Recent changes in the image-lookup logic will, in many cases, yield a
check whether an image is a manifest list. This had caused a regression
in Podman's test/system/330-corrupt-images.bats system tests where we're
attempting to delete a corrupted image with a missing manifest. Since
the manifest is missing, the manifest list check fails.
To make the image lookups more tolerant towards this specific error
case, we need to ignore the error but emit a warning, similar to what
we're already doing in the parent-child checks.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Commit 724e7c92b5 fixed an issue when pushing images from of a
platform different than the current machine. That required to disable
the platform matching logic when looking up the image before pushing it.
It also required some restructuring of the code such that manifest lists
are resolved and their instances looked up.
The restructuring in turn introduced a regression when looking up bare
manifest lists. To fix the regression and keep the code simple,
introduce an internal field in the LookupImageOptions that indicates
whether we're looking up a bare manifest list or not.
Now we have clearer separation of concerns between looking up images or
manfifests and whether the looked up image needs to match the current
platform or not.
Add some unit tests exercising the manifest-list code to make sure we're
not regressing again.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
When comparing the digests of a local image and a remote image, we've
been reading the manifest from the remote image using NewImage(), which
may or may not return a list, and have been comparing the digest of that
manifest to only one of the local image's manifests.
Start checking if the remote reference points to a manifest list, and if
it is, find the image in the list that we'd choose to pull, and use its
manifest digest for the comparison.
When looking up the digest of the local image to compare to the remote
image, consider them to be the same image if any of the manifests in the
image record has the same digest as the remote manifest, which is now
known to not be a list.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
When pushing an image, make sure to ignore the platform of the image to
push exactly what the user wishes to. Add a test to make sure we're not
regressing in the future.
To preserve previous behaviour with respect to attempting to push a
manifest list, move the platform check below resolving to a manifest
list.
Fixes: #containers/podman/issues/10344
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Add a unit test exercising image import. It is not extensive but will
do the work of catching regressions. More tests to increase coverage
can be added later.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Add tests for exercising pushing images to various transports and
attempt to pull from the destinations.
Fix an error determining the storage reference and image name when
pushing to containers-storage.
Fix a bug in `RemoveImages`: leaving `names` empty and specifying no
filters should remove *all* images.
Please note that the tests are currently not exercising pushing to a
registry. That requires a local registry but since CI is currently
running inside a container, we cannot do much just yet. Once CI runs
in another environment, I will go back and extend the tests.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
The recent refactoring introduced a bug yielding a pull from the dir
transport a NOP. I will soon add unit tests for that.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Add unit tests for loading images. This covers the most important
formats of docker-archive and oci-archive.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
We got some crashes in Fedora 34 testing.
Second part of this PR is to fix the config_test which is accitendtly
picking up a containers.conf settings from the host. This change forces
the default settings.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Add an event system to libimage. Callers can opt-in to using events by
requesting an event channel via `(*Runtime).EventChannel()`. The
returned channel has a buffer of size 100 which should be sufficient
even under high loads. But, to be on the safe side, writing an event
will time out after 2 seconds to prevent operations from blocking.
Currently, the only user of such an event system is Podman which will
need to convert the `Event` type to what's used internally in libpod.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Simplify the transports-sensitive dispatcher when pulling images and use
the default case for transports that do not require special casing.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Recently images tagged by 64 chars cannot be pulled when ommiting "docker://"
prefix. This commit fixes this issue.
Signed-off-by: Kohei Tokunaga <ktokunaga.mail@gmail.com>
To remain backwards compatible with the old behavior of Podman, we need
to print the layers in the reverse order. Also make sure that we branch
correctly when `traversChildren` is true (`--whatrequires` in Podman).
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
The following changes were not split into smaller commits since the
entire package is still work in progress and I want to keep moving:
* Various small fixes.
* The internal image cache has been removed as it's a recipe for
inconsistencies for longer running processes. This should make
libimage easier to use for CRI-O and a Podman service.
* LookupImage now returns storage.ErrUnknownImage rather than nil.
This simplifies the callers and makes sure we have a consistent
error.
