While at it, made sure there's no space between // and nolint
(as it is required for comments aimed for tools not humans).
This fixes the following golangci-lint warning:
> WARN [runner/nolint_filter] Found unknown linters in //nolint directives: golint
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
The current value obtained by summing the sizes of regular file contents
does not match the size of the uncompressed layer tarball.
We don't have a convenient source to compute the correct size
for estargz without pulling the full layer and defeating the point;
so we must allow for the size being unknown.
For recent zstd:chunked images, we have the full tar-split,
so we can compute the correct size; that will happen in
the following commits.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
drivers/driver.go:499:18: printf: non-constant format string in call to github.com/sirupsen/logrus.Errorf (govet)
drivers/overlay/overlay.go:1495:44: printf: non-constant format string in call to (*github.com/sirupsen/logrus.Logger).Logf (govet)
Signed-off-by: Jan Rodák <hony.com@seznam.cz>
if the compressed digest was validated, as it happens when
'pull_options = {convert_images = "true"}' is set, then store it as
well so that reusing the blob by its compressed digest works.
Previously, when an image converted to zstd:chunked was pulled a
second time, it would not be recognized by its compressed digest,
resulting in the need to re-pull the image again.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
drop the possibility to configure a remapping for all the layers in
the storage.
The feature dates back to the initial fork from Docker, that supported
a single user namespace where all the images were pulled. It was never
used by the container tools since we have a finer control of the user
namespaces.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
- Add comments that make clear these are internal values
- Rename "Enabled" to "IfAvailable" to clarify what it does
- Also note that `DifferFsVerityRequired` is not actually set by anything
in this codebase.
Signed-off-by: Colin Walters <walters@verbum.org>
enforce that the stagingDirectory must have the same value as the
diffOutput.Target variable. It allows to simplify the internal API.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
change the file format to store the tar-split as part of the
zstd:chunked image. This will allow clients to rebuild the entire
tarball without having to download it fully.
also store the uncompressed digest for the tarball, so that it can be
stored into the storage database.
Needs: https://github.com/containers/image/pull/1976
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
There is no need for `vfs` to be the default storage driver since kernel
>= 5.13 supports `overlay` natively however there is use-case for users
who don't had any configs and they started using `vfs` in a default
manner following check is a hack to keep `buildah` and `podman` working
for such users.
See: https://github.com/containers/storage/pull/1571 for prior
discussions.
Signed-off-by: Aditya R <arajan@redhat.com>
Allow storage users to split the filesystem of containers vs image
store, `imagestore` if configured will pull images in image storage
instead of the `graphRoot` while keeping the other parts still in the
originally configured `graphRoot`.
overlay: set workdir and upperdir according to splitstore
If splitstore is set `workdir` and `upperdir` must go into the
splitstore i.e `graphRoot`.
Signed-off-by: Aditya R <arajan@redhat.com>
Add initial Check() and Repair() methods to Stores.
Check() checks for inconsistencies between the layers which the
lower-level storage driver claims to know about and the ones which we
know we're managing. It checks that layers referenced by layers,
images, and containers are known to us and that images referenced by
containers are known to us. It checks that data which we store
alongside layers, images, and containers is still present, and to the
extent which we store other information about that data (frequenly just
the size of the data), verifies that it matches recorded expectations.
Lastly, it checks that layers which are part of images (and which we
therefore know what they should have in them) have the expected content,
and nothing else.
Repair() removes any containers, images, and layers which have any
errors associated with them. This is destructive, so its use should be
considered and deliberate.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
This looks in the container store for existing data dirs with ids not in
the container files and removes them. It also adds an (optional) driver
method to list available layers, then uses this and compares it to the
layers json file and removes layers that are not references.
Losing track of containers and layers can potentially happen in the
case of some kind of unclean shutdown, but mainly it happens at reboot
when using transient storage mode. Such users are recommended to run
a garbage collect at boot.
Signed-off-by: Alexander Larsson <alexl@redhat.com>
Use constants for the names of flags that we set in Flags maps that we
store in layer/image/container records, to make it easier to avoid
possible breakages due to typos in the future.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
We now use the golang error wrapping format specifier `%w` instead of the
deprecated github.com/pkg/errors package.
Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
Currently, layers aquired from additional layer store cannot be exported
(e.g. `podman save`, `podman push`).
This is because the current additional layer store exposes only *extracted view*
of layers. Tar is not reproducible so the runtime cannot reproduce the tar
archive that has the same diff ID as the original.
This commit solves this issue by introducing a new API "`blob`" to the
additional layer store. This file exposes the raw contents of that layer. When
*(c/storage).layerStore.Diff is called, it acquires the diff contents from this
`blob` file which the same digest as the original layer.
Signed-off-by: Kohei Tokunaga <ktokunaga.mail@gmail.com>
add a new class of containers that are not guaranteed to survive a
crash. The advantage of such containers is that storage can be
optimized to skip some synchronizations with the underlying storage.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
force_mask sets a permission mask used for the new files and
directories.
It is useful for using a NFS share for the rootless storage. It
requires this change in fuse-overlayfs:
https://github.com/containers/fuse-overlayfs/pull/246
[storage]
driver = "overlay"
graphroot = "/mnt/nfs/home/storage"
[storage.options]
size = ""
mountopt = "xattr_permissions=2"
[storage.options.overlay]
force_mask = "0755"
ignore_chown_errors = "true"
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Modified patch of Kevin Pelzel.
Also changed ApplyDiff to take new ApplyDiffOpts Struct.
Signed-off-by: Kevin Pelzel <kevinpelzel22@gmail.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Kir Kolyshkin