All other errors are returned wrapped with the image ID so do the same
when the manifest blobl decoding fails.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
I saw a flake in parallel podman testing, podman images can fail if the
manifest was removed at the right time. In general listing should never
be able to fail when another image or manifest is removed in parallel.
Change the logic to convert to manifest and only collect the digests in
the success case and ignore all other errors to make the listing more
robust.
I observed the following error from podman images:
Error: locating image "xxx" for loading instance list: locating image with ID "xxx": image not known
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This fixes the following staticcheck warnings:
> libimage/image.go:463:5: QF1001: could apply De Morgan's law (staticcheck)
> if !(referencedBy == "" || numNames == 1) {
> ^
> libimage/normalize.go:33:5: QF1001: could apply De Morgan's law (staticcheck)
> if !(strings.ContainsAny(registry, ".:") || registry == "localhost") {
> ^
> libimage/search.go:220:6: QF1001: could apply De Morgan's law (staticcheck)
> if !(filterMatchesAutomatedFilter(&options.Filter, results[i]) && filterMatchesOfficialFilter(&options.Filter, results[i]) && filterMatchesStarFilter(&options.Filter, results[i])) {
> ^
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
ImageReference is an interface and we generally have no idea about the
underlying layout here and if that can be printed as string. In case of
the docker transport we get:
{{{docker.io library/busybox} latest} %!s(bool=false)}
That is clearly wrong and confusing, instead use transports.ImageName()
which is the recommended way to refer to images in the UI.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Currently when we run podman image prune or podman images --filter
dangling
It is pruning images that are in a local manifest. These images are
not dangling because they are currently in use by a named manifest list.
You can create this situation simply by doing
echo "from scratch" > /tmp/Containerfile
id=$(podman build /tmp)
podman manifest create test $id
podman image prune --force
podman image exists $id
Will return an error since the image was pruned. Now the local manifest
test is broken.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Following commit fixes a `race` condition in `libimage` because in `Pull(`
after performing `copy` from remote sources it agains attempts to resolve
image via `LookupImage`, any operation between `copy` and `LookupImage` can remove
`name` from the recently pulled image. Causing race in builds.
This issue was discoverd while working on PR https://github.com/containers/buildah/pull/5971
```
buildah build -t test --jobs=2 --skip-unused-stages=false .
```
Containerfile
```
FROM quay.io/jitesoft/alpine
RUN arch
FROM --platform=linux/arm64 quay.io/jitesoft/alpine AS foreign
```
Following commit also addresses the commit 88f60eeeb3
by performing the neccessary refactor.
No functional change in public exposed API, exisiting tests should pass as-is.
[NO NEW TESTS NEEDED]
Signed-off-by: flouthoc <flouthoc.git@gmail.com>
The old implementation only counted full images when sharing content
between them. That is wrong, the store is layer based. We can have two
images with no parent image that shares layers.
As such get rid of the image tree that only is able to walk child/parent
images. Instead we actually walk all layers now and correctly notice
when they are shared.
To this this correctly, first convert all layers to map so we can look
them up by ID. And add missing size information if needed. Then we walk
all images layers and count how often each layers is used. Then walk
again but this time we know if the layer size must be shared or not so
we can actually acount things correctly.
Fixes: containers/podman#24452
Fixes: https://issues.redhat.com/browse/RHEL-29641
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
... to validate that the manifests match expected digests, if any.
Do this everywhere, even where we read local storage which is
mostly trusted, because it is cheap enough and being consistent
makes it less likely for the code to be copied into other
contexts where the sources are not trusted.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
In particular rework the tmpdir test to use two seperate runs so we can
correctl use t.Setenv() so it cleans up at the right moment.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Mainly type casting issues. I ignored some of them where I don't think
it can fail or when it is in tests where we would notice anyway.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
These images can and will change at any time and thus can break our CI
without any external changes which is very bad. The TestPush test is
failing because it expects two not one image as it converts from docker
to oci on push. However the upstream docker.io/library/alpine was
switched to an oci image thus the test started failing as the local
storage now has the same id and just stores two different tags for the
same image.
Switch to our own controlled quay.io images where possible. This is
neither complete nor do I fully understand the tests here. I did a quick
search and replace and will see what works or not.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
- Use the image's repo, not just the digest, to be more precise
when zstd:chunked ambiguities are involved
- Remove the multi-platform lookup code, it is never used
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
There's no benefit in returning multiple matches;
we ideally want to return exactly the image we pulled,
but even if that were hard, returning multiple guesses
is not what the user asked for.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
If we can't find the image we have just pulled by digest, the image
was probably already removed, and returning candidate.Value
could only possibly point at a _different_ image with the same
tag.
Instead, fail immediately.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
To support OCI artifacts in Podman, we need to export the Copier type
and create an exported constructor (NewCopier). Additionally, the
actual copy and close methods are now exported.
Signed-off-by: Brent Baude <bbaude@redhat.com>
For artifact support, the copier needs to get all tags; as such, we need
to pass in the correct value for ImageListSelection.
Signed-off-by: Brent Baude <bbaude@redhat.com>
To support artifact handling, we need to export some of the methods for
copier. The Copy and Close method have been exported. In addition, a
new constructor that is exported was created so we could introduce a
different SystemContext for artifacts.
Signed-off-by: Brent Baude <bbaude@redhat.com>
Contains fixes for new linters, removed depracted and removed linters
from the config.
Most notably because we use go 1.22 now we can get rid of the copy for
loop vars[1]. Also as of the go 1..2 we can use the new int range syntax
in for loops the new intrange linter checks that.
[1] https://go.dev/blog/loopvar-preview
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Instead of passing a nil system context when adding to a manifest
list, use a valid one, ensuring that settings like auth and TLS
verification are passed along and respected.
Fixes https://github.com/containers/podman/issues/23410
Signed-off-by: Matt Heon <mheon@redhat.com>
podman system reset nukes everything which makes not a great suggestion.
Now that we have the podman system check recommend that instead as it
actually checks the storage for corruption and might be able to repair
it.
This is important because as it turns out this warning can pop up even
in totally normal circumstances as there is a race between image and
layer listing[1]. And even if that get fixed the check command will be
the better suggestion.
[1] https://github.com/containers/podman/issues/23331
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Instead of just writing a lot of the OCI layout using magic strings and
names, use constants provided by the image-spec.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Add libimage.Image.ConvertToManifestList(), which will convert an image
to a manifest list if it isn't already possible to use it as one.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Partial fix for https://github.com/containers/podman/issues/23120
Working on a fix for this crash, but want same error to come back as
non-remote case.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Move the definition of our LookupReferenceFunc type alias to a file that
isn't conditionally compiled.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Both slices.Clone() and maps.Clone() return `nil` when passed `nil`, so
we don't need to check for a `nil` pointer before calling them.
Imports that used the golang.org/x/exp versions of the maps and slices
packages can now use the versions in the standard library, since we
require Go 1.21.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
When AnnotateInstance() is given a non-empty Architecture value, set the
Variant value to the one that was passed in along with it, even if that
value is empty.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
When asked to add all of the entries from one index to another, don't
forget to carry over the artifactType.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Paul Holzinger