* LookupImage is now able to handle manifests lists. Unless the
platform is explicitly ignored via the options, the matching
image within the manifest list is now returned. This greatly
simplifies the spec generation in Podman; no callers should have
to worry about this kind of detail.
* LookupImage has been refactored into smaller-sized and easier to
read functions.
* RemoveImages has been changed to assemble the data of removed or
untagged images. This comes in handy for pruning images. I am
heavily against having a dedicated API for pruning since the it's
really just a combination of filtering and removing images which
RemoveImages already supports. Hence these changes to satisfy
the needs of `podman image prune`.
Furthermore, it now returns an []error slice rather than a single
error. Again to make Podman happy which needs to inspect *all*
errors for setting the appropriate exit code.
* A rather large refactoring of the removal code along with very
verbose comments. Those were largely absent in the Podman code base
but there many rules and contracts embedded that I partially could
only reconstruct by manually tests and comparing to Docker.
* Add a new `containers={true,false}` filter which allows filtering
images whether they are used by containers (=true) or if no container
is using them (=false). This filter is required for pruning images
in Podman.
* `libimage/types` has been merged into `libimage`. Podman has to do
_a lot of_ massaging for the remote client already and the types
are pretty much nailed down for the remote API. Hence, I prefer to
do some translation between `libimage` types and what Podman needs
rather than splitting `libimage` in half without an obvious reason.
This way the package is self-contained allowing for an easier
navigation and maintenance.
* `libimage.PullPolicy` has been merged into `pkg/config.PullPolicy`
to have _one_ central place to deal with pull policies. The type
system in `pkg/config` sets "always" as the default unfortunately
but I think consistency is more important at that point.
* Added `CopyOptions.DirForceCompress` to enforce layer compression
when copying to a `dir` destination.
* We now use `github.com/disiqueira/gotree` for pretty printing image
trees. That greatly simplifies the code and we don't have to worry
about the logic of printing a tree. Note that trees are now always
printed top down!
* Added a new `libimage.ManifestList` type along with an API for local
lookups and performing certain operations on it to wrap around
`libimage/manifests` as previously done in `libpod/image` and other
places in Podman.
* Correct caching of `(*Image).Inspect`.
* In addition to username, password and credentials, allow for
speciying an identity token for copying images. That's needed for
Podman's remote API.
* Make image removal more tolerant toward corrupted images.
* A new "until=timestamp" filter that can be used by all APIs
supporting filtering.
* An empty string now resolves to PullPolicyMissing.
* `(*Runtime) systemContextCopy()` returns a deep copy of the runtime's
system context. Golang's shallow copies are very dangerous for long
running processes such as Podman's system service. Hence, we need to
make sure that base data is not altered over time. That adds another
external dependency but I do not see a way around that. Long term,
I desire a `(*containers/image/types.SystemContext).Copy()` function.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Users may with low bandwidth might want to adjust the number of
parallell pulls in their containers.conf, this hooks up the
contianers.conf settings to the copier opject.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
The new `libimage` package is an attempt to consolidate the code for
managing container images and performing operations on them such as
pulling, pushing, saving, searching, local lookups, removing etc.
Over time, Buildah, CRI-O and Podman diverged with respect to managing
container images resulting in a high amount of code duplication
rendering the tools harder to maintain (e.g., bug fixes) and harder to
extend (e.g., adding new features) than necessary.
The desire to share all that code in a common library grew and this is
an attempt to address the it.
The changes as they are now pass Buildah CI [1]. Once merged into
Buildah, I expect follow up changes when migrating Podman over to
`libimage`.
Miscellaneous changes:
* Copy `podman/pkg/signal` to `pkg/signal`.
* Copy `buildah/manifests` to `image/manifests`. Note that the unit
tests require root privileges. Skip()'s are added when running
rootless. Currently excluded from linting.
* Copy `buildah/pkg/manifests` to `pkg/manifests`. Currently excluded
from linting.
* Copy `buildah/pkg/supplemented` to `pkg/supplemented`. Currently
excluded from linting.
[1] github.com/containers/buildah/pull/3148
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Valentin Rothberg