, err = getRegistriesToTry(imgName, r.store, r.config.ImageDefaultTransport) if err != nil { return "", errors.Wrap(err, "error getting default registries to try") } } else { pullStructs, err = r.getPullListFromRef(srcRef, imgName, sc) if err != nil { return "", errors.Wrapf(err, "error getting pullStruct info to pull image %q", imgName) } } policyContext, err := getPolicyContext(sc) if err != nil { return "", err } defer policyContext.Destroy() copyOptions := common.GetCopyOptions(options.Writer, signaturePolicyPath, &options.DockerRegistryOptions, nil, options.SigningOptions, options.AuthFile) for _, imageInfo := range pullStructs { // Print the following statement only when pulling from a docker or atomic registry if options.Writer != nil && (imageInfo.srcRef.Transport().Name() == Docker || imageInfo.srcRef.Transport().Name() == Atomic) { io.WriteString(options.Writer, fmt.Sprintf("Trying to pull %s...\n", imageInfo.image)) } if err = cp.Image(policyContext, imageInfo.dstRef, imageInfo.srcRef, copyOptions); err != nil { if options.Writer != nil { io.WriteString(options.Writer, "Failed\n") } } else { return imageInfo.image, nil } } return "", errors.Wrapf(err, "error pulling image from %q", imgName) } // PushImage pushes the given image to a location described by the given path func (r *Runtime) PushImage(source string, destination string, options CopyOptions) error { r.lock.Lock() defer r.lock.Unlock() if !r.valid { return ErrRuntimeStopped } // PushImage pushes the src image to the destination //func PushImage(source, destination string, options CopyOptions) error { if source == "" || destination == "" { return errors.Wrapf(syscall.EINVAL, "source and destination image names must be specified") } // Get the destination Image Reference dest, err := alltransports.ParseImageName(destination) if err != nil { if hasTransport(destination) { return errors.Wrapf(err, "error getting destination imageReference for %q", destination) } // Try adding the images default transport destination2 := r.config.ImageDefaultTransport + destination dest, err = alltransports.ParseImageName(destination2) if err != nil { // One last try with docker:// as the transport destination2 = DefaultTransport + destination dest, err = alltransports.ParseImageName(destination2) if err != nil { return errors.Wrapf(err, "error getting destination imageReference for %q", destination) } } } signaturePolicyPath := r.config.SignaturePolicyPath if options.SignaturePolicyPath != "" { signaturePolicyPath = options.SignaturePolicyPath } sc := common.GetSystemContext(signaturePolicyPath, options.AuthFile) policyContext, err := getPolicyContext(sc) if err != nil { return err } defer policyContext.Destroy() // Look up the source image, expecting it to be in local storage src, err := is.Transport.ParseStoreReference(r.store, source) if err != nil { return errors.Wrapf(err, "error getting source imageReference for %q", source) } copyOptions := common.GetCopyOptions(options.Writer, signaturePolicyPath, nil, &options.DockerRegistryOptions, options.SigningOptions, options.AuthFile) // Copy the image to the remote destination err = cp.Image(policyContext, dest, src, copyOptions) if err != nil { return errors.Wrapf(err, "Error copying image to the remote destination") } return nil } // TagImage adds a tag to the given image func (r *Runtime) TagImage(image *storage.Image, tag string) error { r.lock.Lock() defer r.lock.Unlock() if !r.valid { return ErrRuntimeStopped } tags, err := r.store.Names(image.ID) if err != nil { return err } for _, key := range tags { if key == tag { return nil } } tags = append(tags, tag) return r.store.SetNames(image.ID, tags) } // UntagImage removes a tag from the given image func (r *Runtime) UntagImage(image *storage.Image, tag string) (string, error) { r.lock.Lock() defer r.lock.Unlock() if !r.valid { return "", ErrRuntimeStopped } tags, err := r.store.Names(image.ID) if err != nil { return "", err } for i, key := range tags { if key == tag { tags[i] = tags[len(tags)-1] tags = tags[:len(tags)-1] break } } if err = r.store.SetNames(image.ID, tags); err != nil { return "", err } return tag, nil } // RemoveImage deletes an image from local storage // Images being used by running containers can only be removed if force=true func (r *Runtime) RemoveImage(image *storage.Image, force bool) (string, error) { r.lock.Lock() defer r.lock.Unlock() if !r.valid { return "", ErrRuntimeStopped } // Get all containers, filter to only those using the image, and remove those containers ctrs, err := r.state.AllContainers() if err != nil { return "", err } imageCtrs := []*Container{} for _, ctr := range ctrs { if ctr.config.RootfsImageID == image.ID { imageCtrs = append(imageCtrs, ctr) } } if len(imageCtrs) > 0 && len(image.Names) <= 1 { if force { for _, ctr := range imageCtrs { if err := r.removeContainer(ctr, true); err != nil { return "", errors.Wrapf(err, "error removing image %s: container %s using image could not be removed", image.ID, ctr.ID()) } } } else { return "", fmt.Errorf("could not remove image %s as it is being used by %d containers", image.ID, len(imageCtrs)) } } if len(image.Names) > 1 && !force { return "", fmt.Errorf("unable to delete %s (must force) - image is referred to in multiple tags", image.ID) } // If it is forced, we have to untag the image so that it can be deleted image.Names = image.Names[:0] _, err = r.store.DeleteImage(image.ID, true) if err != nil { return "", err } return image.ID, nil } // GetImage retrieves an image matching the given name or hash from system // storage // If no matching image can be found, an error is returned func (r *Runtime) GetImage(image string) (*storage.Image, error) { r.lock.Lock() defer r.lock.Unlock() if !r.valid { return nil, ErrRuntimeStopped } return r.getImage(image) } func (r *Runtime) getImage(image string) (*storage.Image, error) { var img *storage.Image ref, err := is.Transport.ParseStoreReference(r.store, image) if err == nil { img, err = is.Transport.GetStoreImage(r.store, ref) } if err != nil { img2, err2 := r.store.Image(image) if err2 != nil { if ref == nil { return nil, errors.Wrapf(err, "error parsing reference to image %q", image) } return nil, errors.Wrapf(err, "unable to locate image %q", image) } img = img2 } return img, nil } // GetImageRef searches for and returns a new types.Image matching the given name or ID in the given store. func (r *Runtime) GetImageRef(image string) (types.Image, error) { r.lock.Lock() defer r.lock.Unlock() if !r.valid { return nil, ErrRuntimeStopped } return r.getImageRef(image) } func (r *Runtime) getImageRef(image string) (types.Image, error) { img, err := r.getImage(image) if err != nil { return nil, errors.Wrapf(err, "unable to locate image %q", image) } ref, err := is.Transport.ParseStoreReference(r.store, "@"+img.ID) if err != nil { return nil, errors.Wrapf(err, "error parsing reference to image %q", img.ID) } imgRef, err := ref.NewImage(nil) if err != nil { return nil, errors.Wrapf(err, "error reading image %q", img.ID) } return imgRef, nil } // GetImages retrieves all images present in storage // Filters can be provided which will determine which images are included in the // output. Multiple filters are handled by ANDing their output, so only images // matching all filters are included func (r *Runtime) GetImages(params *ImageFilterParams, filters ...ImageFilter) ([]*storage.Image, error) { r.lock.RLock() defer r.lock.RUnlock() if !r.valid { return nil, ErrRuntimeStopped } images, err := r.store.Images() if err != nil { return nil, err } var imagesFiltered []*storage.Image for _, img := range images { info, err := r.getImageInspectInfo(img) if err != nil { return nil, err } var names []string if len(img.Names) > 0 { names = img.Names } else { names = append(names, "") } for _, name := range names { include := true if params != nil { params.ImageName = name } for _, filter := range filters { include = include && filter(&img, info) } if include { newImage := img newImage.Names = []string{name} imagesFiltered = append(imagesFiltered, &newImage) } } } return imagesFiltered, nil } // GetHistory gets the