... to simplify and benefit from Go 1.17.
In some cases, wrap tests in testing.T.Run() to decrease
the scope, or to make the relationship between the test and the
cleanup clearer. In some cases it's still a bit awkward
because there is no testing.T.Unsetenv, but still worth it.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Most importantly this removes a dependency of c/image/manifest
(and thus c/image/signature) on pkg/compression and all the implementations.
Use pkg/compression/types everywhere else it is possible as well,
even if it does not remove any dependency on pkg/compression, just
to enforce the discipline.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Extend the blob info cache to also cache the name of the type of
compression used on a blob that we've seen, or specific values that
indicate that we know the blob was not compressed, or that we don't
know whether or not it was compressed.
New methods for adding known blob-compression pairs and reading
candidate locations including compression information are part of a new
internal BlobInfoCache2 interface which the library's BlobInfoCache
implementors also implement.
When we copy a blob, try to record the state of compression for the
source blob, and if we applied any changes, the blob we produced.
Make sure that when TryReusingBlob successfully uses a blob from the
blob info cache, that it provides compression information in the
BlobInfo that it returns, so that manifests can be updated to describe
layers using the correct MIME types.
When attempting to write a manifest, if a manifest can't be written
because layers were compressed using an algorithm which can't be
expressed using that manifest type, continue on to trying other manifest
formats.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Set default rootless sigstore to ~/.local/share/containers/sigstore if the caller is non-root.
Export the func ConfiguredSignatureStorageBase() for Podman image sign implementation.
Signed-off-by: Qi Wang <qiwan@redhat.com>
... primarily so that imports of packages that aren't in the
standard library are all in one section.
Also correct the package in tarball/doc.go example (without verifying
the code works).
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
... so that major-version-aware Go module import
(as opposed to vX.Y.Z+incompatible, which does not allow different
packages to use different versions) works right.
Also requires adding some more GO111MODULE=on options to Makefile.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
for tools in containers/ we are using the env variable
_CONTAINERS_ROOTLESS_UID when running in a user namespace to refer to
the rootless UID that created the user namespace.
Closes: https://github.com/containers/libpod/issues/2510#issuecomment-480066763
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
This allows consumers who don't need the defaulting logic to pick
their desired implementation without pulling in unrelated
dependencies. For example, it allows you to consume the memory or
NoCache implementations without pulling in github.com/boltdb.
I'd initially included blobinfocache wrappers to preserve backwards
compatibility with the old API while consumers updated to the new
APIs, but Miloslav said we don't have any backwards-compatibility
commitments at the moment [1].
Having single-implementation subpackages also allows for more generic
names (e.g. NewMemoryCache is now just New), because memory.New is
clear enough while memory.NewMemoryCache stutters.
[1]: https://github.com/containers/image/pull/602#issuecomment-471570789
Signed-off-by: W. Trevor King <wking@tremily.us>
Document that field accesses must be done with the mutex held,
and rename uncompressedDigest to uncompressedDigestLocked.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
The documentation says
> The zero value for a Mutex is an unlocked mutex.
and memoryCache is already a passed-by-reference interface
implementation, so we don't need that extra allocation.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Serialize method calls via a mutex to avoid concurrent accesses to the
map leading to panics.
Fixes: https://github.com/containers/libpod/issues/2420
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
This returns a default BoltDB instance (which almost everyone
should use to maximally benefit from the cache). The default location
is chosen to exist near the containers/storage GraphRoot (i.e.
typically on the same partition, with the same SELinux context),
both for root and rootless modes of podman.
This adds no users yet, so should not immediately change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
This exists primarily for the benefit of Image.ConfigBlob
and similar readers, which don't really benefit from the DiffID matching,
blob mounting, and the like, or callers like ImageDestination.PutBlob,
which actively wants to avoid using any extra cached data (because the
cache lookup should have already happened and now it would just be
redundant).
Does not add any users yet, so should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
This exists for tests, as a fallback when we can't use
the BoltDB locations, and possibly for non-copy.Image
users.
Has no users yet, so does not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
This is the primary production implementation.
Does not add any users yet, so should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
This will be called by at least two of the implementations. Has no users
yet, but they will be added momentarily.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
The helpers have no users yet, they will be added momentarily along
with the implementations to be tested.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Miloslav Trmač