root
/
buildah
mirror of https://github.com/containers/buildah.git
1
0
Fork 0
Code Issues Actions 3 Packages Projects Releases Wiki Activity
buildah/new.go

403 lines
13 KiB
Go
Raw Normal View History

Massive refactoring Pull most of the core logic from the CLI into a package that should be easier to consume as a library. Add a "config" command that updates the builder object's configuration. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-02-11 00:48:15 +08:00
package buildah
import (
Vendor in latest containers/image and containers/storage Changes to paramters in functions. Change to the error returned by the oci and oci-archive transport. Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #578 Approved by: rhatdan
2018-04-12 22:20:36 +08:00
"context"
Massive refactoring Pull most of the core logic from the CLI into a package that should be easier to consume as a library. Add a "config" command that updates the builder object's configuration. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-02-11 00:48:15 +08:00
"fmt"
Allow container storage to manage the SELinux labels Also speed up container name selection by making sure the container name is not chosen before trying it out. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2018-10-20 02:49:51 +08:00
"math/rand"
Strip the image name down more for container names When computing a default container name from the name of a source image, drop tags and any leading components from the image name before attempting to use it as part of a container name. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #33 Approved by: rhatdan
2017-03-24 04:18:40 +08:00
"strings"
Massive refactoring Pull most of the core logic from the CLI into a package that should be easier to consume as a library. Add a "config" command that updates the builder object's configuration. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-02-11 00:48:15 +08:00
Move buildah from projecatatomic/buildah to containers/buildah Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2018-09-18 03:20:16 +08:00
"github.com/containers/buildah/util"
Handle configuration blobs for manifest lists When the base image or an image that we're inspecting is a reference to a manifest list, resolve it to a runnable image instance, then try to read the configuration blob from the runnable image. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #1960 Approved by: TomSweeneyRedHat
2019-11-01 03:18:10 +08:00
"github.com/containers/image/v5/image"
Move to containers/image v5.0.0 Bump to containers/image's 5.0 release. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #1902 Approved by: rhatdan
2019-10-26 05:19:30 +08:00
"github.com/containers/image/v5/manifest"
"github.com/containers/image/v5/pkg/sysregistriesv2"
is "github.com/containers/image/v5/storage"
"github.com/containers/image/v5/transports"
"github.com/containers/image/v5/transports/alltransports"
"github.com/containers/image/v5/types"
Vendor in containers/storage and containers/image Signed-off-by: Dan Walsh <dwalsh@redhat.com> Closes: #103 Approved by: nalind
2017-05-17 23:53:28 +08:00
"github.com/containers/storage"
Handle configuration blobs for manifest lists When the base image or an image that we're inspecting is a reference to a manifest list, resolve it to a runnable image instance, then try to read the configuration blob from the runnable image. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #1960 Approved by: TomSweeneyRedHat
2019-11-01 03:18:10 +08:00
digest "github.com/opencontainers/go-digest"
Use imagebuilder's definition of "scratch" Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #59 Approved by: rhatdan
2017-03-22 04:57:07 +08:00
"github.com/openshift/imagebuilder"
Change functions that use a fmt.Errorf to wrap an err to error.Wrapf Impove error reporting by wrapping all returned err functions with error.Wrapf Signed-off-by: Dan Walsh <dwalsh@redhat.com> Closes: #124 Approved by: nalind Signed-off-by: Dan Walsh <dwalsh@redhat.com> Closes: #125 Approved by: nalind
2017-06-02 03:23:02 +08:00
"github.com/pkg/errors"
Vendor in changes to support sirupsen/logrus Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2017-10-10 03:05:56 +08:00
"github.com/sirupsen/logrus"
Massive refactoring Pull most of the core logic from the CLI into a package that should be easier to consume as a library. Add a "config" command that updates the builder object's configuration. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-02-11 00:48:15 +08:00
)
const (
Fix a number of issues flagged by golint Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-02-11 03:45:06 +08:00
// BaseImageFakeName is the "name" of a source image which we interpret
// as "no image".
Use imagebuilder's definition of "scratch" Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #59 Approved by: rhatdan
2017-03-22 04:57:07 +08:00
BaseImageFakeName = imagebuilder.NoBaseImageSpecifier
Massive refactoring Pull most of the core logic from the CLI into a package that should be easier to consume as a library. Add a "config" command that updates the builder object's configuration. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-02-11 00:48:15 +08:00
)
Use a types.ImageReference instead of (transport, name) strings in pullImage etc. Use a typed value, to hopefully decrease further temptation to process strings manually, and to avoid the unnecessary alltransports.ParseImageName which resolveImage has already called. This may change the strings used in some error/debug messages, which now use transports.ImageName instead of the original input; the strings should by definition have the same semantics. Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #1361 Approved by: rhatdan
2019-02-22 07:20:36 +08:00
func pullAndFindImage(ctx context.Context, store storage.Store, srcRef types.ImageReference, options BuilderOptions, sc *types.SystemContext) (*storage.Image, types.ImageReference, error) {
Export a Pull() function Provide a Pull() function that can be called directly, to go with the Push() function. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #918 Approved by: rhatdan
2018-08-09 04:38:53 +08:00
pullOptions := PullOptions{
ReportWriter: options.ReportWriter,
Store: store,
SystemContext: options.SystemContext,
Allow rootless users to use the cache directory in homedir Currently rootless podman attempts to write to /var/lib/containers/cache and fails. This causes us to repeatedly push images that have already been pushed. This cache directory should be relative to the location of containers/storage and not always stored in the same directory. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1411 Approved by: TomSweeneyRedHat
2019-03-14 04:03:13 +08:00
BlobDirectory: options.BlobDirectory,
Export a Pull() function Provide a Pull() function that can be called directly, to go with the Push() function. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #918 Approved by: rhatdan
2018-08-09 04:38:53 +08:00
}
Use a types.ImageReference instead of (transport, name) strings in pullImage etc. Use a typed value, to hopefully decrease further temptation to process strings manually, and to avoid the unnecessary alltransports.ParseImageName which resolveImage has already called. This may change the strings used in some error/debug messages, which now use transports.ImageName instead of the original input; the strings should by definition have the same semantics. Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #1361 Approved by: rhatdan
2019-02-22 07:20:36 +08:00
ref, err := pullImage(ctx, store, srcRef, pullOptions, sc)
Use configured registries to resolve image names When locating an image for pulling, inspection, or pushing, if we're given an image name that doesn't include a domain/registry, try building a set of candidate names using the configured registries as domains, and then pull/inspect/push using the first of those names that works. If a name that we're given corresponds to a prefix of the ID of a local image, skip completion and use the ID directly instead. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #360 Approved by: rhatdan
2017-06-29 05:07:58 +08:00
if err != nil {
Use a types.ImageReference instead of (transport, name) strings in pullImage etc. Use a typed value, to hopefully decrease further temptation to process strings manually, and to avoid the unnecessary alltransports.ParseImageName which resolveImage has already called. This may change the strings used in some error/debug messages, which now use transports.ImageName instead of the original input; the strings should by definition have the same semantics. Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #1361 Approved by: rhatdan
2019-02-22 07:20:36 +08:00
logrus.Debugf("error pulling image %q: %v", transports.ImageName(srcRef), err)
Use configured registries to resolve image names When locating an image for pulling, inspection, or pushing, if we're given an image name that doesn't include a domain/registry, try building a set of candidate names using the configured registries as domains, and then pull/inspect/push using the first of those names that works. If a name that we're given corresponds to a prefix of the ID of a local image, skip completion and use the ID directly instead. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #360 Approved by: rhatdan
2017-06-29 05:07:58 +08:00
return nil, nil, err
}
img, err := is.Transport.GetStoreImage(store, ref)
if err != nil {
Use a types.ImageReference instead of (transport, name) strings in pullImage etc. Use a typed value, to hopefully decrease further temptation to process strings manually, and to avoid the unnecessary alltransports.ParseImageName which resolveImage has already called. This may change the strings used in some error/debug messages, which now use transports.ImageName instead of the original input; the strings should by definition have the same semantics. Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #1361 Approved by: rhatdan
2019-02-22 07:20:36 +08:00
logrus.Debugf("error reading pulled image %q: %v", transports.ImageName(srcRef), err)
Make sure we log or return every error Make sure that when attempting to diagnose an error, if we encounter an error during the diagnostic attempt, we return the original error rather than the error encountered in trying to diagnose it. Log that one. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #1072 Approved by: rhatdan
2018-10-03 22:05:46 +08:00
return nil, nil, errors.Wrapf(err, "error locating image %q in local storage", transports.ImageName(ref))
Use configured registries to resolve image names When locating an image for pulling, inspection, or pushing, if we're given an image name that doesn't include a domain/registry, try building a set of candidate names using the configured registries as domains, and then pull/inspect/push using the first of those names that works. If a name that we're given corresponds to a prefix of the ID of a local image, skip completion and use the ID directly instead. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #360 Approved by: rhatdan
2017-06-29 05:07:58 +08:00
}
return img, ref, nil
}
Fix: setting the container name to the image In commit 47ac96155f1573e the image name that is used for setting the container name is taken from the resolved image unless it is empty. The image has the "Names" field and right now the first name is taken. However, when the image is a tagged image, the container name will end up using the original name instead of the given one. For example: $ buildah tag busybox busybox1 $ buildah from busybox1 Will set the name of the container as "busybox-working-container" while it was expected to be "busybox1-working-container". This patch fixes this particular issue. Signed-off-by: Boaz Shuster <ripcurld.github@gmail.com> Closes: #399 Approved by: rhatdan
2018-01-18 20:04:09 +08:00
func getImageName(name string, img *storage.Image) string {
imageName := name
if len(img.Names) > 0 {
imageName = img.Names[0]
// When the image used by the container is a tagged image
// the container name might be set to the original image instead of
Make sure we log or return every error Make sure that when attempting to diagnose an error, if we encounter an error during the diagnostic attempt, we return the original error rather than the error encountered in trying to diagnose it. Log that one. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #1072 Approved by: rhatdan
2018-10-03 22:05:46 +08:00
// the image given in the "from" command line.