history of an image and information about its layers func (r *Runtime) GetHistory(image string) ([]ociv1.History, []types.BlobInfo, string, error) { r.lock.RLock() defer r.lock.RUnlock() if !r.valid { return nil, nil, "", ErrRuntimeStopped } img, err := r.getImage(image) if err != nil { return nil, nil, "", errors.Wrapf(err, "no such image %q", image) } src, err := r.getImageRef(image) if err != nil { return nil, nil, "", errors.Wrapf(err, "error instantiating image %q", image) } oci, err := src.OCIConfig() if err != nil { return nil, nil, "", err } return oci.History, src.LayerInfos(), img.ID, nil } // ImportImage imports an OCI format image archive into storage as an image func (r *Runtime) ImportImage(path string, options CopyOptions) error { r.lock.RLock() defer r.lock.RUnlock() if !r.valid { return ErrRuntimeStopped } file := TarballTransport + ":" + path src, err := alltransports.ParseImageName(file) if err != nil { return errors.Wrapf(err, "error parsing image name %q", path) } updater, ok := src.(tarball.ConfigUpdater) if !ok { return errors.Wrapf(err, "unexpected type, a tarball reference should implement tarball.ConfigUpdater") } annotations := make(map[string]string) err = updater.ConfigUpdate(options.ImageConfig, annotations) if err != nil { return errors.Wrapf(err, "error updating image config") } var reference = options.Reference sc := common.GetSystemContext("", "") // if reference not given, get the image digest if reference == "" { reference, err = getImageDigest(src, sc) if err != nil { return err } } policyContext, err := getPolicyContext(sc) if err != nil { return err } defer policyContext.Destroy() copyOptions := common.GetCopyOptions(os.Stdout, "", nil, nil, common.SigningOptions{}, "") dest, err := is.Transport.ParseStoreReference(r.store, reference) if err != nil { errors.Wrapf(err, "error getting image reference for %q", options.Reference) } return cp.Image(policyContext, dest, src, copyOptions) } // GetImageInspectInfo returns the inspect information of an image func (r *Runtime) GetImageInspectInfo(image storage.Image) (*types.ImageInspectInfo, error) { r.lock.RLock() defer r.lock.RUnlock() if !r.valid { return nil, ErrRuntimeStopped } return r.getImageInspectInfo(image) } func (r *Runtime) getImageInspectInfo(image storage.Image) (*types.ImageInspectInfo, error) { img, err := r.getImageRef(image.ID) if err != nil { return nil, err } return img.Inspect() } // ParseImageFilter takes a set of images and a filter string as input, and returns the libpod.ImageFilterParams struct func (r *Runtime) ParseImageFilter(imageInput, filter string) (*ImageFilterParams, error) { r.lock.RLock() defer r.lock.RUnlock() if !r.valid { return nil, ErrRuntimeStopped } if filter == "" && imageInput == "" { return nil, nil } var params ImageFilterParams params.ImageInput = imageInput if filter == "" && imageInput != "" { return ¶ms, nil } images, err := r.store.Images() if err != nil { return nil, err } filterStrings := strings.Split(filter, ",") for _, param := range filterStrings { pair := strings.SplitN(param, "=", 2) switch strings.TrimSpace(pair[0]) { case "dangling": if common.IsValidBool(pair[1]) { params.Dangling = pair[1] } else { return nil, fmt.Errorf("invalid filter: '%s=[%s]'", pair[0], pair[1]) } case "label": params.Label = pair[1] case "before": if img, err := findImageInSlice(images, pair[1]); err == nil { info, err := r.GetImageInspectInfo(img) if err != nil { return nil, err } params.BeforeImage = info.Created } else { return nil, fmt.Errorf("no such id: %s", pair[0]) } case "since": if img, err := findImageInSlice(images, pair[1]); err == nil { info, err := r.GetImageInspectInfo(img) if err != nil { return nil, err } params.SinceImage = info.Created } else { return nil, fmt.Errorf("no such id: %s``", pair[0]) } case "reference": params.ReferencePattern = pair[1] default: return nil, fmt.Errorf("invalid filter: '%s'", pair[0]) } } return ¶ms, nil } // InfoAndDigestAndSize returns the inspection info and size of the image in the given // store and the digest of its