Images runtime used the OCI archive transport with an empty system context,
so such environment variables from user like TMDDIR were ignored.
Signed-off-by: Mikhail Khachayants <tyler92@inbox.ru>
Podman adds an Error: to every error message. So starting an error
message with "error" ends up being reported to the user as
Error: error ...
This patch removes the stutter.
Also ioutil.ReadFile errors report the Path, so wrapping the err message
with the path causes a stutter.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
`github.com/pkg/errors` is deprecated since quite some time so we now
use the native error wrapping for more idiomatic golang.
Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
Use containerd's platform package for platform checks. While the OCI
image spec requires the platform values to conform with GOOS and GOARCH
definitions of Go' runtime package, the values of uname are used by
convention. Supporting these values silences annoying false-positive
warnings.
Fixes: #containers/podman/issues/14669
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Check the platform when looking up images locally. When the user
requested a custom platform and a local image doesn't match, the
image will be discarded. Otherwise a warning will be emitted.
Also refactor the code to make it more maintainable in the future.
Fixes: containers/podman/issues/12682
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Warn when the platform of a pulled image does not match the
user-specified platform. The checks are only performed if the user
requested a custom platform.
Do not error out and warn only since there are many images in the wild
that claim to be of another architecture. An error would break existing
workloads; we did that once and had to revert immediately.
Fixes: containers/podman/issues/14293
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
While in theory it would be optimal if the shortnames package returned
such an error, there is no need for it in practice since others error
sources such as an invalid input name would already error out before.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Close the reader of an Docker archive to make sure that artifacts in
TMPDIR are removed.
Closes: github.com/containers/podman/issues/14287
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Wherever possible slices should be allocated with the correct capacity to
avoid unnecessary memory allocations.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
After containers/podman/issues/10682, we decided to always re-pull
images of non-local platforms and match *any* local image. Over time, we
refined this logic to not *always* pull the image but only if there is a
*newer* one. This has slightly changed the semantics and requires to
perform platform checks when looking up a local image. Otherwise, bogus
values would match a local image and mistakenly return it.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
When pulling down an image with a user-specified custom platform, we
try to make sure that user gets what they are asking for. An inherent
issue with multi-arch images is that there are many images in the wild
which do not get the platform right (see containers/podman/issues/10682).
That means we need to pessimistically assume that the local image is
wrong and pull the "correct" one down from the registry; in the worst case
that is redundant work but we have a guarantee of correctness.
Motivated by containers/podman/issues/12707 I had another look at the
code and found some space for optimizations. Previously, we enforced
the pull policy to "always" but that may be too aggressive since we may
be running in an airgapped environment and the local image is correct.
With this change, we enforce the pull policy to "newer" which makes
errors non-fatal in case a local image has been found; this seems like a
good middleground between making sure we are serving the "correct" image
and user friendliness.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Path-based transports may contain characters that are invalid for a
reference. In such cases, we should pessimistically generate an ID
and not attempt to look at the (possibly path-based) string within the
transport.
This fixes an error when running `podman run dir:/tmp/CapitalChar` and
will prevent the same issue for the upcoming SIF transport.
Extend the tests to make sure we're not going to regress in the future.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Path-based transports may contain characters that are invalid for a
reference. In such cases, we should pessimistically generate an ID
and not attempt to look at the (possibly path-based) string within the
transport.
This fixes an error when running `podman run dir:/tmp/CapitalChar` and
will prevent the same issue for the upcoming SIF transport.
Extend the tests to make sure we're not going to regress in the future.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Archives generated with buildkit have some kind of "hybrid" layout which
is the same for OCI and Docker archives. OCI ones ship with a
manifest.json but set the image's reference in the index.json but in a
custom annotation and not the one the OCI image spec wants. Archives
in the Docker format set the reference in `RepoTags` of the
manifest.json.
To support these archives, simply look for the custom containerd
annotation *and* change the order back to give OCI archives precedence.
