unparam and exportloopref already work without changes.
For revive I had to silence many naming issues. I decided to silence them
instead of changing the name because I didn't want to break any code.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
if image_copy_tmp_dir is set in containers.conf it needs to be used in
the systemcontext for BigFilesTemporaryDir value.
Fixes: https://github.com/containers/podman/issues/14091
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
This one:
libimage/manifests/manifests.go:387:10: elseif: can replace 'else {if cond {}}' with 'else if cond {}' (gocritic)
} else {
^
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
gofumpt is a stricter version of gofmt, basically making the code more
readable, and fixing the gocritic's octalLiterar warnings like this one:
pkg/util/util_supported.go:26:17: octalLiteral: use new octal literal style, 0o722 (gocritic)
return (perm & 0722) == 0700
^
Generated by gofumpt -w .
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
> libimage/manifests/manifests.go:408:3: S1033: unnecessary guard around call to delete (gosimple)
> if _, needToDelete := l.instances[instanceDigest]; needToDelete {
> ^
Indeed, we can just call delete right away.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Error checking is important. In these two cases, though, we don't have a
way to return an error, so make it explicit that we ignore the error.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
`image-spec` already supports variant and if `ImportOptions` contains
any configured `Variant` it should be set on the imported image as well.
What does this fix:
Allows `podman import --variant <something> some.tar image-name` to
become functional from `no-op`
Ref: https://github.com/opencontainers/image-spec/blob/main/specs-go/v1/config.go#L93
Signed-off-by: Aditya R <arajan@redhat.com>
Add a field to `RemoveImages` that would ingore if a specified image
does not exist and not throw an error.
The intended use case is adding a `podman rmi --ignore` flag.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
When looking up an image by a short name that prefixes another image's
ID, the one matching the short name should be returned.
This means that we need to do a final lookup in the storage with the
specified name (without normalization) to continue matching short IDs.
Since it's common that users of libimage (e.g., Buildah) internally
refer to images by full ID, let's make sure that we check for that
first. This way, we'll match full IDs on first lookup and keep the
expected performance.
Note that a name starting with `sha2556:` must be followed by a 64-byte
hex value; something we didn't check for before.
Fixes: containers/podman/issues/12761
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Unfortunately, it the table was commented out, so it was a NOP.
Fix one test where the image being pulled was not present on
the GCR mirror.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Add a SourceFilter hook that allows a caller to intercept and filter
attempts to read source blobs when pushing a manifest list.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
After containers/podman/issues/10682, we decided to always re-pull
images of non-local platforms and match *any* local image. Over time, we
refined this logic to not *always* pull the image but only if there is a
*newer* one. This has slightly changed the semantics and requires to
perform platform checks when looking up a local image. Otherwise, bogus
values would match a local image and mistakenly return it.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
When pulling down an image with a user-specified custom platform, we
try to make sure that user gets what they are asking for. An inherent
issue with multi-arch images is that there are many images in the wild
which do not get the platform right (see containers/podman/issues/10682).
That means we need to pessimistically assume that the local image is
wrong and pull the "correct" one down from the registry; in the worst case
that is redundant work but we have a guarantee of correctness.
Motivated by containers/podman/issues/12707 I had another look at the
code and found some space for optimizations. Previously, we enforced
the pull policy to "always" but that may be too aggressive since we may
be running in an airgapped environment and the local image is correct.
With this change, we enforce the pull policy to "newer" which makes
errors non-fatal in case a local image has been found; this seems like a
good middleground between making sure we are serving the "correct" image
and user friendliness.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Podman CI wants that for pruning. The pruning code unconditionally sets
the dangling filter since that's crucial for pruning.
Also fix a typo in the error message:
`s/more then/more than/`
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Path-based transports may contain characters that are invalid for a
reference. In such cases, we should pessimistically generate an ID
and not attempt to look at the (possibly path-based) string within the
transport.
This fixes an error when running `podman run dir:/tmp/CapitalChar` and
will prevent the same issue for the upcoming SIF transport.
Extend the tests to make sure we're not going to regress in the future.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
When looking up an image by digest, make sure that the matching image is
also subject to further attribute checks (e.g., manifest list checks) as
specified by the user.
Fixes: containers/podman/issues/12729
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Buildah, containers and probably other container engines are normalizing
the platform parameters to support common values. For instance, "x86_64"
is normalized to the OCI conformant "amd64".
Use the same normalization when copying images and looking up local
images. Also add some debug logs to facilitate future debugging.