manifest, if it has one, or "" if it doesn't. func (r *Runtime) InfoAndDigestAndSize(img storage.Image) (*types.ImageInspectInfo, digest.Digest, int64, error) { r.lock.RLock() defer r.lock.RUnlock() if !r.valid { return nil, "", -1, ErrRuntimeStopped } imgRef, err := r.getImageRef("@" + img.ID) if err != nil { return nil, "", -1, errors.Wrapf(err, "error reading image %q", img.ID) } return infoAndDigestAndSize(imgRef) } func infoAndDigestAndSize(imgRef types.Image) (*types.ImageInspectInfo, digest.Digest, int64, error) { imgSize, err := imgRef.Size() if err != nil { return nil, "", -1, errors.Wrapf(err, "error reading size of image %q", transports.ImageName(imgRef.Reference())) } manifest, _, err := imgRef.Manifest() if err != nil { return nil, "", -1, errors.Wrapf(err, "error reading manifest for image %q", transports.ImageName(imgRef.Reference())) } manifestDigest := digest.Digest("") if len(manifest) > 0 { manifestDigest = digest.Canonical.FromBytes(manifest) } info, err := imgRef.Inspect() if err != nil { return nil, "", -1, errors.Wrapf(err, "error inspecting image %q", transports.ImageName(imgRef.Reference())) } return info, manifestDigest, imgSize, nil } // MatchesID returns true if argID is a full or partial match for id func MatchesID(id, argID string) bool { return strings.HasPrefix(argID, id) } // MatchesReference returns true if argName is a full or partial match for name // Partial matches will register only if they match the most specific part of the name available // For example, take the image docker.io/library/redis:latest // redis, library/redis, docker.io/library/redis, redis:latest, etc. will match // But redis:alpine, ry/redis, library, and io/library/redis will not func MatchesReference(name, argName string) bool { if argName == "" { return false } splitName := strings.Split(name, ":") // If the arg contains a tag, we handle it differently than if it does not if strings.Contains(argName, ":") { splitArg := strings.Split(argName, ":") return strings.HasSuffix(splitName[0], splitArg[0]) && (splitName[1] == splitArg[1]) } return strings.HasSuffix(splitName[0], argName) } // ParseImageNames parses the names we've stored with an image into a list of // tagged references and a list of references which contain digests. func ParseImageNames(names []string) (tags, digests []string, err error) { for _, name := range names { if named, err := reference.ParseNamed(name); err == nil { if digested, ok := named.(reference.Digested); ok { canonical, err := reference.WithDigest(named, digested.Digest()) if err == nil { digests = append(digests, canonical.String()) } } else { if reference.IsNameOnly(named) { named = reference.TagNameOnly(named) } if tagged, ok := named.(reference.Tagged); ok { namedTagged, err := reference.WithTag(named, tagged.Tag()) if err == nil { tags = append(tags, namedTagged.String()) } } } } } return tags, digests, nil } func findImageInSlice(images []storage.Image, ref string) (storage.Image, error) { for _, image := range images { if MatchesID(image.ID, ref) { return image, nil } for _, name := range image.Names { if MatchesReference(name, ref) { return image, nil } } } return storage.Image{}, errors.New("could not find image") } // getImageDigest creates an image object and uses the hex value of the digest as the image ID // for parsing the store reference func getImageDigest(src types.ImageReference, ctx *types.SystemContext) (string, error) { newImg, err := src.NewImage(ctx) if err != nil { return "", err } defer newImg.Close() digest := newImg.ConfigInfo().Digest if err = digest.Validate(); err != nil { return "", errors.Wrapf(err, "error getting config info") } return "@" + digest.Hex(), nil } // getPolicyContext sets up, intializes and returns a new context for the specified policy func getPolicyContext(ctx *types.SystemContext) (*signature.PolicyContext, error) { policy, err := signature.DefaultPolicy(ctx) if err != nil { return nil, err } policyContext, err := signature.NewPolicyContext(policy) if err != nil { return nil, err } return policyContext, nil }