Fixes: containers/podman/issues/12560
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Exchange two debug logs in the pull-never policy. Those were probably
not moved along with the code and could lead to confusions when reading
debug logs.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Allow for passing down credentials when comparing a local image with a
remote one. The linked BZ relates to a regression in `podman auto-update`
but while reading the code I noticed it's also impacting pull policies.
BZ: bugzilla.redhat.com/show_bug.cgi?id=2000943
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Pull is a bit of an "one size fits all" API to keep complexity away from
callers and hide everything behind the interface.
Commit 369aaa4178 recently altered the error reporting to when pulling
fromt the `docker-daemon` transport which in turn caused a regression in
Buildah CI when pulling `docker:latest`. Such an input would cause a
parsing error in the `docker:`.
Fix the regression by relaxing the stricter error reporting introduced
by commit 369aaa4178 and make an exception for the `docker:`
transport. Note that invalid input would still be caught a couple of
lines below.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
When copying images into local storage, parse the manifest of the copied
image and then look up the IDs of the matching image.
There's a short period of time, between when we copy the image into
local storage and when we subsequently go to look for it using the name
that we specified for it when we copied it, when the name we wanted to
assign to the image could have been assigned to another image by another
process.
The manifest that we copied as part of the image that we copied will
still be in the right image regardless, and we can use that to find the
image's ID, and from there fill out our own Image structure that we
return to our caller.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Normalize images pulled from the docker-daemon transport to docker.io
and not to localhost. That preserves previous behavior of Podman.
Also fix a parsing bug in the pull code that was revealed while testing
the changes; parsing errors should be returned if there is a matching
transport without falling through to pulling the input string as an
image from a registry.
Context: containers/podman/issues/10998
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Commit 37f6e92ece enforced the pull policy to "always" when a custom
platform was specified. The reason for always pulling is that many
multi-arch images are broken; wrong configs, wrong platforms, etc.
We cannot perform reliable platform checks. While we may to have to
revisit this strategy in the future, it is more important to keep
existing workloads running; a bit between a rock and hard place.
This change complements commit 37f6e92ecef5: if attempt to pull an image
that resolves to "localhost/", set the pull policy "newer" instead of
"always" such that the image may be used instead of erroring out.
Ultimately to preserve previous behavior.
Context: containers/podman/issues/10914
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
When writing LookupImage, I thought that it's a good idea to always
attempt to match an image against the local (or requested) platform.
The use case I had in mind is multi-arch support:
`$ podman run image` should only match `image` if it matches the local
platform. We may have previously pulled `image` for another
architecture.
The core criteria for these checks is that images set their platform
(arch/os/variant) correctly. As it turned out that is not the case.
We recently performed a number of fixes to better support multi-arch
images and this change should put the last nail in the coffin.
Hence, entirely remove the `IgnorePlatform` option and only perform
platform matches if the arch, os or variant is specified explicitly via
the LookupImageOptions or the runtime's system context (as Buildah likes
to do it).
Note that this is a breaking change, so I need to update Buildah and
Podman.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Stop the whack-a-mole selectively patching multi-arch issues by forcing
all internal image lookups to ignore the platform.
In retrospect, the `IgnorePlatform` options for image lookups was a
mistake and I will remove it soon but for now, let's just patch
something we can backport to the v0.38 branch.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Some users rely on events being written *after* the operation ran.
Hence, defer all event writes.
Context: containers/podman/issues/10812
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Do not use the name of the locally resolved image when pulling an image
with a custom platform. As we recently re-discovered [1], many
multi-arch images in the wild do not adhere to the OCI image spec and
either declare custom or simply wrong platforms (arch, os, variant).
To address such wrong images, we enforce the pull-always policy whenever
a custom arch, os or variant is specified. We have to do that since we
cannot reliably perform platform matches to any image we would find in
the local containers storage.
