buildah/pull.go

package buildah

import (
	"context"
	"fmt"
	"io"
	"time"

	"github.com/containers/buildah/define"
	"github.com/containers/common/libimage"
	"github.com/containers/common/pkg/config"
	"github.com/containers/image/v5/types"
	encconfig "github.com/containers/ocicrypt/config"
	"github.com/containers/storage"
)

// PullOptions can be used to alter how an image is copied in from somewhere.
type PullOptions struct {
	// SignaturePolicyPath specifies an override location for the signature
	// policy which should be used for verifying the new image as it is
	// being written.  Except in specific circumstances, no value should be
	// specified, indicating that the shared, system-wide default policy
	// should be used.
	SignaturePolicyPath string
	// ReportWriter is an io.Writer which will be used to log the writing
	// of the new image.
	ReportWriter io.Writer
	// Store is the local storage store which holds the source image.
	Store storage.Store
	// github.com/containers/image/types SystemContext to hold credentials
	// and other authentication/authorization information.
	SystemContext *types.SystemContext
	// BlobDirectory is the name of a directory in which we'll attempt to
	// store copies of layer blobs that we pull down, if any.  It should
	// already exist.
	BlobDirectory string
	// AllTags is a boolean value that determines if all tagged images
	// will be downloaded from the repository. The default is false.
	AllTags bool
	// RemoveSignatures causes any existing signatures for the image to be
	// discarded when pulling it.
	RemoveSignatures bool
	// MaxRetries is the maximum number of attempts we'll make to pull any
	// one image from the external registry if the first attempt fails.
	MaxRetries int
	// RetryDelay is how long to wait before retrying a pull attempt.
	RetryDelay time.Duration
	// OciDecryptConfig contains the config that can be used to decrypt an image if it is
	// encrypted if non-nil. If nil, it does not attempt to decrypt an image.
	OciDecryptConfig *encconfig.DecryptConfig
	// PullPolicy takes the value PullIfMissing, PullAlways, PullIfNewer, or PullNever.
	PullPolicy define.PullPolicy
}

// Pull copies the contents of the image from somewhere else to local storage.  Returns the
// ID of the local image or an error.
func Pull(ctx context.Context, imageName string, options PullOptions) (imageID string, err error) {
	libimageOptions := &libimage.PullOptions{}
	libimageOptions.SignaturePolicyPath = options.SignaturePolicyPath
	libimageOptions.Writer = options.ReportWriter
	libimageOptions.RemoveSignatures = options.RemoveSignatures
	libimageOptions.OciDecryptConfig = options.OciDecryptConfig
	libimageOptions.AllTags = options.AllTags
	libimageOptions.RetryDelay = &options.RetryDelay
	libimageOptions.DestinationLookupReferenceFunc = cacheLookupReferenceFunc(options.BlobDirectory, types.PreserveOriginal)

	if options.MaxRetries > 0 {
		retries := uint(options.MaxRetries)
		libimageOptions.MaxRetries = &retries
	}

	pullPolicy, err := config.ParsePullPolicy(options.PullPolicy.String())
	if err != nil {
		return "", err
	}

	// Note: It is important to do this before we pull any images/create containers.
	// The default backend detection logic needs an empty store to correctly detect
	// that we can use netavark, if the store was not empty it will use CNI to not break existing installs.
	_, err = getNetworkInterface(options.Store, "", "")
	if err != nil {
		return "", err
	}

	runtime, err := libimage.RuntimeFromStore(options.Store, &libimage.RuntimeOptions{SystemContext: options.SystemContext})
	if err != nil {
		return "", err
	}

	pulledImages, err := runtime.Pull(context.Background(), imageName, pullPolicy, libimageOptions)
	if err != nil {
		return "", err
	}

	if len(pulledImages) == 0 {
		return "", fmt.Errorf("internal error pulling %s: no image pulled and no error", imageName)
	}

	return pulledImages[0].ID(), nil
}
restore push/pull and util API Restore the push and pull API that commit dcd2a92e5669 removed. These changes would break vendoring into openshift/builder due to build errors. For the same reason, restore `util.FindImage` and `util.AddImageNames` but deprecate the `findRegistry` argument. Signed-off-by: Valentin Rothberg <rothberg@redhat.com> 2021-04-23 16:26:26 +08:00			`package buildah`

			`import (`
			`"context"`
Switch to golang native error wrapping We now use the golang error wrapping format specifier `%w` instead of the deprecated github.com/pkg/errors package. Signed-off-by: Sascha Grunert <sgrunert@redhat.com> 2022-07-06 17:14:06 +08:00			`"fmt"`
restore push/pull and util API Restore the push and pull API that commit dcd2a92e5669 removed. These changes would break vendoring into openshift/builder due to build errors. For the same reason, restore `util.FindImage` and `util.AddImageNames` but deprecate the `findRegistry` argument. Signed-off-by: Valentin Rothberg <rothberg@redhat.com> 2021-04-23 16:26:26 +08:00			`"io"`
			`"time"`