Fix: setting the container name to the image In commit 47ac96155f1573e the image name that is used for setting the container name is taken from the resolved image unless it is empty. The image has the "Names" field and right now the first name is taken. However, when the image is a tagged image, the container name will end up using the original name instead of the given one. For example: $ buildah tag busybox busybox1 $ buildah from busybox1 Will set the name of the container as "busybox-working-container" while it was expected to be "busybox1-working-container". This patch fixes this particular issue. Signed-off-by: Boaz Shuster <ripcurld.github@gmail.com> Closes: #399 Approved by: rhatdan
2018-01-18 20:04:09 +08:00
// This loop is supposed to fix this.
for _, n := range img.Names {
if strings.Contains(n, name) {
imageName = n
break
}
}
}
return imageName
}
Use configured registries to resolve image names When locating an image for pulling, inspection, or pushing, if we're given an image name that doesn't include a domain/registry, try building a set of candidate names using the configured registries as domains, and then pull/inspect/push using the first of those names that works. If a name that we're given corresponds to a prefix of the ID of a local image, skip completion and use the ID directly instead. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #360 Approved by: rhatdan
2017-06-29 05:07:58 +08:00
func imageNamePrefix(imageName string) string {
prefix := imageName
s := strings.Split(imageName, "/")
if len(s) > 0 {
prefix = s[len(s)-1]
}
s = strings.Split(prefix, ":")
if len(s) > 0 {
prefix = s[0]
}
s = strings.Split(prefix, "@")
if len(s) > 0 {
prefix = s[0]
}
return prefix
}
Add CLI options for specifying namespace and cgroup setup Add options to the CLI that specify which cgroups we execute "run" commands under, and controlling how we set up namespaces for them. Pass them down to Builders that we create, and allow them to be overridden by options passed to Builder.Run(). Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #700 Approved by: rhatdan
2018-03-13 01:53:12 +08:00
func newContainerIDMappingOptions(idmapOptions *IDMappingOptions) storage.IDMappingOptions {
var options storage.IDMappingOptions
if idmapOptions != nil {
options.HostUIDMapping = idmapOptions.HostUIDMapping
options.HostGIDMapping = idmapOptions.HostGIDMapping
uidmap, gidmap := convertRuntimeIDMaps(idmapOptions.UIDMap, idmapOptions.GIDMap)
if len(uidmap) > 0 && len(gidmap) > 0 {
options.UIDMap = uidmap
options.GIDMap = gidmap
} else {
options.HostUIDMapping = true
options.HostGIDMapping = true
}
}
return options
}
Give better messages to users when image can not be found Had to vendor latest containers/image to get path to /etc/containers/registries.conf Currently if /etc/containers/registries.conf does not exist, you can not pull i images and the error message tells you bad information. buildah from alpine Get https://localhost/v2/: dial tcp [::1]:443: connect: connection refused With this change ./buildah from alpine image "alpine" not found in /etc/containers/registries.conf registries: image not known Even if the registry.conf file exists, the error message does not tell you much useful. buildah from alpine1 Error determining manifest MIME type for docker://registry.access.redhat.com/alpine1:latest: Error reading manifest latest in registry.access.redhat.com/alpine1: unknown: Not Found As opposed to the following, which will at least give the admin a chance to figure out where he wants to add registries. ./buildah from alpine1 image "alpine1" not found in /etc/containers/registries.conf registries: image not known Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #743 Approved by: rhatdan
2018-06-02 02:52:16 +08:00
Fix pulling of images within buildah Change references to Transfer to transfer to make it internal only. It should be determined from the image specification and only determined in one place. Make buildah.Pull use registries.conf Currently buildah pull does not resolve images based on registries.conf This does not match the behaviour of buildah from or buildah bud Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1319 Approved by: rhatdan
2019-02-02 20:29:05 +08:00
func resolveImage(ctx context.Context, systemContext *types.SystemContext, store storage.Store, options BuilderOptions) (types.ImageReference, string, *storage.Image, error) {
Improve reporting about individual pull failures Instead of just using multierror to collect the error strings (and hope that they contain enough context about the attempted image names), explicitly collect pairs of (attempted image name, error). Then, report an appropriate error text depending on the failures and environment. Notably, if there was only one attempt (e.g. a fully-qualified name), just report the error with minimal context, instead of adding extra "1 error occurred:\n\n". If search registries were used and empty, note that in the error message (now for real). Also, make sure we return _some_ error if util.ResolveName ever returned an empty list for osome reason. It seems fairly attractive now to split resolveImage into the outer loop and a separate function for making one attempt, to consolidate the repetitive failures = append(...) code. OTOH that would force us to add another return value as a "fatal" indication. Maybe later. NOTABLY CHANGES BEHAVIOR: - Changes the error format. - Restores more detailed error reporting if we have no search registries, but had multiple candidates anyway, which was given up in the previous commit. Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #909 Approved by: rhatdan
2018-08-04 10:14:03 +08:00
type failure struct {
resolvedImageName string
err error
}
Fix pulling of images within buildah Change references to Transfer to transfer to make it internal only. It should be determined from the image specification and only determined in one place. Make buildah.Pull use registries.conf Currently buildah pull does not resolve images based on registries.conf This does not match the behaviour of buildah from or buildah bud Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1319 Approved by: rhatdan
2019-02-02 20:29:05 +08:00
candidates, transport, searchRegistriesWereUsedButEmpty, err := util.ResolveName(options.FromImage, options.Registry, systemContext, store)
Let util.ResolveName() return parsing errors Allow util.ResolveName() to return errors from libraries that it uses. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #948 Approved by: rhatdan
2018-08-22 04:33:36 +08:00
if err != nil {
Fix pulling of images within buildah Change references to Transfer to transfer to make it internal only. It should be determined from the image specification and only determined in one place. Make buildah.Pull use registries.conf Currently buildah pull does not resolve images based on registries.conf This does not match the behaviour of buildah from or buildah bud Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1319 Approved by: rhatdan
2019-02-02 20:29:05 +08:00
return nil, "", nil, errors.Wrapf(err, "error parsing reference to image %q", options.FromImage)
Let util.ResolveName() return parsing errors Allow util.ResolveName() to return errors from libraries that it uses. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #948 Approved by: rhatdan
2018-08-22 04:33:36 +08:00
}
Fix pulling of images within buildah Change references to Transfer to transfer to make it internal only. It should be determined from the image specification and only determined in one place. Make buildah.Pull use registries.conf Currently buildah pull does not resolve images based on registries.conf This does not match the behaviour of buildah from or buildah bud Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1319 Approved by: rhatdan
2019-02-02 20:29:05 +08:00
Improve reporting about individual pull failures Instead of just using multierror to collect the error strings (and hope that they contain enough context about the attempted image names), explicitly collect pairs of (attempted image name, error). Then, report an appropriate error text depending on the failures and environment. Notably, if there was only one attempt (e.g. a fully-qualified name), just report the error with minimal context, instead of adding extra "1 error occurred:\n\n". If search registries were used and empty, note that in the error message (now for real). Also, make sure we return _some_ error if util.ResolveName ever returned an empty list for osome reason. It seems fairly attractive now to split resolveImage into the outer loop and a separate function for making one attempt, to consolidate the repetitive failures = append(...) code. OTOH that would force us to add another return value as a "fatal" indication. Maybe later. NOTABLY CHANGES BEHAVIOR: - Changes the error format. - Restores more detailed error reporting if we have no search registries, but had multiple candidates anyway, which was given up in the previous commit. Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #909 Approved by: rhatdan
2018-08-04 10:14:03 +08:00
failures := []failure{}
for _, image := range candidates {
Clean up "pulls" of local image IDs / ID prefixes When ResolveName has already determined that the value is an ID (prefix), and returned the full ID, rely on that knowledge and don't try at all to pull the image from a 'remote transport ""'; also, don't try to match strings that are already known not to be ID prefixes, or that are known to use a different transport, against local storage. Should not change behavior, except possibly in theoretical inconsistency cases when store.Image(knownImageID) fails; the code now does not report other unrelated errors on the transport == "" path below. Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #1361 Approved by: rhatdan
