... by not incorrectly invoking the schema2 code; otherwise
it tries to unmarshal nil as JSOn, and fails.
I'm not sure whether schema1 images can contain
a comment or a health check; just not crashing is
an improvement.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
To prevent the podman remote client from using libimage which causes a
lot of bloat due the c/image and c/storage dependencies add the
`!remote` tag.
This will cause a hard compile time failure if the remote client ends up
pulling in libimage.
Fixes#1702
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
podman untag should error out of a name is given which does not exists
for the given image. This regression was added in commit a4a7c28aef.
There was even a test which meant to check for it but unfortunately it
did not actually check for what it should. The doNotExist check failed
early to the upper case in the repo name.
The tests have been updated to check for actual error messages to show
ensure it is failing for the right reason.
This also showed that `normalizing name` message was included twice so
I removed one case to not stutter.
Fixes a4a7c28aef ("libimage: support parallel tag/untag")
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
The c/storage SetNames API is depracated because it is not race free to
first get the list of names and then append our new name then write the
full list back. Instead a better Add/RemovesNames API has been added.
Tag and Untag should use these to prevent race conditions that can be
easily reproduce using podman tag in parallel. Tests have been added to
ensure it is working correctly.
Fixes https://github.com/containers/podman/issues/17515
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Computing the history did not walk the layers correctly. Fix that and
try to improve the code to make it easier to read and maintain for
future pairs of eyes.
A regression will also be added to the Podman PR vendoring this change.
Fixes: containers/podman/issues/20375
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Add compatibility interfaces for items which have been moved from the
main libimage package to its new platform subpackage.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Move the platform code into its own directory
under libimage so it can be used by farm build in
podman without causing the binary size to increase a lot.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
manifest push API must implement and leverage `retry` logic similar to
`image push` with similar defaults.
Closes: https://github.com/containers/common/issues/1664
Signed-off-by: Aditya R <arajan@redhat.com>
The id and digest filters for podman images was broken
as it would only match on the full ID or Digest, so when
users would give a substring of either not results would be
given even though there were matches.
Fix to check on prefix now instead.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
Layer tree expectes to form a relation between child and parent
instances, however it expects an instance from manifest list which is
empty, following expectation is not possible and will always resuilt in
error.
Closes: https://github.com/containers/podman/issues/19860
[NO NEW TESTS NEEDED]
Image without layer cant be built in libimage, and `podman save`
automatically malforms such image so no such external image can be
loaded.
Signed-off-by: Aditya R <arajan@redhat.com>
This allows podman to import them on the remote client without needing
the full libimage.
Based on Miloslav's work: https://github.com/containers/podman/pull/19718
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Selectively disable cases that I cannot touch or don't bother spending
time on. Future cases will be avoided.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
When pulling from an OCI source, make sure to preseve the optional name.
For instance, a `podman pull oci:/tmp/foo:quay.io/foo/bar:latest` should
pull the image and name it `quay.io/foo/bar:latest`.
While at it, also fix a bug when pulling an OCI without the optional
name. Previously, we used the path to name the image which will error
in most cases due to invalid characters (e.g., capital ones). Hence,
apply the same trick as for the `dir` transport and generate a sha.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
These structs are (for better or worse) a part of
Podman's API, so podman-remote needs to include the subpackage that
defines them - which is all of libimage (and c/image/v5/copy) right now.
Instead, move them to libimage/define.
Alternatively, maybe Podman's API should not directly depend on (unstable)
c/common types?!
Only moves unchanged code, should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Make sure to close all `ImageCloser` to avoid potential memory leaks.
Fixes: containers/common#1533
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Set the `EXTEND_TIMEOUT_USEC` over DBUS when pulling an image from a
registry and when running under systemd. This will prevent a frequent
issue when running Quadlets and exceeding the default systemd start
timeout of 90 seconds when pulling the image takes too long.
Fixes: containers/podman/issues/18353
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
`c/image` recently added support for EnsureCompressionVariantsExist,
following PR exposes the feature to `c/common` manifests so actual users
can use it.
Signed-off-by: Aditya R <arajan@redhat.com>
We don't need a reference.NamedTagged now.
That also makes the namedTagged variable in the caller more local.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Right now that's not simpler, but it will enable simplification of the caller.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
... so that early exits are colocated.
Should not change behavior, reference.TrimNamed() updating
"name" should not change the IsShortName value.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Scary features should have scary names. Also add a comment
to make it less likely that this semantics will spread.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
To fix a BZ on auto-updates, we need to improve the system tests.
To improve the system tests, we need to use the existing test
infrastructure. To use the existing test infrastructure, we need
to be able to skip TLS verification in tests. To be able to skip TLS
verification in the tests, we need a new --tls-verify flag for
podman-auto-update. And for that to work, we need a way to pass that
down to libimage when checking if there's a new image on the registry.
[1] https://bugzilla.redhat.com/show_bug.cgi?id=2218315
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
When looking up an image by digest, make sure that the entire repository
of the specified value is considered. Previously, both the repository
and the tag have been ignored and we looked for _some_ image with a
matching digest.
As outlined in #1248, Docker stopped ignoring the repository with
version v20.10.20 (Oct '22) which is a compelling reason to do the same.
To be clear, previously `something@digest` would look for any image with
`digest` while `something` is entirely ignored. With this change, both
`something` and `digest` must match the image.
This change breaks two e2e tests in Podman CI which relied on the
previous behavior. There is a risk of breaking users but there is a
strong security argument to perform this change: if the repository does
not match the (previously) returned issue, there is a fair chance of a
user error.
Fixes: containers/common#1248
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Commit 3e9cdd9c53 took a first stab at making operating on the layer
tree more resilient by detecting unknown-image errors. Testing in
containers/podman/pull/18980 revealed that we also need to detect
unknown-layer and -size errors as well.
Move the errors checks into a convenience function and update the
relevant call sites to facilitate future changes. Export the
function since Podman needs the very same checks when operating
on images, for instance, when looking up image labels.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Make operating on the layer tree more resilient towards parallel image
removals by checking for unknown-image errors. This partially fixes
below linked BZ.
At the time of writing, I do not have a reliable easy (and short
running) reproducer. Hence, I suggest to merge this change without
tests and rely on either Podman CI (which doesn't have a reliable test
yet either) and the QE team (will be informed).
BZ: bugzilla.redhat.com/show_bug.cgi?id=2216700
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Make sure that reference filters properly work on digests as well.
To keep things simple, try to lookup an image for the user-specified
value and compare IDs. This will implicitly fix #containers/podman/issues/18445
and probably more (unknown) issues.
Fixes: #containers/podman/issues/18445
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Ygal Blum
Miloslav Trmač
Paul Holzinger
Valentin Rothberg
Nalin Dahyabhai
Urvashi Mohnani
OpenShift Merge Robot
Aditya R
guoguangwu