When you build an image with a parent layer in read-only stores
and the new image in read/write stores, the first time you try
to create a container based on the image, it fails, since it
cannot find the image in the same store.
This patch looks not only in the same store, but all of the stores
available.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Drop our dependency on the image library's manifest package by requiring
that callers pass its Digest() function to us as a callback. This makes
our CLI test/diagnostic tool calculate digests of s1 manifests
incorrectly, but that's not something that we were testing.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Change how we compute digests for BigData items with names that start
with "manifest" so that we use the image library's manifest.Digest()
function, which knows how to preprocess schema1 manifests to get the
right value, instead of just trying to finesse it.
Track the digests of multiple manifest-named items for images.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Display the output from commands before we check their exit status, so
that we can see what they output if a check fails.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Set _TEST_FORCE_SUPPORT_SHIFTING=yes-please for all of the invocations
of the storage helper when we're testing that feature.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
ID mapping is only implemented for a basic drivers and overlay, so we
shouldn't be attempting to test it with aufs.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
We want to allow tools like podman/buildah to override default storage
container mount options on a container by container basis.
For example if the default mount options for containers/storage include
nodev or nosuid, we want to allow podman to turn these off if the user
specifies --privileged.
We also might want to turn off certain user namespace flags that will cause
buildah and podman build to work slower when creating container images.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Add force to umount to force the umount of a container image
Add an interface to indicate whether or not the layer is mounted
Add a boolean return from unmount to indicate when the layer is really unmounted
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Add tests to exercise both handling mapping at the per-container level,
and at the in-image-layer level. While having the image manage top
layers is preferable because it's faster for cases where multiple
containers which use the same ID mappings are being created from a
single image, for read-only image stores, that's not an option, so we
need to still be capable of doing things in the container's layer.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Add integration tests to exercise CopyFileWithTar and CopyWithTar, both
with and without Chown flags.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Add store methods for finding the list of UIDs and GIDs which probably
need to be mapped if a given layer or container's layer, which has to
have been mounted at least once in order for us to know where it goes,
is going to be used for a container that is run with the configured ID
mappings in a separate user namespace.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Add tests that exercise the ID mapping, diff applying, and diff
generating code against layers which are created with assorted ID
mapping options, and verify that layer contents also follow the expected
rules when we create containers.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Make sure that tests for changes and diff generation include creating
subdirectories of directories that are inherited from a parent layer.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Add explicitly-settable digest values for images that are treated mostly
like the implicit digests that we track for manifests, for the sake of
v1 images which have manifests that need to be preprocessed before being
digested to produce an image's digest value. We'll still have the
digest of the unprocessed manifest, but that shouldn't hurt.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Add a "digest" of an image that is equal to the digest of its big data
item named "manifest", if it has one, that we can index and use for
locating images.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
* After we're done initializing a read-only store for a test, shut it
down so that we'll be able to delete it when cleaning up later.
* When mounting a layer that inherits from read-only layers, don't
forget to pass the read-only store's location to the CLI helper.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Teach the vfs driver to use a list of search directories when looking
for a layer's directory, and have it interpret a "vfs.imagestore" option
to populate that list.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Nalin Dahyabhai