2019-02-22 06:22:38 +08:00
if transport == "" {
img, err := store.Image(image)
if err != nil {
logrus.Debugf("error looking up known-local image %q: %v", image, err)
failures = append(failures, failure{resolvedImageName: image, err: err})
continue
}
ref, err := is.Transport.ParseStoreReference(store, img.ID)
if err != nil {
return nil, "", nil, errors.Wrapf(err, "error parsing reference to image %q", img.ID)
Use configured registries to resolve image names When locating an image for pulling, inspection, or pushing, if we're given an image name that doesn't include a domain/registry, try building a set of candidate names using the configured registries as domains, and then pull/inspect/push using the first of those names that works. If a name that we're given corresponds to a prefix of the ID of a local image, skip completion and use the ID directly instead. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #360 Approved by: rhatdan
2017-06-29 05:07:58 +08:00
}
Clean up "pulls" of local image IDs / ID prefixes When ResolveName has already determined that the value is an ID (prefix), and returned the full ID, rely on that knowledge and don't try at all to pull the image from a 'remote transport ""'; also, don't try to match strings that are already known not to be ID prefixes, or that are known to use a different transport, against local storage. Should not change behavior, except possibly in theoretical inconsistency cases when store.Image(knownImageID) fails; the code now does not report other unrelated errors on the transport == "" path below. Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #1361 Approved by: rhatdan
2019-02-22 06:22:38 +08:00
return ref, transport, img, nil
Use configured registries to resolve image names When locating an image for pulling, inspection, or pushing, if we're given an image name that doesn't include a domain/registry, try building a set of candidate names using the configured registries as domains, and then pull/inspect/push using the first of those names that works. If a name that we're given corresponds to a prefix of the ID of a local image, skip completion and use the ID directly instead. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #360 Approved by: rhatdan
2017-06-29 05:07:58 +08:00
}
Massive refactoring Pull most of the core logic from the CLI into a package that should be easier to consume as a library. Add a "config" command that updates the builder object's configuration. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-02-11 00:48:15 +08:00
Don't try to parse image name as a transport:image ResolveName now guarantees that the transport, if it exists, is not a part of the image name; the semantics is no longer ambiguous, so use the value only as expected. This could possibly fix incorrect handling of some strings (pull docker://dir:localpath), and the debug log will no longer contain "error parsing image name %q as given, trying with transport" for every name parsing attempt. Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #1361 Approved by: rhatdan
2019-02-22 06:33:42 +08:00
trans := transport
if transport != util.DefaultTransport {
trans = trans + ":"
}
srcRef, err := alltransports.ParseImageName(trans + image)
Give better messages to users when image can not be found Had to vendor latest containers/image to get path to /etc/containers/registries.conf Currently if /etc/containers/registries.conf does not exist, you can not pull i images and the error message tells you bad information. buildah from alpine Get https://localhost/v2/: dial tcp [::1]:443: connect: connection refused With this change ./buildah from alpine image "alpine" not found in /etc/containers/registries.conf registries: image not known Even if the registry.conf file exists, the error message does not tell you much useful. buildah from alpine1 Error determining manifest MIME type for docker://registry.access.redhat.com/alpine1:latest: Error reading manifest latest in registry.access.redhat.com/alpine1: unknown: Not Found As opposed to the following, which will at least give the admin a chance to figure out where he wants to add registries. ./buildah from alpine1 image "alpine1" not found in /etc/containers/registries.conf registries: image not known Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #743 Approved by: rhatdan
2018-06-02 02:52:16 +08:00
if err != nil {
Don't try to parse image name as a transport:image ResolveName now guarantees that the transport, if it exists, is not a part of the image name; the semantics is no longer ambiguous, so use the value only as expected. This could possibly fix incorrect handling of some strings (pull docker://dir:localpath), and the debug log will no longer contain "error parsing image name %q as given, trying with transport" for every name parsing attempt. Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #1361 Approved by: rhatdan
2019-02-22 06:33:42 +08:00
logrus.Debugf("error parsing image name %q: %v", trans+image, err)
failures = append(failures, failure{
resolvedImageName: image,
err: errors.Wrapf(err, "error parsing attempted image name %q", trans+image),
})
continue
Use configured registries to resolve image names When locating an image for pulling, inspection, or pushing, if we're given an image name that doesn't include a domain/registry, try building a set of candidate names using the configured registries as domains, and then pull/inspect/push using the first of those names that works. If a name that we're given corresponds to a prefix of the ID of a local image, skip completion and use the ID directly instead. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #360 Approved by: rhatdan
2017-06-29 05:07:58 +08:00
}
Improve "from" behavior with unnamed references Fix our instantiation behavior when the source image reference is not a named reference. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #235 Approved by: rhatdan
2017-07-29 05:29:37 +08:00
Move the computation of srcRef before first pullAndFindImage This only moves the code, does not modify it at all; a separate commit to make review easier. pullImage eventually computes the same value anyway, so this should not change behavior. We will soon remove the redundant value in pullImage. Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #1361 Approved by: rhatdan
2019-02-22 07:11:51 +08:00
if options.PullPolicy == PullAlways {
Use a types.ImageReference instead of (transport, name) strings in pullImage etc. Use a typed value, to hopefully decrease further temptation to process strings manually, and to avoid the unnecessary alltransports.ParseImageName which resolveImage has already called. This may change the strings used in some error/debug messages, which now use transports.ImageName instead of the original input; the strings should by definition have the same semantics. Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #1361 Approved by: rhatdan
2019-02-22 07:20:36 +08:00
pulledImg, pulledReference, err := pullAndFindImage(ctx, store, srcRef, options, systemContext)
Move the computation of srcRef before first pullAndFindImage This only moves the code, does not modify it at all; a separate commit to make review easier. pullImage eventually computes the same value anyway, so this should not change behavior. We will soon remove the redundant value in pullImage. Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #1361 Approved by: rhatdan
2019-02-22 07:11:51 +08:00
if err != nil {
logrus.Debugf("unable to pull and read image %q: %v", image, err)
failures = append(failures, failure{resolvedImageName: image, err: err})
continue
}
return pulledReference, transport, pulledImg, nil
}
CHANGES BEHAVIOR: Remove the string format input to localImageNameForReference It should always be redundant with the reference itself; so, use srcRef.StringWithinTransport() in the cases where we do need to understand and hard-code the string syntax, after all. Also improve the oci: format parsing a bit, to be robust against including an image name. NOTE: This might change the semantics a bit because StringWithinTransport does not guarantee preserving the original string (e.g. paths tend to be normalized not to contain symlinks). Using local paths as docker/distribution image names is conceptually so problematic that this seems worth the code cleanup - but I might be wrong. Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #1361 Approved by: rhatdan
2019-02-22 07:01:08 +08:00
destImage, err := localImageNameForReference(ctx, store, srcRef)
Give better messages to users when image can not be found Had to vendor latest containers/image to get path to /etc/containers/registries.conf Currently if /etc/containers/registries.conf does not exist, you can not pull i images and the error message tells you bad information. buildah from alpine Get https://localhost/v2/: dial tcp [::1]:443: connect: connection refused With this change ./buildah from alpine image "alpine" not found in /etc/containers/registries.conf registries: image not known Even if the registry.conf file exists, the error message does not tell you much useful. buildah from alpine1 Error determining manifest MIME type for docker://registry.access.redhat.com/alpine1:latest: Error reading manifest latest in registry.access.redhat.com/alpine1: unknown: Not Found As opposed to the following, which will at least give the admin a chance to figure out where he wants to add registries. ./buildah from alpine1 image "alpine1" not found in /etc/containers/registries.conf registries: image not known Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #743 Approved by: rhatdan
2018-06-02 02:52:16 +08:00
