To prevent the podman remote client from using libimage which causes a
lot of bloat due the c/image and c/storage dependencies add the
`!remote` tag.
This will cause a hard compile time failure if the remote client ends up
pulling in libimage.
Fixes#1702
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Move the platform code into its own directory
under libimage so it can be used by farm build in
podman without causing the binary size to increase a lot.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
Set the `EXTEND_TIMEOUT_USEC` over DBUS when pulling an image from a
registry and when running under systemd. This will prevent a frequent
issue when running Quadlets and exceeding the default systemd start
timeout of 90 seconds when pulling the image takes too long.
Fixes: containers/podman/issues/18353
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
- We need to set DockerAuthConfig even if we use of
non-IdentityToken credentials.
- This function should be failed when there are multiple
credential sources, not only `Username` + `Credentials`.
Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
This allows using Fulcio and Rekor, without having to pass around 9 options;
and the interactivity required for OIDC authentication is handled by the caller
at some higher level (possibly only once for multiple operations).
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Podman adds an Error: to every error message. So starting an error
message with "error" ends up being reported to the user as
Error: error ...
This patch removes the stutter.
Also ioutil.ReadFile errors report the Path, so wrapping the err message
with the path causes a stutter.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
`github.com/pkg/errors` is deprecated since quite some time so we now
use the native error wrapping for more idiomatic golang.
Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
gofumpt is a stricter version of gofmt, basically making the code more
readable, and fixing the gocritic's octalLiterar warnings like this one:
pkg/util/util_supported.go:26:17: octalLiteral: use new octal literal style, 0o722 (gocritic)
return (perm & 0722) == 0700
^
Generated by gofumpt -w .
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Add a SourceFilter hook that allows a caller to intercept and filter
attempts to read source blobs when pushing a manifest list.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Buildah, containers and probably other container engines are normalizing
the platform parameters to support common values. For instance, "x86_64"
is normalized to the OCI conformant "amd64".
Use the same normalization when copying images and looking up local
images. Also add some debug logs to facilitate future debugging.
Fixes: containers/podman/issues/12680
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Add an option to allow for accepting uncompressed layers when
copying OCI images.
Context: github.com/containers/podman/issues/11613
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
When copying images into local storage, parse the manifest of the copied
image and then look up the IDs of the matching image.
There's a short period of time, between when we copy the image into
local storage and when we subsequently go to look for it using the name
that we specified for it when we copied it, when the name we wanted to
assign to the image could have been assigned to another image by another
process.
The manifest that we copied as part of the image that we copied will
still be in the right image regardless, and we can use that to find the
image's ID, and from there fill out our own Image structure that we
return to our caller.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
The following changes were not split into smaller commits since the
entire package is still work in progress and I want to keep moving:
* Various small fixes.
* The internal image cache has been removed as it's a recipe for
inconsistencies for longer running processes. This should make
libimage easier to use for CRI-O and a Podman service.
* LookupImage now returns storage.ErrUnknownImage rather than nil.
This simplifies the callers and makes sure we have a consistent
error.
* LookupImage is now able to handle manifests lists. Unless the
platform is explicitly ignored via the options, the matching
image within the manifest list is now returned. This greatly
simplifies the spec generation in Podman; no callers should have
to worry about this kind of detail.
* LookupImage has been refactored into smaller-sized and easier to
read functions.
* RemoveImages has been changed to assemble the data of removed or
untagged images. This comes in handy for pruning images. I am
heavily against having a dedicated API for pruning since the it's
really just a combination of filtering and removing images which
RemoveImages already supports. Hence these changes to satisfy
the needs of `podman image prune`.
Furthermore, it now returns an []error slice rather than a single
error. Again to make Podman happy which needs to inspect *all*
errors for setting the appropriate exit code.
* A rather large refactoring of the removal code along with very
verbose comments. Those were largely absent in the Podman code base
but there many rules and contracts embedded that I partially could
only reconstruct by manually tests and comparing to Docker.
* Add a new `containers={true,false}` filter which allows filtering
images whether they are used by containers (=true) or if no container
is using them (=false). This filter is required for pruning images
in Podman.
* `libimage/types` has been merged into `libimage`. Podman has to do
_a lot of_ massaging for the remote client already and the types
are pretty much nailed down for the remote API. Hence, I prefer to
do some translation between `libimage` types and what Podman needs
rather than splitting `libimage` in half without an obvious reason.
This way the package is self-contained allowing for an easier
navigation and maintenance.
* `libimage.PullPolicy` has been merged into `pkg/config.PullPolicy`
to have _one_ central place to deal with pull policies. The type
system in `pkg/config` sets "always" as the default unfortunately
but I think consistency is more important at that point.
* Added `CopyOptions.DirForceCompress` to enforce layer compression
when copying to a `dir` destination.
* We now use `github.com/disiqueira/gotree` for pretty printing image
trees. That greatly simplifies the code and we don't have to worry
about the logic of printing a tree. Note that trees are now always
printed top down!
* Added a new `libimage.ManifestList` type along with an API for local
lookups and performing certain operations on it to wrap around
`libimage/manifests` as previously done in `libpod/image` and other
places in Podman.
* Correct caching of `(*Image).Inspect`.
* In addition to username, password and credentials, allow for
speciying an identity token for copying images. That's needed for
Podman's remote API.
* Make image removal more tolerant toward corrupted images.
* A new "until=timestamp" filter that can be used by all APIs
supporting filtering.
* An empty string now resolves to PullPolicyMissing.
* `(*Runtime) systemContextCopy()` returns a deep copy of the runtime's
system context. Golang's shallow copies are very dangerous for long
running processes such as Podman's system service. Hence, we need to
make sure that base data is not altered over time. That adds another
external dependency but I do not see a way around that. Long term,
I desire a `(*containers/image/types.SystemContext).Copy()` function.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Users may with low bandwidth might want to adjust the number of
parallell pulls in their containers.conf, this hooks up the
contianers.conf settings to the copier opject.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
The new `libimage` package is an attempt to consolidate the code for
managing container images and performing operations on them such as
pulling, pushing, saving, searching, local lookups, removing etc.
Over time, Buildah, CRI-O and Podman diverged with respect to managing
container images resulting in a high amount of code duplication
rendering the tools harder to maintain (e.g., bug fixes) and harder to
extend (e.g., adding new features) than necessary.
The desire to share all that code in a common library grew and this is
an attempt to address the it.
The changes as they are now pass Buildah CI [1]. Once merged into
Buildah, I expect follow up changes when migrating Podman over to
`libimage`.
Miscellaneous changes:
* Copy `podman/pkg/signal` to `pkg/signal`.
* Copy `buildah/manifests` to `image/manifests`. Note that the unit
tests require root privileges. Skip()'s are added when running
rootless. Currently excluded from linting.
* Copy `buildah/pkg/manifests` to `pkg/manifests`. Currently excluded
from linting.
* Copy `buildah/pkg/supplemented` to `pkg/supplemented`. Currently
excluded from linting.
[1] github.com/containers/buildah/pull/3148
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
openshift-merge-bot[bot]
Oleksandr Redko
Ygal Blum
Paul Holzinger
Urvashi Mohnani
Valentin Rothberg
Aditya R
Toshiki Sonoda
Miloslav Trmač
Daniel J Walsh
Sascha Grunert
Kir Kolyshkin
Nalin Dahyabhai
Valentin Rothberg
Giuseppe Scrivano