			`"github.com/containers/buildah/define"`
			`"github.com/containers/common/libimage"`
update to latest libimage Update Buildah to the latest libimage. Migrating Podman over to libimage entailed a number of fixes and changes to libimage which we need to account for in Buildah. Most notably: * `(Runtime).LookupImage()` now returns `storage.ErrImageUnknown` instead of `nil` in case no matching image is found. `(Runtime).LookupImage()` now does quite a bit more work finding a local image and will also look at the repotags (or digests) of all local images if needed. The signature of `(Runtime).RemoveImages()` was changed and now returns a slice of reports and errors. The reports aggregate the data of a removed image which allows the function to be used by `podman image prune` which is also interested in the size of the removed data. The slice of errors is also needed in Podman which needs to have a closer look at _all_ rmi errors in order to determine the appropriate exit code (Docker compat). `libimage/types` has been removed. Pull policies have been merged into already existing logic in `pkg/config`. Please refer to containers/podman/pull/10147 for a more detailed changelog. [NO NEW TESTS NEEDED] Signed-off-by: Valentin Rothberg <rothberg@redhat.com> 2021-04-30 15:16:03 +08:00			`"github.com/containers/common/pkg/config"`
restore push/pull and util API Restore the push and pull API that commit dcd2a92e5669 removed. These changes would break vendoring into openshift/builder due to build errors. For the same reason, restore `util.FindImage` and `util.AddImageNames` but deprecate the `findRegistry` argument. Signed-off-by: Valentin Rothberg <rothberg@redhat.com> 2021-04-23 16:26:26 +08:00			`"github.com/containers/image/v5/types"`
			`encconfig "github.com/containers/ocicrypt/config"`
			`"github.com/containers/storage"`
			`)`

			`// PullOptions can be used to alter how an image is copied in from somewhere.`
			`type PullOptions struct {`
			`// SignaturePolicyPath specifies an override location for the signature`
			`// policy which should be used for verifying the new image as it is`
			`// being written. Except in specific circumstances, no value should be`
			`// specified, indicating that the shared, system-wide default policy`
			`// should be used.`
			`SignaturePolicyPath string`
			`// ReportWriter is an io.Writer which will be used to log the writing`
			`// of the new image.`
			`ReportWriter io.Writer`
			`// Store is the local storage store which holds the source image.`
			`Store storage.Store`
			`// github.com/containers/image/types SystemContext to hold credentials`
			`// and other authentication/authorization information.`
			`SystemContext *types.SystemContext`
			`// BlobDirectory is the name of a directory in which we'll attempt to`
			`// store copies of layer blobs that we pull down, if any. It should`
			`// already exist.`
			`BlobDirectory string`
			`// AllTags is a boolean value that determines if all tagged images`
			`// will be downloaded from the repository. The default is false.`
			`AllTags bool`
			`// RemoveSignatures causes any existing signatures for the image to be`
			`// discarded when pulling it.`
			`RemoveSignatures bool`
			`// MaxRetries is the maximum number of attempts we'll make to pull any`
			`// one image from the external registry if the first attempt fails.`
			`MaxRetries int`
			`// RetryDelay is how long to wait before retrying a pull attempt.`
			`RetryDelay time.Duration`
			`// OciDecryptConfig contains the config that can be used to decrypt an image if it is`
			`// encrypted if non-nil. If nil, it does not attempt to decrypt an image.`
			`OciDecryptConfig *encconfig.DecryptConfig`
			`// PullPolicy takes the value PullIfMissing, PullAlways, PullIfNewer, or PullNever.`
			`PullPolicy define.PullPolicy`
			`}`

			`// Pull copies the contents of the image from somewhere else to local storage. Returns the`
			`// ID of the local image or an error.`
			`func Pull(ctx context.Context, imageName string, options PullOptions) (imageID string, err error) {`
			`libimageOptions := &libimage.PullOptions{}`
			`libimageOptions.SignaturePolicyPath = options.SignaturePolicyPath`
			`libimageOptions.Writer = options.ReportWriter`
			`libimageOptions.RemoveSignatures = options.RemoveSignatures`
			`libimageOptions.OciDecryptConfig = options.OciDecryptConfig`
			`libimageOptions.AllTags = options.AllTags`
			`libimageOptions.RetryDelay = &options.RetryDelay`
use c/image/pkg/blobcache Buildah's pkg/blobcache has been moved into containers/image [1] to consolidate implementations of interfaces such as image destinations and image sources. Since there are no functional changes: [NO NEW TESTS NEEDED] [1] https://github.com/containers/image/pull/1459 Signed-off-by: Valentin Rothberg <vrothberg@redhat.com> 2022-02-22 21:24:48 +08:00			`libimageOptions.DestinationLookupReferenceFunc = cacheLookupReferenceFunc(options.BlobDirectory, types.PreserveOriginal)`
restore push/pull and util API Restore the push and pull API that commit dcd2a92e5669 removed. These changes would break vendoring into openshift/builder due to build errors. For the same reason, restore `util.FindImage` and `util.AddImageNames` but deprecate the `findRegistry` argument. Signed-off-by: Valentin Rothberg <rothberg@redhat.com> 2021-04-23 16:26:26 +08:00
			`if options.MaxRetries > 0 {`
			`retries := uint(options.MaxRetries)`
			`libimageOptions.MaxRetries = &retries`
			`}`