To complete the fix, we need to ignore any local image and not use the
locally resolved name which we usually have to do (see [2]).
Let's assume we have a local image "localhost/foo" (arch=amd64). If we
perform a `pull --arch=arm64`, we would not attempt to be pulling
`localhost/foo` but use the ordinary short-name resolution and look for
a matching alias or walk the unqualified-search registries.
In other words: short-name resolution of multi-arch images is prone to
errors but we should continue supporting images in the wild.
[1] containers/podman/issues/10682
[2] containers/buildah/issues/2904
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
As it turned out in Podman CI (containers/podman/pull/10739), the policy
is overridden via --arch/os/platform/variant even when the policy is set
to never.
While I think this is a bug, it is a separate one and must tackled
separately.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Enforce the pull policy to always if a custom platform is requested by
the user. Some images ship with invalid platforms which we must
pessimistically assume, see containers/podman/issues/10682.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
We must ignore the platform of a local image when doing lookups. Some
images set an incorrect or even invalid platform (see
containers/podman/issues/10682). Doing the lookup while ignoring the
platform checks prevents redundantly downloading the same image.
Note that this has the consequence that a `--pull-never --arch=hurz` may
chose a local image of another architecture. However, I estimate the
benefit of continuing to allow potentially invalid images higher than
not running them (and breaking workloads).
The changes required to touch the corrupted checks. I used the occasion
to make the corrupted checks a bit cheaper.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Allow for looking up images via customizable arch, os and variant.
This prevents `podman run --arch=xxx` from redundantly pulling down the
image if needed.
Context: containers/podman/issues/10648
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
An image can be corrupted if, for instance, a pull or build operation is
killed (e.g., during commit). In such cases, an image may be listed
even if a layer is missing.
Over time, Podman and Buildah have made various execution paths more
robust to handle such cases gracefully and/or give the users some help
in trying to resolve the issue. So far, the recommended way was to
remove the corrupted image from storage and then pull it.
The linked Bugzilla issue raised the desire to simplify the recovery by
allowing to pull an image even if the local counterpart is corrupted.
This is especially important for installer scenarios, where users may
restart the installer which would attempt to pull the image again.
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1966872
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
For the sake of Docker compatibility, support the tag@digest notation.
In that case, the tag is stripped off the reference and the digest is
the sole source of truth.
Add a number of tests to make sure we're behaving as expected.
Context: containers/podman/issues/6721
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Add tests for exercising pushing images to various transports and
attempt to pull from the destinations.
Fix an error determining the storage reference and image name when
pushing to containers-storage.
Fix a bug in `RemoveImages`: leaving `names` empty and specifying no
filters should remove *all* images.
Please note that the tests are currently not exercising pushing to a
registry. That requires a local registry but since CI is currently
running inside a container, we cannot do much just yet. Once CI runs
in another environment, I will go back and extend the tests.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
The recent refactoring introduced a bug yielding a pull from the dir
transport a NOP. I will soon add unit tests for that.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Add an event system to libimage. Callers can opt-in to using events by
requesting an event channel via `(*Runtime).EventChannel()`. The
returned channel has a buffer of size 100 which should be sufficient
even under high loads. But, to be on the safe side, writing an event
will time out after 2 seconds to prevent operations from blocking.
Currently, the only user of such an event system is Podman which will
need to convert the `Event` type to what's used internally in libpod.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Simplify the transports-sensitive dispatcher when pulling images and use
the default case for transports that do not require special casing.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Recently images tagged by 64 chars cannot be pulled when ommiting "docker://"
prefix. This commit fixes this issue.
Signed-off-by: Kohei Tokunaga <ktokunaga.mail@gmail.com>
Valentin Rothberg
Mikhail Khachayants
Daniel J Walsh
Sascha Grunert
Paul Holzinger
Valentin Rothberg
OpenShift Merge Robot
Nalin Dahyabhai
ktock