if err != nil {
Fix pulling of images within buildah Change references to Transfer to transfer to make it internal only. It should be determined from the image specification and only determined in one place. Make buildah.Pull use registries.conf Currently buildah pull does not resolve images based on registries.conf This does not match the behaviour of buildah from or buildah bud Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1319 Approved by: rhatdan
2019-02-02 20:29:05 +08:00
return nil, "", nil, errors.Wrapf(err, "error computing local image name for %q", transports.ImageName(srcRef))
Use configured registries to resolve image names When locating an image for pulling, inspection, or pushing, if we're given an image name that doesn't include a domain/registry, try building a set of candidate names using the configured registries as domains, and then pull/inspect/push using the first of those names that works. If a name that we're given corresponds to a prefix of the ID of a local image, skip completion and use the ID directly instead. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #360 Approved by: rhatdan
2017-06-29 05:07:58 +08:00
}
if destImage == "" {
Fix pulling of images within buildah Change references to Transfer to transfer to make it internal only. It should be determined from the image specification and only determined in one place. Make buildah.Pull use registries.conf Currently buildah pull does not resolve images based on registries.conf This does not match the behaviour of buildah from or buildah bud Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1319 Approved by: rhatdan
2019-02-02 20:29:05 +08:00
return nil, "", nil, errors.Errorf("error computing local image name for %q", transports.ImageName(srcRef))
Use configured registries to resolve image names When locating an image for pulling, inspection, or pushing, if we're given an image name that doesn't include a domain/registry, try building a set of candidate names using the configured registries as domains, and then pull/inspect/push using the first of those names that works. If a name that we're given corresponds to a prefix of the ID of a local image, skip completion and use the ID directly instead. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #360 Approved by: rhatdan
2017-06-29 05:07:58 +08:00
}
Improve "from" behavior with unnamed references Fix our instantiation behavior when the source image reference is not a named reference. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #235 Approved by: rhatdan
2017-07-29 05:29:37 +08:00
Eliminate the long-running ref and img variables in resolveImage Inspecting the code flow, img seems to end up nil nil when we exhaust all options and exit the loop, so img and ref don't need to be long-lived. Should not change behavior, except possibly for a theoretical case where store.Image(image) succeeds but !strings.HasPrefix(img.ID, image); OTOH in that case, if it could happen, we would end up with a nil ref, so that was very likely never intended in the first place. Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #909 Approved by: rhatdan
2018-08-04 08:58:29 +08:00
ref, err := is.Transport.ParseStoreReference(store, destImage)
Use configured registries to resolve image names When locating an image for pulling, inspection, or pushing, if we're given an image name that doesn't include a domain/registry, try building a set of candidate names using the configured registries as domains, and then pull/inspect/push using the first of those names that works. If a name that we're given corresponds to a prefix of the ID of a local image, skip completion and use the ID directly instead. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #360 Approved by: rhatdan
2017-06-29 05:07:58 +08:00
if err != nil {
Fix pulling of images within buildah Change references to Transfer to transfer to make it internal only. It should be determined from the image specification and only determined in one place. Make buildah.Pull use registries.conf Currently buildah pull does not resolve images based on registries.conf This does not match the behaviour of buildah from or buildah bud Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1319 Approved by: rhatdan
2019-02-02 20:29:05 +08:00
return nil, "", nil, errors.Wrapf(err, "error parsing reference to image %q", destImage)
Massive refactoring Pull most of the core logic from the CLI into a package that should be easier to consume as a library. Add a "config" command that updates the builder object's configuration. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-02-11 00:48:15 +08:00
}
Eliminate the long-running ref and img variables in resolveImage Inspecting the code flow, img seems to end up nil nil when we exhaust all options and exit the loop, so img and ref don't need to be long-lived. Should not change behavior, except possibly for a theoretical case where store.Image(image) succeeds but !strings.HasPrefix(img.ID, image); OTOH in that case, if it could happen, we would end up with a nil ref, so that was very likely never intended in the first place. Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #909 Approved by: rhatdan
2018-08-04 08:58:29 +08:00
img, err := is.Transport.GetStoreImage(store, ref)
In resolveImage, return immediately on success ... instead of breaking out of the loop and returning. This will eventually allow us to differentiate between finding an image and exhausting all options. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #909 Approved by: rhatdan
2018-08-04 08:54:39 +08:00
if err == nil {
Fix pulling of images within buildah Change references to Transfer to transfer to make it internal only. It should be determined from the image specification and only determined in one place. Make buildah.Pull use registries.conf Currently buildah pull does not resolve images based on registries.conf This does not match the behaviour of buildah from or buildah bud Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1319 Approved by: rhatdan
2019-02-02 20:29:05 +08:00
return ref, transport, img, nil
In resolveImage, return immediately on success ... instead of breaking out of the loop and returning. This will eventually allow us to differentiate between finding an image and exhausting all options. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #909 Approved by: rhatdan
2018-08-04 08:54:39 +08:00
}
if errors.Cause(err) == storage.ErrImageUnknown && options.PullPolicy != PullIfMissing {
logrus.Debugf("no such image %q: %v", transports.ImageName(ref), err)
Improve reporting about individual pull failures Instead of just using multierror to collect the error strings (and hope that they contain enough context about the attempted image names), explicitly collect pairs of (attempted image name, error). Then, report an appropriate error text depending on the failures and environment. Notably, if there was only one attempt (e.g. a fully-qualified name), just report the error with minimal context, instead of adding extra "1 error occurred:\n\n". If search registries were used and empty, note that in the error message (now for real). Also, make sure we return _some_ error if util.ResolveName ever returned an empty list for osome reason. It seems fairly attractive now to split resolveImage into the outer loop and a separate function for making one attempt, to consolidate the repetitive failures = append(...) code. OTOH that would force us to add another return value as a "fatal" indication. Maybe later. NOTABLY CHANGES BEHAVIOR: - Changes the error format. - Restores more detailed error reporting if we have no search registries, but had multiple candidates anyway, which was given up in the previous commit. Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #909 Approved by: rhatdan
2018-08-04 10:14:03 +08:00
failures = append(failures, failure{
resolvedImageName: image,
err: fmt.Errorf("no such image %q", transports.ImageName(ref)),
})
In resolveImage, return immediately on success ... instead of breaking out of the loop and returning. This will eventually allow us to differentiate between finding an image and exhausting all options. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #909 Approved by: rhatdan
2018-08-04 08:54:39 +08:00
continue
}
Use a types.ImageReference instead of (transport, name) strings in pullImage etc. Use a typed value, to hopefully decrease further temptation to process strings manually, and to avoid the unnecessary alltransports.ParseImageName which resolveImage has already called. This may change the strings used in some error/debug messages, which now use transports.ImageName instead of the original input; the strings should by definition have the same semantics. Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #1361 Approved by: rhatdan
2019-02-22 07:20:36 +08:00
pulledImg, pulledReference, err := pullAndFindImage(ctx, store, srcRef, options, systemContext)
Massive refactoring Pull most of the core logic from the CLI into a package that should be easier to consume as a library. Add a "config" command that updates the builder object's configuration. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-02-11 00:48:15 +08:00
if err != nil {
In resolveImage, return immediately on success ... instead of breaking out of the loop and returning. This will eventually allow us to differentiate between finding an image and exhausting all options. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #909 Approved by: rhatdan
2018-08-04 08:54:39 +08:00
logrus.Debugf("unable to pull and read image %q: %v", image, err)