update to latest libimage Update Buildah to the latest libimage. Migrating Podman over to libimage entailed a number of fixes and changes to libimage which we need to account for in Buildah. Most notably: * `(Runtime).LookupImage()` now returns `storage.ErrImageUnknown` instead of `nil` in case no matching image is found. `(Runtime).LookupImage()` now does quite a bit more work finding a local image and will also look at the repotags (or digests) of all local images if needed. The signature of `(Runtime).RemoveImages()` was changed and now returns a slice of reports and errors. The reports aggregate the data of a removed image which allows the function to be used by `podman image prune` which is also interested in the size of the removed data. The slice of errors is also needed in Podman which needs to have a closer look at _all_ rmi errors in order to determine the appropriate exit code (Docker compat). `libimage/types` has been removed. Pull policies have been merged into already existing logic in `pkg/config`. Please refer to containers/podman/pull/10147 for a more detailed changelog. [NO NEW TESTS NEEDED] Signed-off-by: Valentin Rothberg <rothberg@redhat.com> 2021-04-30 15:16:03 +08:00			`pullPolicy, err := config.ParsePullPolicy(options.PullPolicy.String())`
restore push/pull and util API Restore the push and pull API that commit dcd2a92e5669 removed. These changes would break vendoring into openshift/builder due to build errors. For the same reason, restore `util.FindImage` and `util.AddImageNames` but deprecate the `findRegistry` argument. Signed-off-by: Valentin Rothberg <rothberg@redhat.com> 2021-04-23 16:26:26 +08:00			`if err != nil {`
			`return "", err`
			`}`

Initialize network backend before first pull After clean install, it is necessary to decide the network backend before any image is pulled so that `netavark` is chosen correctly. Without this change, if `buildah pull` is executed at first, the network backend is not determined and an image is pulled. This results in choosing `cni` at a next command because an image already exists while `netavark` is chosen if `buildah from` or `buildah bud` is called at first. Signed-off-by: Hironori Shiina <shiina.hironori@jp.fujitsu.com> 2022-04-09 10:16:12 +08:00			`// Note: It is important to do this before we pull any images/create containers.`
			`// The default backend detection logic needs an empty store to correctly detect`
			`// that we can use netavark, if the store was not empty it will use CNI to not break existing installs.`
			`_, err = getNetworkInterface(options.Store, "", "")`
			`if err != nil {`
			`return "", err`
			`}`

restore push/pull and util API Restore the push and pull API that commit dcd2a92e5669 removed. These changes would break vendoring into openshift/builder due to build errors. For the same reason, restore `util.FindImage` and `util.AddImageNames` but deprecate the `findRegistry` argument. Signed-off-by: Valentin Rothberg <rothberg@redhat.com> 2021-04-23 16:26:26 +08:00			`runtime, err := libimage.RuntimeFromStore(options.Store, &libimage.RuntimeOptions{SystemContext: options.SystemContext})`
			`if err != nil {`
			`return "", err`
			`}`

			`pulledImages, err := runtime.Pull(context.Background(), imageName, pullPolicy, libimageOptions)`
			`if err != nil {`
			`return "", err`
			`}`

			`if len(pulledImages) == 0 {`
Switch to golang native error wrapping We now use the golang error wrapping format specifier `%w` instead of the deprecated github.com/pkg/errors package. Signed-off-by: Sascha Grunert <sgrunert@redhat.com> 2022-07-06 17:14:06 +08:00			`return "", fmt.Errorf("internal error pulling %s: no image pulled and no error", imageName)`
restore push/pull and util API Restore the push and pull API that commit dcd2a92e5669 removed. These changes would break vendoring into openshift/builder due to build errors. For the same reason, restore `util.FindImage` and `util.AddImageNames` but deprecate the `findRegistry` argument. Signed-off-by: Valentin Rothberg <rothberg@redhat.com> 2021-04-23 16:26:26 +08:00			`}`

			`return pulledImages[0].ID(), nil`
			`}`