Fixes: containers/podman/issues/12680
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Path-based transports may contain characters that are invalid for a
reference. In such cases, we should pessimistically generate an ID
and not attempt to look at the (possibly path-based) string within the
transport.
This fixes an error when running `podman run dir:/tmp/CapitalChar` and
will prevent the same issue for the upcoming SIF transport.
Extend the tests to make sure we're not going to regress in the future.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
For compatibility mode, we need to have a filter that gets rid of
manifest lists from the list of all images.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Further turn applying the filters into a method of `type Image`.
Also change the loop when filtering images to not append the
loop variable to the result slice; it's always the same pointer.
Fixes: containers/podman/issues/12582
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
The same filters types should be disjoint, while
each selected filter type is required. This will allow callers to pass
multiple reference filters and if an image matches it is returned.
Other filters the image has to match all filters to be returned.
Specifying "since", "after", "before", "containers", "dangling","intermediate", "readonly", "until" more then once is an error.
[NO NEW TESTS NEEDED] I will open up a validation against buildah to
make sure this passes before merging.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Archives generated with buildkit have some kind of "hybrid" layout which
is the same for OCI and Docker archives. OCI ones ship with a
manifest.json but set the image's reference in the index.json but in a
custom annotation and not the one the OCI image spec wants. Archives
in the Docker format set the reference in `RepoTags` of the
manifest.json.
To support these archives, simply look for the custom containerd
annotation *and* change the order back to give OCI archives precedence.
Fixes: containers/podman/issues/12560
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
It turns out that FamiliarMatch is only useful for matching Docker Hub
but we should not limit it to that and match values against registry.
For instance, FamiliarMatch is *not* able to match a FQN reference
against a Docker Hub image. I am convinced that we should *not* behave
as Docker does in this case.
This brings us back to the behavior prior to commit c15939746c but
with a fixed matching algorithm. The specified value will now be
matched against 1) the FQN 2) without domain 3) without domain and path.
If specified also a second time without digest/tag.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
The previously inherited behavior from Podman was matching too
aggressively. Now, the filter matches the exact behavior of
Docker, simplifies the code and is tested directly in libimage.
Context: containers/podman#11905
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Add a new search option to specify custom search registries.
The search tests live in Podman and I currently do not have
enough cycles to add completely new ones to libimage.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Make sure to enforce the "latest" tag when looking up images in the
local storage. Also make sure that digested short-names are subject
to the extended digest lookups.
Context: containers/podman/issues/11964
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
cmd/podman needs that functionality as well, so I figured it makes sense
to break it into a separate package to reduce code clones.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
buildkit is setting the health check in the image's config while Docker
and Podman set it in the image's container config. Hence, if the
container config's healthcheck is nil, have a look at the config.
Fixes: #containers/podman/issues/12226
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
When we're given an image reference to add to a manifest list, if we're
setting the instance info's architecture using information from the
image, set its variant field, too. Likewise, if we're setting the OS
using information from the image, set the OS version and features
fields.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
With commit e983ccadc6 the dangling checks have been changed to be
compatible with Docker. Since then, the dangling also need to compute
children.
Speed up the dangling and intermediate checks by computing the layer
tree *once* instead of for each filter invocation.
**Before:**
real 0m10.837s
user 0m11.308s
sys 0m4.231s
**After:**
real 0m0.476s
user 0m0.478s
sys 0m0.151s
Context: github.com/containers/podman/issues/11997
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Add an InspectOptions struct for inspecting images. This is a breaking
change but I think it's worth it since a considerable amount of CPU time
is spent in computing the image's parent (i.e., computing the layer is
costly) while this data is oftentimes not needed.
This cuts off 10ms of container-creation time in Podman.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Exchange two debug logs in the pull-never policy. Those were probably
not moved along with the code and could lead to confusions when reading
debug logs.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
A search without the listTags option normally returns the Index, but as
searchRepositoryTags builds the SearchResult struct the Index was not
included.
Signed-off-by: Jelle van der Waa <jvanderwaa@redhat.com>
Searching for images in registry.fedoraproject.org returns
fedoraproject.org as registry in the search results. When relying on the
Index to group results from different registries this is an issue.
Signed-off-by: Jelle van der Waa <jvanderwaa@redhat.com>
Make sure to try loading the docker-archive first to account for the
"hybrid tarballs" created by buildkit. docker-archive gets the name
right while oci-archive will not.
Fixes: github.com/containers/podman/pull/11619
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
OpenShift Merge Robot