Following commit fixes a `race` condition in `libimage` because in `Pull(`
after performing `copy` from remote sources it agains attempts to resolve
image via `LookupImage`, any operation between `copy` and `LookupImage` can remove
`name` from the recently pulled image. Causing race in builds.
This issue was discoverd while working on PR https://github.com/containers/buildah/pull/5971
```
buildah build -t test --jobs=2 --skip-unused-stages=false .
```
Containerfile
```
FROM quay.io/jitesoft/alpine
RUN arch
FROM --platform=linux/arm64 quay.io/jitesoft/alpine AS foreign
```
Following commit also addresses the commit 88f60eeeb3
by performing the neccessary refactor.
No functional change in public exposed API, exisiting tests should pass as-is.
[NO NEW TESTS NEEDED]
Signed-off-by: flouthoc <flouthoc.git@gmail.com>
- Use the image's repo, not just the digest, to be more precise
when zstd:chunked ambiguities are involved
- Remove the multi-platform lookup code, it is never used
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
There's no benefit in returning multiple matches;
we ideally want to return exactly the image we pulled,
but even if that were hard, returning multiple guesses
is not what the user asked for.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
If we can't find the image we have just pulled by digest, the image
was probably already removed, and returning candidate.Value
could only possibly point at a _different_ image with the same
tag.
Instead, fail immediately.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
To support OCI artifacts in Podman, we need to export the Copier type
and create an exported constructor (NewCopier). Additionally, the
actual copy and close methods are now exported.
Signed-off-by: Brent Baude <bbaude@redhat.com>
To support artifact handling, we need to export some of the methods for
copier. The Copy and Close method have been exported. In addition, a
new constructor that is exported was created so we could introduce a
different SystemContext for artifacts.
Signed-off-by: Brent Baude <bbaude@redhat.com>
Before, here's what happens if you forget a `-v` in your bind mount for example:
```
$ podman run /dev:/dev docker.io/busybox echo hello
Error: invalid reference format
$
```
After:
```
$ podman run /dev:/dev docker.io/busybox echo hello
Error: parsing reference "/dev:/dev": invalid reference format
```
This error prefixing is common in other callers.
Signed-off-by: Colin Walters <walters@verbum.org>
Add a LoadReference() method, for when we already know what format the
local image should be treated as, and we don't have the patience for
Load()'s guessing at it.
Teach libimage.Runtime.copyFromDefault() about the docker transport.
It's already required at build-time because it's directly referenced
elsewhere in the same file.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Adds a couple of new linters with many new warnings:
- perfsprint (fixed in code, excluded for tests)
- revive (fix the problems, disabled the dot import check as we use it
for ginkgo)
- inamedparam (disabled because it is opinionated)
- testifylint (great linter but we have like 1000+ issues that I have no
time fixing now)
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
To prevent the podman remote client from using libimage which causes a
lot of bloat due the c/image and c/storage dependencies add the
`!remote` tag.
This will cause a hard compile time failure if the remote client ends up
pulling in libimage.
Fixes#1702
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
When pulling from an OCI source, make sure to preseve the optional name.
For instance, a `podman pull oci:/tmp/foo:quay.io/foo/bar:latest` should
pull the image and name it `quay.io/foo/bar:latest`.
While at it, also fix a bug when pulling an OCI without the optional
name. Previously, we used the path to name the image which will error
in most cases due to invalid characters (e.g., capital ones). Hence,
apply the same trick as for the `dir` transport and generate a sha.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Set the `EXTEND_TIMEOUT_USEC` over DBUS when pulling an image from a
registry and when running under systemd. This will prevent a frequent
issue when running Quadlets and exceeding the default systemd start
timeout of 90 seconds when pulling the image takes too long.
Fixes: containers/podman/issues/18353
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
When looking up an image by digest, make sure that the entire repository
of the specified value is considered. Previously, both the repository
and the tag have been ignored and we looked for _some_ image with a
matching digest.
As outlined in #1248, Docker stopped ignoring the repository with
version v20.10.20 (Oct '22) which is a compelling reason to do the same.
To be clear, previously `something@digest` would look for any image with
`digest` while `something` is entirely ignored. With this change, both
`something` and `digest` must match the image.
This change breaks two e2e tests in Podman CI which relied on the
previous behavior. There is a risk of breaking users but there is a
strong security argument to perform this change: if the repository does
not match the (previously) returned issue, there is a fair chance of a
user error.
Fixes: containers/common#1248
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Currently if you setup additional stores and pull the same
image that exists in additionalstore, podman ends up reporting
the ID twice.
Fixes: https://github.com/containers/podman/issues/18647
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Set the input name in the names of pull events. Otherwise, we'll loose
the transport information which also breaks Podman's system tests.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Make sure that all image events have an ID. I noticed that some (e.g.,
pull) did not include the ID which is confusing and renders the events
less useful.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Images runtime used the OCI archive transport with an empty system context,
so such environment variables from user like TMDDIR were ignored.
