From 636037c3637eb1d09cc469cebe39ffb915bb0aa9 Mon Sep 17 00:00:00 2001 From: Derek McGowan Date: Mon, 16 Mar 2015 12:22:00 -0700 Subject: [PATCH 1/2] Fix test pull verified Update pull code to consider any layer download or new tag as an update. Update hello-world frozen image to be explicitly tagged as frozen, to not interfere with pull tests. The hello-world is used by pull tests because of its small size and there is no other official image with such a size. fixes #11383 Signed-off-by: Derek McGowan (github: dmcgowan) --- Dockerfile | 2 +- graph/pull.go | 21 +++++++++++++++++---- hack/make/.ensure-frozen-images | 2 +- integration-cli/docker_cli_build_test.go | 2 +- 4 files changed, 20 insertions(+), 7 deletions(-) diff --git a/Dockerfile b/Dockerfile index 2389aa79b2..07c30c9361 100644 --- a/Dockerfile +++ b/Dockerfile @@ -146,7 +146,7 @@ RUN ln -sfv $PWD/.bashrc ~/.bashrc COPY contrib/download-frozen-image.sh /go/src/github.com/docker/docker/contrib/ RUN ./contrib/download-frozen-image.sh /docker-frozen-images \ busybox:latest@4986bf8c15363d1c5d15512d5266f8777bfba4974ac56e3270e7760f6f0a8125 \ - hello-world:latest@e45a5af57b00862e5ef5782a9925979a02ba2b12dff832fd0991335f4a11e5c5 + hello-world:frozen@e45a5af57b00862e5ef5782a9925979a02ba2b12dff832fd0991335f4a11e5c5 # see also "hack/make/.ensure-frozen-images" (which needs to be updated any time this list is) # Install man page generator diff --git a/graph/pull.go b/graph/pull.go index 27830f64e3..40bb39ae68 100644 --- a/graph/pull.go +++ b/graph/pull.go @@ -532,7 +532,7 @@ func (s *TagStore) pullV2Tag(eng *engine.Engine, r *registry.Session, out io.Wri } } - var layersDownloaded bool + var tagUpdated bool for i := len(downloads) - 1; i >= 0; i-- { d := &downloads[i] if d.err != nil { @@ -556,14 +556,27 @@ func (s *TagStore) pullV2Tag(eng *engine.Engine, r *registry.Session, out io.Wri // FIXME: Pool release here for parallel tag pull (ensures any downloads block until fully extracted) } out.Write(sf.FormatProgress(common.TruncateID(d.img.ID), "Pull complete", nil)) - layersDownloaded = true + tagUpdated = true } else { out.Write(sf.FormatProgress(common.TruncateID(d.img.ID), "Already exists", nil)) } } - if verified && layersDownloaded { + // Check for new tag if no layers downloaded + if !tagUpdated { + repo, err := s.Get(repoInfo.LocalName) + if err != nil { + return false, err + } + if repo != nil { + if _, exists := repo[tag]; !exists { + tagUpdated = true + } + } + } + + if verified && tagUpdated { out.Write(sf.FormatStatus(repoInfo.CanonicalName+":"+tag, "The image you are pulling has been verified. Important: image verification is a tech preview feature and should not be relied on to provide security.")) } @@ -571,5 +584,5 @@ func (s *TagStore) pullV2Tag(eng *engine.Engine, r *registry.Session, out io.Wri return false, err } - return layersDownloaded, nil + return tagUpdated, nil } diff --git a/hack/make/.ensure-frozen-images b/hack/make/.ensure-frozen-images index a0b4efc1e9..ec65b83370 100644 --- a/hack/make/.ensure-frozen-images +++ b/hack/make/.ensure-frozen-images @@ -4,7 +4,7 @@ set -e # this list should match roughly what's in the Dockerfile (minus the explicit image IDs, of course) images=( busybox:latest - hello-world:latest + hello-world:frozen ) if ! docker inspect "${images[@]}" &> /dev/null; then diff --git a/integration-cli/docker_cli_build_test.go b/integration-cli/docker_cli_build_test.go index ecef76f9da..729b538053 100644 --- a/integration-cli/docker_cli_build_test.go +++ b/integration-cli/docker_cli_build_test.go @@ -5234,7 +5234,7 @@ func TestBuildRUNoneJSON(t *testing.T) { defer deleteAllContainers() defer deleteImages(name) - ctx, err := fakeContext(`FROM hello-world:latest + ctx, err := fakeContext(`FROM hello-world:frozen RUN [ "/hello" ]`, map[string]string{}) if err != nil { t.Fatal(err) From 793ebba3d6c7882897125116cd22ade87c6f37a6 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Mon, 16 Mar 2015 14:37:49 -0600 Subject: [PATCH 2/2] Enforce our use of the explicitly frozen images This requires that any environment where we wish to run the integration-cli tests includes both the `Dockerfile` and `curl`, which has been deemed an appropriate and acceptable trade-off. Signed-off-by: Andrew "Tianon" Page --- hack/make/.ensure-frozen-images | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/hack/make/.ensure-frozen-images b/hack/make/.ensure-frozen-images index ec65b83370..379f738495 100644 --- a/hack/make/.ensure-frozen-images +++ b/hack/make/.ensure-frozen-images @@ -11,10 +11,10 @@ if ! docker inspect "${images[@]}" &> /dev/null; then hardCodedDir='/docker-frozen-images' if [ -d "$hardCodedDir" ]; then ( set -x; tar -cC "$hardCodedDir" . | docker load ) - elif [ -e Dockerfile ] && command -v curl > /dev/null; then - # testing for "curl" because "download-frozen-image.sh" is built around curl + else dir="$DEST/frozen-images" # extract the exact "RUN download-frozen-image.sh" line from the Dockerfile itself for consistency + # NOTE: this will fail if either "curl" is not installed or if the Dockerfile is not available/readable awk ' $1 == "RUN" && $2 == "./contrib/download-frozen-image.sh" { for (i = 2; i < NF; i++) @@ -33,11 +33,5 @@ if ! docker inspect "${images[@]}" &> /dev/null; then } ' Dockerfile | sh -x ( set -x; tar -cC "$dir" . | docker load ) - else - for image in "${images[@]}"; do - if ! docker inspect "$image" &> /dev/null; then - ( set -x; docker pull "$image" ) - fi - done fi fi