Improve reporting about individual pull failures Instead of just using multierror to collect the error strings (and hope that they contain enough context about the attempted image names), explicitly collect pairs of (attempted image name, error). Then, report an appropriate error text depending on the failures and environment. Notably, if there was only one attempt (e.g. a fully-qualified name), just report the error with minimal context, instead of adding extra "1 error occurred:\n\n". If search registries were used and empty, note that in the error message (now for real). Also, make sure we return _some_ error if util.ResolveName ever returned an empty list for osome reason. It seems fairly attractive now to split resolveImage into the outer loop and a separate function for making one attempt, to consolidate the repetitive failures = append(...) code. OTOH that would force us to add another return value as a "fatal" indication. Maybe later. NOTABLY CHANGES BEHAVIOR: - Changes the error format. - Restores more detailed error reporting if we have no search registries, but had multiple candidates anyway, which was given up in the previous commit. Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #909 Approved by: rhatdan
2018-08-04 10:14:03 +08:00
failures = append(failures, failure{resolvedImageName: image, err: err})
In resolveImage, return immediately on success ... instead of breaking out of the loop and returning. This will eventually allow us to differentiate between finding an image and exhausting all options. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #909 Approved by: rhatdan
2018-08-04 08:54:39 +08:00
continue
Massive refactoring Pull most of the core logic from the CLI into a package that should be easier to consume as a library. Add a "config" command that updates the builder object's configuration. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-02-11 00:48:15 +08:00
}
Fix pulling of images within buildah Change references to Transfer to transfer to make it internal only. It should be determined from the image specification and only determined in one place. Make buildah.Pull use registries.conf Currently buildah pull does not resolve images based on registries.conf This does not match the behaviour of buildah from or buildah bud Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1319 Approved by: rhatdan
2019-02-02 20:29:05 +08:00
return pulledReference, transport, pulledImg, nil
Use configured registries to resolve image names When locating an image for pulling, inspection, or pushing, if we're given an image name that doesn't include a domain/registry, try building a set of candidate names using the configured registries as domains, and then pull/inspect/push using the first of those names that works. If a name that we're given corresponds to a prefix of the ID of a local image, skip completion and use the ID directly instead. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #360 Approved by: rhatdan
2017-06-29 05:07:58 +08:00
}
Improve reporting about individual pull failures Instead of just using multierror to collect the error strings (and hope that they contain enough context about the attempted image names), explicitly collect pairs of (attempted image name, error). Then, report an appropriate error text depending on the failures and environment. Notably, if there was only one attempt (e.g. a fully-qualified name), just report the error with minimal context, instead of adding extra "1 error occurred:\n\n". If search registries were used and empty, note that in the error message (now for real). Also, make sure we return _some_ error if util.ResolveName ever returned an empty list for osome reason. It seems fairly attractive now to split resolveImage into the outer loop and a separate function for making one attempt, to consolidate the repetitive failures = append(...) code. OTOH that would force us to add another return value as a "fatal" indication. Maybe later. NOTABLY CHANGES BEHAVIOR: - Changes the error format. - Restores more detailed error reporting if we have no search registries, but had multiple candidates anyway, which was given up in the previous commit. Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #909 Approved by: rhatdan
2018-08-04 10:14:03 +08:00
if len(failures) != len(candidates) {
Fix pulling of images within buildah Change references to Transfer to transfer to make it internal only. It should be determined from the image specification and only determined in one place. Make buildah.Pull use registries.conf Currently buildah pull does not resolve images based on registries.conf This does not match the behaviour of buildah from or buildah bud Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1319 Approved by: rhatdan
2019-02-02 20:29:05 +08:00
return nil, "", nil, fmt.Errorf("internal error: %d candidates (%#v) vs. %d failures (%#v)", len(candidates), candidates, len(failures), failures)
Improve reporting about individual pull failures Instead of just using multierror to collect the error strings (and hope that they contain enough context about the attempted image names), explicitly collect pairs of (attempted image name, error). Then, report an appropriate error text depending on the failures and environment. Notably, if there was only one attempt (e.g. a fully-qualified name), just report the error with minimal context, instead of adding extra "1 error occurred:\n\n". If search registries were used and empty, note that in the error message (now for real). Also, make sure we return _some_ error if util.ResolveName ever returned an empty list for osome reason. It seems fairly attractive now to split resolveImage into the outer loop and a separate function for making one attempt, to consolidate the repetitive failures = append(...) code. OTOH that would force us to add another return value as a "fatal" indication. Maybe later. NOTABLY CHANGES BEHAVIOR: - Changes the error format. - Restores more detailed error reporting if we have no search registries, but had multiple candidates anyway, which was given up in the previous commit. Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #909 Approved by: rhatdan
2018-08-04 10:14:03 +08:00
}
vendor github.com/containers/image@v3.0.0 Signed-off-by: Valentin Rothberg <rothberg@redhat.com> Closes: #1756 Approved by: rhatdan
2019-08-02 17:30:22 +08:00
registriesConfPath := sysregistriesv2.ConfigPath(systemContext)
Improve reporting about individual pull failures Instead of just using multierror to collect the error strings (and hope that they contain enough context about the attempted image names), explicitly collect pairs of (attempted image name, error). Then, report an appropriate error text depending on the failures and environment. Notably, if there was only one attempt (e.g. a fully-qualified name), just report the error with minimal context, instead of adding extra "1 error occurred:\n\n". If search registries were used and empty, note that in the error message (now for real). Also, make sure we return _some_ error if util.ResolveName ever returned an empty list for osome reason. It seems fairly attractive now to split resolveImage into the outer loop and a separate function for making one attempt, to consolidate the repetitive failures = append(...) code. OTOH that would force us to add another return value as a "fatal" indication. Maybe later. NOTABLY CHANGES BEHAVIOR: - Changes the error format. - Restores more detailed error reporting if we have no search registries, but had multiple candidates anyway, which was given up in the previous commit. Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #909 Approved by: rhatdan
2018-08-04 10:14:03 +08:00
switch len(failures) {
case 0:
if searchRegistriesWereUsedButEmpty {
Fix pulling of images within buildah Change references to Transfer to transfer to make it internal only. It should be determined from the image specification and only determined in one place. Make buildah.Pull use registries.conf Currently buildah pull does not resolve images based on registries.conf This does not match the behaviour of buildah from or buildah bud Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1319 Approved by: rhatdan
2019-02-02 20:29:05 +08:00
return nil, "", nil, errors.Errorf("image name %q is a short name and no search registries are defined in %s.", options.FromImage, registriesConfPath)
Improve reporting about individual pull failures Instead of just using multierror to collect the error strings (and hope that they contain enough context about the attempted image names), explicitly collect pairs of (attempted image name, error). Then, report an appropriate error text depending on the failures and environment. Notably, if there was only one attempt (e.g. a fully-qualified name), just report the error with minimal context, instead of adding extra "1 error occurred:\n\n". If search registries were used and empty, note that in the error message (now for real). Also, make sure we return _some_ error if util.ResolveName ever returned an empty list for osome reason. It seems fairly attractive now to split resolveImage into the outer loop and a separate function for making one attempt, to consolidate the repetitive failures = append(...) code. OTOH that would force us to add another return value as a "fatal" indication. Maybe later. NOTABLY CHANGES BEHAVIOR: - Changes the error format. - Restores more detailed error reporting if we have no search registries, but had multiple candidates anyway, which was given up in the previous commit. Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #909 Approved by: rhatdan
2018-08-04 10:14:03 +08:00
}
Fix pulling of images within buildah Change references to Transfer to transfer to make it internal only. It should be determined from the image specification and only determined in one place. Make buildah.Pull use registries.conf Currently buildah pull does not resolve images based on registries.conf This does not match the behaviour of buildah from or buildah bud Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1319 Approved by: rhatdan