Signed-off-by: Mikhail Khachayants <tyler92@inbox.ru>
Podman adds an Error: to every error message. So starting an error
message with "error" ends up being reported to the user as
Error: error ...
This patch removes the stutter.
Also ioutil.ReadFile errors report the Path, so wrapping the err message
with the path causes a stutter.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
`github.com/pkg/errors` is deprecated since quite some time so we now
use the native error wrapping for more idiomatic golang.
Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
Use containerd's platform package for platform checks. While the OCI
image spec requires the platform values to conform with GOOS and GOARCH
definitions of Go' runtime package, the values of uname are used by
convention. Supporting these values silences annoying false-positive
warnings.
Fixes: #containers/podman/issues/14669
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Check the platform when looking up images locally. When the user
requested a custom platform and a local image doesn't match, the
image will be discarded. Otherwise a warning will be emitted.
Also refactor the code to make it more maintainable in the future.
Fixes: containers/podman/issues/12682
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Warn when the platform of a pulled image does not match the
user-specified platform. The checks are only performed if the user
requested a custom platform.
Do not error out and warn only since there are many images in the wild
that claim to be of another architecture. An error would break existing
workloads; we did that once and had to revert immediately.
Fixes: containers/podman/issues/14293
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
While in theory it would be optimal if the shortnames package returned
such an error, there is no need for it in practice since others error
sources such as an invalid input name would already error out before.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Close the reader of an Docker archive to make sure that artifacts in
TMPDIR are removed.
Closes: github.com/containers/podman/issues/14287
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Wherever possible slices should be allocated with the correct capacity to
avoid unnecessary memory allocations.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
After containers/podman/issues/10682, we decided to always re-pull
images of non-local platforms and match *any* local image. Over time, we
refined this logic to not *always* pull the image but only if there is a
*newer* one. This has slightly changed the semantics and requires to
perform platform checks when looking up a local image. Otherwise, bogus
values would match a local image and mistakenly return it.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
When pulling down an image with a user-specified custom platform, we
try to make sure that user gets what they are asking for. An inherent
issue with multi-arch images is that there are many images in the wild
which do not get the platform right (see containers/podman/issues/10682).
That means we need to pessimistically assume that the local image is
wrong and pull the "correct" one down from the registry; in the worst case
that is redundant work but we have a guarantee of correctness.
Motivated by containers/podman/issues/12707 I had another look at the
code and found some space for optimizations. Previously, we enforced
the pull policy to "always" but that may be too aggressive since we may
be running in an airgapped environment and the local image is correct.
With this change, we enforce the pull policy to "newer" which makes
errors non-fatal in case a local image has been found; this seems like a
good middleground between making sure we are serving the "correct" image
and user friendliness.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Path-based transports may contain characters that are invalid for a
reference. In such cases, we should pessimistically generate an ID
and not attempt to look at the (possibly path-based) string within the
transport.
This fixes an error when running `podman run dir:/tmp/CapitalChar` and
will prevent the same issue for the upcoming SIF transport.
Extend the tests to make sure we're not going to regress in the future.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Path-based transports may contain characters that are invalid for a
reference. In such cases, we should pessimistically generate an ID
and not attempt to look at the (possibly path-based) string within the
transport.
This fixes an error when running `podman run dir:/tmp/CapitalChar` and
will prevent the same issue for the upcoming SIF transport.
Extend the tests to make sure we're not going to regress in the future.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Archives generated with buildkit have some kind of "hybrid" layout which
is the same for OCI and Docker archives. OCI ones ship with a
manifest.json but set the image's reference in the index.json but in a
custom annotation and not the one the OCI image spec wants. Archives
in the Docker format set the reference in `RepoTags` of the
manifest.json.
To support these archives, simply look for the custom containerd
annotation *and* change the order back to give OCI archives precedence.
Fixes: containers/podman/issues/12560
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Exchange two debug logs in the pull-never policy. Those were probably
not moved along with the code and could lead to confusions when reading
debug logs.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Allow for passing down credentials when comparing a local image with a
remote one. The linked BZ relates to a regression in `podman auto-update`
but while reading the code I noticed it's also impacting pull policies.
BZ: bugzilla.redhat.com/show_bug.cgi?id=2000943
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Pull is a bit of an "one size fits all" API to keep complexity away from
callers and hide everything behind the interface.
Commit 369aaa4178 recently altered the error reporting to when pulling
fromt the `docker-daemon` transport which in turn caused a regression in
Buildah CI when pulling `docker:latest`. Such an input would cause a
parsing error in the `docker:`.
Fix the regression by relaxing the stricter error reporting introduced
by commit 369aaa4178 and make an exception for the `docker:`
transport. Note that invalid input would still be caught a couple of
lines below.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
flouthoc
Miloslav Trmač
Brent Baude
Colin Walters
Nalin Dahyabhai
Paul Holzinger
Daniel J Walsh
Oleksandr Redko
openshift-merge-bot[bot]
Valentin Rothberg
Mikhail Khachayants
Sascha Grunert
Valentin Rothberg
OpenShift Merge Robot