containers
/
podman
mirror of https://github.com/containers/podman.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Revert "Use the config digest to compare images loaded/pulled using different methods" 

This reverts commit 1d7ec1ef5f.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
This commit is contained in:
Miloslav Trmač 2024-10-30 16:11:05 +01:00
parent 6639c20278
commit 11ee6c4f90
4 changed files with 27 additions and 54 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
test/system/010-images.bats
View File

@ -396,13 +396,9 @@ EOF
assert "${lines[-2]}" =~ ".*$IMAGE false" "image from readwrite store" assert "${lines[-2]}" =~ ".*$IMAGE false" "image from readwrite store"
assert "${lines[-1]}" =~ ".*$IMAGE true" "image from readonly store" assert "${lines[-1]}" =~ ".*$IMAGE true" "image from readonly store"
id=${lines[-2]%% *} id=${lines[-2]%% *}
local config_digest; config_digest=$(image_config_digest "@$id") # Without $sconf, i.e. from the read-write store.
CONTAINERS_STORAGE_CONF=$sconf run_podman pull -q $IMAGE CONTAINERS_STORAGE_CONF=$sconf run_podman pull -q $IMAGE
# This is originally a regression test, (podman pull) used to output multiple image IDs. Ensure it only prints one. is "$output" "$id" "pull -q $IMAGE, using storage.conf"
assert "${#lines[*]}" -le 1 "Number of output lines from podman pull"
local config_digest2; config_digest2=$(image_config_digest "@$output")
assert "$config_digest2" = "$config_digest" "pull -q $IMAGE, using storage.conf"
# $IMAGE might now be reusing layers from the additional store; # $IMAGE might now be reusing layers from the additional store;
# Removing the additional store underneath can result in dangling layer references. # Removing the additional store underneath can result in dangling layer references.

44
test/system/120-load.bats
View File

@ -23,23 +23,21 @@ function teardown() {
# Custom helpers for this test only. These just save us having to duplicate # Custom helpers for this test only. These just save us having to duplicate
# the same thing four times (two tests, each with -i and stdin). # the same thing four times (two tests, each with -i and stdin).
# #
# initialize, read image ID, image config digest, and name # initialize, read image ID and name
get_img_ids_and_name() { get_iid_and_name() {
run_podman images -a --format '{{.ID}} {{.Repository}}:{{.Tag}}' run_podman images -a --format '{{.ID}} {{.Repository}}:{{.Tag}}'
read iid img_name <<<"$output" read iid img_name <<<"$output"
img_config_digest=$(image_config_digest "@$iid")
archive=$PODMAN_TMPDIR/myimage-$(random_string 8).tar archive=$PODMAN_TMPDIR/myimage-$(random_string 8).tar
} }
# Simple verification of image config digest and name # Simple verification of image ID and name
verify_img_config_digest_and_name() { verify_iid_and_name() {
run_podman images -a --format '{{.ID}} {{.Repository}}:{{.Tag}}' run_podman images -a --format '{{.ID}} {{.Repository}}:{{.Tag}}'
read new_iid new_img_name < <(echo "$output") read new_iid new_img_name < <(echo "$output")
new_img_config_digest=$(image_config_digest "@$new_iid")
# Verify # Verify
is "$new_img_config_digest" "$img_config_digest" "Image config digest of loaded image == original" is "$new_iid" "$iid" "Image ID of loaded image == original"
is "$new_img_name" "$1" "Name & tag of restored image" is "$new_img_name" "$1" "Name & tag of restored image"
} }
@ -180,7 +178,7 @@ verify_img_config_digest_and_name() {
@test "podman load - by image ID" { @test "podman load - by image ID" {
# FIXME: how to build a simple archive instead? # FIXME: how to build a simple archive instead?
get_img_ids_and_name get_iid_and_name
# Save image by ID, and remove it. # Save image by ID, and remove it.
run_podman save $iid -o $archive run_podman save $iid -o $archive
@ -188,41 +186,41 @@ verify_img_config_digest_and_name() {
# Load using -i; IID should be preserved, but name is not. # Load using -i; IID should be preserved, but name is not.
run_podman load -i $archive run_podman load -i $archive
verify_img_config_digest_and_name "<none>:<none>" verify_iid_and_name "<none>:<none>"
# Same as above, using stdin # Same as above, using stdin
run_podman rmi $iid run_podman rmi $iid
run_podman load < $archive run_podman load < $archive
verify_img_config_digest_and_name "<none>:<none>" verify_iid_and_name "<none>:<none>"
# Same as above, using stdin but with `podman image load` # Same as above, using stdin but with `podman image load`
run_podman rmi $iid run_podman rmi $iid
run_podman image load < $archive run_podman image load < $archive
verify_img_config_digest_and_name "<none>:<none>" verify_iid_and_name "<none>:<none>"
} }
@test "podman load - by image name" { @test "podman load - by image name" {
get_img_ids_and_name get_iid_and_name
run_podman save $img_name -o $archive run_podman save $img_name -o $archive
run_podman rmi $iid run_podman rmi $iid
# Load using -i; this time the image should be tagged. # Load using -i; this time the image should be tagged.
run_podman load -i $archive run_podman load -i $archive
verify_img_config_digest_and_name $img_name verify_iid_and_name $img_name
run_podman rmi $iid run_podman rmi $iid
# Also make sure that `image load` behaves the same. # Also make sure that `image load` behaves the same.
run_podman image load -i $archive run_podman image load -i $archive
verify_img_config_digest_and_name $img_name verify_iid_and_name $img_name
run_podman rmi $iid run_podman rmi $iid
# Same as above, using stdin # Same as above, using stdin
run_podman load < $archive run_podman load < $archive
verify_img_config_digest_and_name $img_name verify_iid_and_name $img_name
} }
@test "podman load - from URL" { @test "podman load - from URL" {
get_img_ids_and_name get_iid_and_name
run_podman save $img_name -o $archive run_podman save $img_name -o $archive
run_podman rmi $iid run_podman rmi $iid
@ -234,21 +232,11 @@ verify_img_config_digest_and_name() {
-v $archive:/var/www/image.tar:Z \ -v $archive:/var/www/image.tar:Z \
-w /var/www \ -w /var/www \
$IMAGE /bin/busybox-extras httpd -f -p 80 $IMAGE /bin/busybox-extras httpd -f -p 80
# We now have $IMAGE pointing at the image, possibly using a zstd:chunked (TOC-based) pull
run_podman load -i $SERVER/image.tar run_podman load -i $SERVER/image.tar
verify_iid_and_name $img_name
# This should move the $img_name tag ( = $IMAGE) to the result of loading the image;
# this is a non-TOC-based load, so it might or might not deduplicate the loaded image with
# the one for myweb.
# So, if we have an untagged image, its probably the one for myweb, and try to remove it.
run_podman rm -f -t0 myweb run_podman rm -f -t0 myweb
run_podman images -a --format '{{.ID}} {{.Repository}}:{{.Tag}}'
local myweb_iid=$(echo "$output" | sed -n '/<none>:<none>/s/ .*$//p')
if [[ -n "$myweb_iid" ]]; then
run_podman rmi $myweb_iid
fi
verify_img_config_digest_and_name $img_name
} }
@test "podman load - redirect corrupt payload" { @test "podman load - redirect corrupt payload" {