2019-02-02 20:29:05 +08:00
return nil, "", nil, fmt.Errorf("internal error: no pull candidates were available for %q for an unknown reason", options.FromImage)
Improve reporting about individual pull failures Instead of just using multierror to collect the error strings (and hope that they contain enough context about the attempted image names), explicitly collect pairs of (attempted image name, error). Then, report an appropriate error text depending on the failures and environment. Notably, if there was only one attempt (e.g. a fully-qualified name), just report the error with minimal context, instead of adding extra "1 error occurred:\n\n". If search registries were used and empty, note that in the error message (now for real). Also, make sure we return _some_ error if util.ResolveName ever returned an empty list for osome reason. It seems fairly attractive now to split resolveImage into the outer loop and a separate function for making one attempt, to consolidate the repetitive failures = append(...) code. OTOH that would force us to add another return value as a "fatal" indication. Maybe later. NOTABLY CHANGES BEHAVIOR: - Changes the error format. - Restores more detailed error reporting if we have no search registries, but had multiple candidates anyway, which was given up in the previous commit. Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #909 Approved by: rhatdan
2018-08-04 10:14:03 +08:00
case 1:
err := failures[0].err
if failures[0].resolvedImageName != options.FromImage {
err = errors.Wrapf(err, "while pulling %q as %q", options.FromImage, failures[0].resolvedImageName)
}
if searchRegistriesWereUsedButEmpty {
err = errors.Wrapf(err, "(image name %q is a short name and no search registries are defined in %s)", options.FromImage, registriesConfPath)
}
Fix pulling of images within buildah Change references to Transfer to transfer to make it internal only. It should be determined from the image specification and only determined in one place. Make buildah.Pull use registries.conf Currently buildah pull does not resolve images based on registries.conf This does not match the behaviour of buildah from or buildah bud Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1319 Approved by: rhatdan
2019-02-02 20:29:05 +08:00
return nil, "", nil, err
Improve reporting about individual pull failures Instead of just using multierror to collect the error strings (and hope that they contain enough context about the attempted image names), explicitly collect pairs of (attempted image name, error). Then, report an appropriate error text depending on the failures and environment. Notably, if there was only one attempt (e.g. a fully-qualified name), just report the error with minimal context, instead of adding extra "1 error occurred:\n\n". If search registries were used and empty, note that in the error message (now for real). Also, make sure we return _some_ error if util.ResolveName ever returned an empty list for osome reason. It seems fairly attractive now to split resolveImage into the outer loop and a separate function for making one attempt, to consolidate the repetitive failures = append(...) code. OTOH that would force us to add another return value as a "fatal" indication. Maybe later. NOTABLY CHANGES BEHAVIOR: - Changes the error format. - Restores more detailed error reporting if we have no search registries, but had multiple candidates anyway, which was given up in the previous commit. Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #909 Approved by: rhatdan
2018-08-04 10:14:03 +08:00
default:
// NOTE: a multi-line error string:
e := fmt.Sprintf("The following failures happened while trying to pull image specified by %q based on search registries in %s:", options.FromImage, registriesConfPath)
for _, f := range failures {
e = e + fmt.Sprintf("\n* %q: %s", f.resolvedImageName, f.err.Error())
}
Fix pulling of images within buildah Change references to Transfer to transfer to make it internal only. It should be determined from the image specification and only determined in one place. Make buildah.Pull use registries.conf Currently buildah pull does not resolve images based on registries.conf This does not match the behaviour of buildah from or buildah bud Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1319 Approved by: rhatdan
2019-02-02 20:29:05 +08:00
return nil, "", nil, errors.New(e)
Move the "short name but no search registries" error handling to resolveImage Use the value now returned by util.ResolveImage instead of trying to recompute it. Then drop the no longer used getRegistries. (It might be reasonable to split that part of util.ResolveImage to make it shorter; but it should not ideally have any independent second-guessing callers. So, just keep the inlined one instead; that way we certainly don't break it.) Also drop the no longer used hasRegistry. CHANGES BEHAVIOR: - Most notably, the "short name but no search registries" code has been broken for some time; pullImage was called with localhost/$shortname, which was a qualified name, so the specialized error handling was never attempted. - Temporarily, the error handling in the "short name but no search registries" code trigers even if there were actually valid values to try (in practice there is always localhost/$shortname, and possibly also options.Registry/$shortname). The next commit will improve it again. - We now have more legitimate access to the original short name, so include it in the error message (it was technically available before, but using it was awkward). NOTE: registriesConfPath is computed using the sysregistries package, but actual access happens using the sysregistriesv2 package. That should be cleaned up eventually. Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #909 Approved by: rhatdan
2018-08-04 09:29:16 +08:00
}
Give better messages to users when image can not be found Had to vendor latest containers/image to get path to /etc/containers/registries.conf Currently if /etc/containers/registries.conf does not exist, you can not pull i images and the error message tells you bad information. buildah from alpine Get https://localhost/v2/: dial tcp [::1]:443: connect: connection refused With this change ./buildah from alpine image "alpine" not found in /etc/containers/registries.conf registries: image not known Even if the registry.conf file exists, the error message does not tell you much useful. buildah from alpine1 Error determining manifest MIME type for docker://registry.access.redhat.com/alpine1:latest: Error reading manifest latest in registry.access.redhat.com/alpine1: unknown: Not Found As opposed to the following, which will at least give the admin a chance to figure out where he wants to add registries. ./buildah from alpine1 image "alpine1" not found in /etc/containers/registries.conf registries: image not known Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #743 Approved by: rhatdan
2018-06-02 02:52:16 +08:00
}
Use configured registries to resolve image names When locating an image for pulling, inspection, or pushing, if we're given an image name that doesn't include a domain/registry, try building a set of candidate names using the configured registries as domains, and then pull/inspect/push using the first of those names that works. If a name that we're given corresponds to a prefix of the ID of a local image, skip completion and use the ID directly instead. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #360 Approved by: rhatdan
2017-06-29 05:07:58 +08:00
Allow container storage to manage the SELinux labels Also speed up container name selection by making sure the container name is not chosen before trying it out. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2018-10-20 02:49:51 +08:00
func containerNameExist(name string, containers []storage.Container) bool {
for _, container := range containers {
for _, cname := range container.Names {
if cname == name {
return true
}
}
}
return false
}
func findUnusedContainer(name string, containers []storage.Container) string {
suffix := 1
tmpName := name
for containerNameExist(tmpName, containers) {
tmpName = fmt.Sprintf("%s-%d", name, suffix)
suffix++
}
return tmpName
}
Give better messages to users when image can not be found Had to vendor latest containers/image to get path to /etc/containers/registries.conf Currently if /etc/containers/registries.conf does not exist, you can not pull i images and the error message tells you bad information. buildah from alpine Get https://localhost/v2/: dial tcp [::1]:443: connect: connection refused With this change ./buildah from alpine image "alpine" not found in /etc/containers/registries.conf registries: image not known Even if the registry.conf file exists, the error message does not tell you much useful. buildah from alpine1 Error determining manifest MIME type for docker://registry.access.redhat.com/alpine1:latest: Error reading manifest latest in registry.access.redhat.com/alpine1: unknown: Not Found As opposed to the following, which will at least give the admin a chance to figure out where he wants to add registries. ./buildah from alpine1 image "alpine1" not found in /etc/containers/registries.conf registries: image not known Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #743 Approved by: rhatdan
2018-06-02 02:52:16 +08:00
func newBuilder(ctx context.Context, store storage.Store, options BuilderOptions) (*Builder, error) {