18
test/system/150-login.bats
View File

@ -149,8 +149,9 @@ EOF
} }
function _push_search_test() { function _push_search_test() {
# Look up image config digest for later comparison against push/pulled image # Preserve image ID for later comparison against push/pulled image
local img_config_digest; img_config_digest=$(image_config_digest $IMAGE) run_podman inspect --format '{{.Id}}' $IMAGE
iid=$output
destname=ok-$(random_string 10 | tr A-Z a-z)-ok destname=ok-$(random_string 10 | tr A-Z a-z)-ok
# Use command-line credentials # Use command-line credentials
@ -187,8 +188,8 @@ function _push_search_test() {
localhost:${PODMAN_LOGIN_REGISTRY_PORT}/$destname localhost:${PODMAN_LOGIN_REGISTRY_PORT}/$destname
# Compare to original image # Compare to original image
local img_config_digest2; img_config_digest2=$(image_config_digest localhost:${PODMAN_LOGIN_REGISTRY_PORT}/$destname) run_podman inspect --format '{{.Id}}' $destname
assert "$img_config_digest2" = "$img_config_digest" "config digest of pulled image == original digest" is "$output" "$iid" "Image ID of pulled image == original IID"
run_podman rmi $destname run_podman rmi $destname
} }
@ -344,12 +345,12 @@ function _test_skopeo_credential_sharing() {
$image1 $image1
run_podman rmi $image1 run_podman rmi $image1
local podman_image_config_digest=$(image_config_digest $IMAGE) run_podman images $IMAGE --format {{.ID}}
local podman_image_id=$output
run_podman pull -q --retry 4 --retry-delay "0s" --authfile=$authfile \ run_podman pull -q --retry 4 --retry-delay "0s" --authfile=$authfile \
--tls-verify=false $image1 --tls-verify=false $image1
local pulled_image_config_digest; pulled_image_config_digest=$(image_config_digest @$output) assert "${output:0:12}" = "$podman_image_id" "First pull (before stopping registry)"
assert "$pulled_image_config_digest" = "$podman_image_config_digest" "First pull (before stopping registry)"
run_podman rmi $image1 run_podman rmi $image1
# This actually STOPs the registry, so the port is unbound... # This actually STOPs the registry, so the port is unbound...
@ -359,8 +360,7 @@ function _test_skopeo_credential_sharing() {
run_podman 0+w pull -q --retry 4 --retry-delay "5s" --authfile=$authfile \ run_podman 0+w pull -q --retry 4 --retry-delay "5s" --authfile=$authfile \
--tls-verify=false $image1 --tls-verify=false $image1
assert "$output" =~ "Failed, retrying in 5s.*Error: initializing.* connection refused" assert "$output" =~ "Failed, retrying in 5s.*Error: initializing.* connection refused"
local pulled_image_config_digest2; pulled_image_config_digest2=$(image_config_digest "@${lines[-1]}") assert "${lines[-1]:0:12}" = "$podman_image_id" "push should succeed via retry"
assert "$pulled_image_config_digest2" = "$podman_image_config_digest" "push should succeed via retry"
unpause_registry unpause_registry
run_podman rmi $image1 run_podman rmi $image1

11
test/system/helpers.bash
View File

@ -847,17 +847,6 @@ function _ensure_container_running() {
die "Timed out waiting for container $1 to enter state running=$2" die "Timed out waiting for container $1 to enter state running=$2"
} }
# Return the config digest of an image in containers-storage.
# The input can be a named reference, or an @imageID (including shorter imageID prefixes)
# Historically, the image ID was a good indicator of “the same” image;
# with zstd:chunked, the same image might have different IDs depending on whether
# creating layers happened based on the TOC (and per-file operations) or the full layer tarball
function image_config_digest() {
local sha_output; sha_output=$(skopeo inspect --raw --config "containers-storage:$1" | sha256sum)
# strip filename ("-") from sha output
echo "${sha_output%% *}"
}
########################### ###########################
# _add_label_if_missing # make sure skip messages include rootless/remote # _add_label_if_missing # make sure skip messages include rootless/remote
########################### ###########################