Fix pulling of images within buildah Change references to Transfer to transfer to make it internal only. It should be determined from the image specification and only determined in one place. Make buildah.Pull use registries.conf Currently buildah pull does not resolve images based on registries.conf This does not match the behaviour of buildah from or buildah bud Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1319 Approved by: rhatdan
2019-02-02 20:29:05 +08:00
var (
ref types.ImageReference
img *storage.Image
err error
)
Give better messages to users when image can not be found Had to vendor latest containers/image to get path to /etc/containers/registries.conf Currently if /etc/containers/registries.conf does not exist, you can not pull i images and the error message tells you bad information. buildah from alpine Get https://localhost/v2/: dial tcp [::1]:443: connect: connection refused With this change ./buildah from alpine image "alpine" not found in /etc/containers/registries.conf registries: image not known Even if the registry.conf file exists, the error message does not tell you much useful. buildah from alpine1 Error determining manifest MIME type for docker://registry.access.redhat.com/alpine1:latest: Error reading manifest latest in registry.access.redhat.com/alpine1: unknown: Not Found As opposed to the following, which will at least give the admin a chance to figure out where he wants to add registries. ./buildah from alpine1 image "alpine1" not found in /etc/containers/registries.conf registries: image not known Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #743 Approved by: rhatdan
2018-06-02 02:52:16 +08:00
if options.FromImage == BaseImageFakeName {
options.FromImage = ""
}
Allow rootless users to use the cache directory in homedir Currently rootless podman attempts to write to /var/lib/containers/cache and fails. This causes us to repeatedly push images that have already been pushed. This cache directory should be relative to the location of containers/storage and not always stored in the same directory. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1411 Approved by: TomSweeneyRedHat
2019-03-14 04:03:13 +08:00
systemContext := getSystemContext(store, options.SystemContext, options.SignaturePolicyPath)
Give better messages to users when image can not be found Had to vendor latest containers/image to get path to /etc/containers/registries.conf Currently if /etc/containers/registries.conf does not exist, you can not pull i images and the error message tells you bad information. buildah from alpine Get https://localhost/v2/: dial tcp [::1]:443: connect: connection refused With this change ./buildah from alpine image "alpine" not found in /etc/containers/registries.conf registries: image not known Even if the registry.conf file exists, the error message does not tell you much useful. buildah from alpine1 Error determining manifest MIME type for docker://registry.access.redhat.com/alpine1:latest: Error reading manifest latest in registry.access.redhat.com/alpine1: unknown: Not Found As opposed to the following, which will at least give the admin a chance to figure out where he wants to add registries. ./buildah from alpine1 image "alpine1" not found in /etc/containers/registries.conf registries: image not known Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #743 Approved by: rhatdan
2018-06-02 02:52:16 +08:00
Don't even invoke the pull loop if options.FromImage == "" The loop will not run because util.ResolveName("", ...) returns nil; so, don't even invoke it. That way, if we don't get an image from resolveImage, we know we should have and it is an error. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #909 Approved by: rhatdan
2018-08-04 09:02:06 +08:00
if options.FromImage != "" && options.FromImage != "scratch" {
Fix pulling of images within buildah Change references to Transfer to transfer to make it internal only. It should be determined from the image specification and only determined in one place. Make buildah.Pull use registries.conf Currently buildah pull does not resolve images based on registries.conf This does not match the behaviour of buildah from or buildah bud Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1319 Approved by: rhatdan
2019-02-02 20:29:05 +08:00
ref, _, img, err = resolveImage(ctx, systemContext, store, options)
Give better messages to users when image can not be found Had to vendor latest containers/image to get path to /etc/containers/registries.conf Currently if /etc/containers/registries.conf does not exist, you can not pull i images and the error message tells you bad information. buildah from alpine Get https://localhost/v2/: dial tcp [::1]:443: connect: connection refused With this change ./buildah from alpine image "alpine" not found in /etc/containers/registries.conf registries: image not known Even if the registry.conf file exists, the error message does not tell you much useful. buildah from alpine1 Error determining manifest MIME type for docker://registry.access.redhat.com/alpine1:latest: Error reading manifest latest in registry.access.redhat.com/alpine1: unknown: Not Found As opposed to the following, which will at least give the admin a chance to figure out where he wants to add registries. ./buildah from alpine1 image "alpine1" not found in /etc/containers/registries.conf registries: image not known Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #743 Approved by: rhatdan
2018-06-02 02:52:16 +08:00
if err != nil {
return nil, err
}
Use configured registries to resolve image names When locating an image for pulling, inspection, or pushing, if we're given an image name that doesn't include a domain/registry, try building a set of candidate names using the configured registries as domains, and then pull/inspect/push using the first of those names that works. If a name that we're given corresponds to a prefix of the ID of a local image, skip completion and use the ID directly instead. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #360 Approved by: rhatdan
2017-06-29 05:07:58 +08:00
}
Handle configuration blobs for manifest lists When the base image or an image that we're inspecting is a reference to a manifest list, resolve it to a runnable image instance, then try to read the configuration blob from the runnable image. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #1960 Approved by: TomSweeneyRedHat
2019-11-01 03:18:10 +08:00
imageSpec := options.FromImage
Use configured registries to resolve image names When locating an image for pulling, inspection, or pushing, if we're given an image name that doesn't include a domain/registry, try building a set of candidate names using the configured registries as domains, and then pull/inspect/push using the first of those names that works. If a name that we're given corresponds to a prefix of the ID of a local image, skip completion and use the ID directly instead. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #360 Approved by: rhatdan
2017-06-29 05:07:58 +08:00
imageID := ""
from/import: record the base image's digest, if it has one Record the digest of the base image's manifest, if there is a base image. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #1724 Approved by: rhatdan
2019-07-02 05:14:07 +08:00
imageDigest := ""
Add --layers and --no-cache to buildah bud This patch adds in the caching feature to buildah bud. Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #784 Approved by: rhatdan
2018-06-09 00:55:46 +08:00
topLayer := ""
Use configured registries to resolve image names When locating an image for pulling, inspection, or pushing, if we're given an image name that doesn't include a domain/registry, try building a set of candidate names using the configured registries as domains, and then pull/inspect/push using the first of those names that works. If a name that we're given corresponds to a prefix of the ID of a local image, skip completion and use the ID directly instead. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #360 Approved by: rhatdan
2017-06-29 05:07:58 +08:00
if img != nil {
Handle configuration blobs for manifest lists When the base image or an image that we're inspecting is a reference to a manifest list, resolve it to a runnable image instance, then try to read the configuration blob from the runnable image. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #1960 Approved by: TomSweeneyRedHat
2019-11-01 03:18:10 +08:00
imageSpec = getImageName(imageNamePrefix(imageSpec), img)
Better distinguish between image names and IDs When recording the origins of working containers, take better care to distinguish between image names and IDs. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-03-16 05:19:29 +08:00
imageID = img.ID
Add --layers and --no-cache to buildah bud This patch adds in the caching feature to buildah bud. Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #784 Approved by: rhatdan
2018-06-09 00:55:46 +08:00
topLayer = img.TopLayer
Use configured registries to resolve image names When locating an image for pulling, inspection, or pushing, if we're given an image name that doesn't include a domain/registry, try building a set of candidate names using the configured registries as domains, and then pull/inspect/push using the first of those names that works. If a name that we're given corresponds to a prefix of the ID of a local image, skip completion and use the ID directly instead. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #360 Approved by: rhatdan
2017-06-29 05:07:58 +08:00
}
Handle configuration blobs for manifest lists When the base image or an image that we're inspecting is a reference to a manifest list, resolve it to a runnable image instance, then try to read the configuration blob from the runnable image. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #1960 Approved by: TomSweeneyRedHat
2019-11-01 03:18:10 +08:00
var src types.Image
Pass a types.Image to Builder.initConfig Both callers of initConfig use a types.Image to get a manifest and config; so, preserve the types.Image and pass it to Builder.initConfig. This does not change behavior (except for making the lifetime of a types.Image a bit longer in one case), but it will allow moving the manifest/config load into Builder.initConfig in the future. Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #776 Approved by: rhatdan
2018-06-12 06:31:04 +08:00
if ref != nil {
Handle configuration blobs for manifest lists When the base image or an image that we're inspecting is a reference to a manifest list, resolve it to a runnable image instance, then try to read the configuration blob from the runnable image. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #1960 Approved by: TomSweeneyRedHat
2019-11-01 03:18:10 +08:00
srcSrc, err := ref.NewImageSource(ctx, systemContext)
Pass a types.Image to Builder.initConfig Both callers of initConfig use a types.Image to get a manifest and config; so, preserve the types.Image and pass it to Builder.initConfig. This does not change behavior (except for making the lifetime of a types.Image a bit longer in one case), but it will allow moving the manifest/config load into Builder.initConfig in the future. Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #776 Approved by: rhatdan
2018-06-12 06:31:04 +08:00
if err != nil {
return nil, errors.Wrapf(err, "error instantiating image for %q", transports.ImageName(ref))
}
Handle configuration blobs for manifest lists When the base image or an image that we're inspecting is a reference to a manifest list, resolve it to a runnable image instance, then try to read the configuration blob from the runnable image. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #1960 Approved by: TomSweeneyRedHat
2019-11-01 03:18:10 +08:00
defer srcSrc.Close()
manifestBytes, manifestType, err := srcSrc.GetManifest(ctx, nil)
if err != nil {
return nil, errors.Wrapf(err, "error loading image manifest for %q", transports.ImageName(ref))
}
if manifestDigest, err := manifest.Digest(manifestBytes); err == nil {
imageDigest = manifestDigest.String()
}
var instanceDigest *digest.Digest
if manifest.MIMETypeIsMultiImage(manifestType) {
list, err := manifest.ListFromBlob(manifestBytes, manifestType)
if err != nil {
return nil, errors.Wrapf(err, "error parsing image manifest for %q as list", transports.ImageName(ref))
from/import: record the base image's digest, if it has one Record the digest of the base image's manifest, if there is a base image. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #1724 Approved by: rhatdan
2019-07-02 05:14:07 +08:00
}
Handle configuration blobs for manifest lists When the base image or an image that we're inspecting is a reference to a manifest list, resolve it to a runnable image instance, then try to read the configuration blob from the runnable image. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #1960 Approved by: TomSweeneyRedHat
2019-11-01 03:18:10 +08:00
instance, err := list.ChooseInstance(systemContext)
if err != nil {
return nil, errors.Wrapf(err, "error finding an appropriate image in manifest list %q", transports.ImageName(ref))
}
instanceDigest = &instance
}
src, err = image.FromUnparsedImage(ctx, systemContext, image.UnparsedInstance(srcSrc, instanceDigest))
if err != nil {
return nil, errors.Wrapf(err, "error instantiating image for %q instance %q", transports.ImageName(ref), instanceDigest)
from/import: record the base image's digest, if it has one Record the digest of the base image's manifest, if there is a base image. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #1724 Approved by: rhatdan
2019-07-02 05:14:07 +08:00
}
Pass a types.Image to Builder.initConfig Both callers of initConfig use a types.Image to get a manifest and config; so, preserve the types.Image and pass it to Builder.initConfig. This does not change behavior (except for making the lifetime of a types.Image a bit longer in one case), but it will allow moving the manifest/config load into Builder.initConfig in the future. Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #776 Approved by: rhatdan
2018-06-12 06:31:04 +08:00
}
Improve "from" behavior with unnamed references Fix our instantiation behavior when the source image reference is not a named reference. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #235 Approved by: rhatdan
2017-07-29 05:29:37 +08:00
name := "working-container"
if options.Container != "" {
name = options.Container
} else {
Handle configuration blobs for manifest lists When the base image or an image that we're inspecting is a reference to a manifest list, resolve it to a runnable image instance, then try to read the configuration blob from the runnable image. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #1960 Approved by: TomSweeneyRedHat
2019-11-01 03:18:10 +08:00
if imageSpec != "" {
name = imageNamePrefix(imageSpec) + "-" + name
Improve "from" behavior with unnamed references Fix our instantiation behavior when the source image reference is not a named reference. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #235 Approved by: rhatdan
2017-07-29 05:29:37 +08:00
}
}
Allow container storage to manage the SELinux labels Also speed up container name selection by making sure the container name is not chosen before trying it out. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2018-10-20 02:49:51 +08:00
var container *storage.Container
tmpName := name
if options.Container == "" {
containers, err := store.Containers()
if err != nil {
return nil, errors.Wrapf(err, "unable to check for container names")
}
tmpName = findUnusedContainer(tmpName, containers)
}
Use configured registries to resolve image names When locating an image for pulling, inspection, or pushing, if we're given an image name that doesn't include a domain/registry, try building a set of candidate names using the configured registries as domains, and then pull/inspect/push using the first of those names that works. If a name that we're given corresponds to a prefix of the ID of a local image, skip completion and use the ID directly instead. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #360 Approved by: rhatdan
2017-06-29 05:07:58 +08:00
Allow container storage to manage the SELinux labels Also speed up container name selection by making sure the container name is not chosen before trying it out. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2018-10-20 02:49:51 +08:00
conflict := 100
Fix a few issues found by tests/validate/gometalinter.sh For some reason, the CI does not report any of these; on macOS I see many more reports (including complaints about the standard library), this only cleans up the trivial cases. Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #1365 Approved by: rhatdan
2019-02-23 10:08:09 +08:00
for {
Allow container storage to manage the SELinux labels Also speed up container name selection by making sure the container name is not chosen before trying it out. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2018-10-20 02:49:51 +08:00
coptions := storage.ContainerOptions{
LabelOpts: options.CommonBuildOpts.LabelOpts,
IDMappingOptions: newContainerIDMappingOptions(options.IDMappingOptions),
}
container, err = store.CreateContainer("", []string{tmpName}, imageID, "", "", &coptions)
if err == nil {
Handle ErrDuplicateName errors from store.CreateContainer() newBuilder(): When store.CreateContainer() returns a duplicate-name error for a name that we just made up, try again with a different made-up name. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #1009 Approved by: rhatdan
2018-09-13 02:34:05 +08:00
name = tmpName
Allow container storage to manage the SELinux labels Also speed up container name selection by making sure the container name is not chosen before trying it out. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2018-10-20 02:49:51 +08:00
break
Handle ErrDuplicateName errors from store.CreateContainer() newBuilder(): When store.CreateContainer() returns a duplicate-name error for a name that we just made up, try again with a different made-up name. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #1009 Approved by: rhatdan
2018-09-13 02:34:05 +08:00
}
Allow container storage to manage the SELinux labels Also speed up container name selection by making sure the container name is not chosen before trying it out. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2018-10-20 02:49:51 +08:00
if errors.Cause(err) != storage.ErrDuplicateName || options.Container != "" {
return nil, errors.Wrapf(err, "error creating container")
}
tmpName = fmt.Sprintf("%s-%d", name, rand.Int()%conflict)
conflict = conflict * 10
Handle ErrDuplicateName errors from store.CreateContainer() newBuilder(): When store.CreateContainer() returns a duplicate-name error for a name that we just made up, try again with a different made-up name. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #1009 Approved by: rhatdan
2018-09-13 02:34:05 +08:00
}
Massive refactoring Pull most of the core logic from the CLI into a package that should be easier to consume as a library. Add a "config" command that updates the builder object's configuration. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-02-11 00:48:15 +08:00
defer func() {
if err != nil {
ReserveSELinuxLabels(): handle wrapped errors from OpenBuilder ReserveSELinuxLabels() checks if an error returned by OpenBuilder() is a does-not-exist error, but OpenBuilder() returns wrapped errors now, and it wasn't checking the root cause error. When newBuilder() fails, check the right error value when deciding whether or not deleting the partially-constructed container failed. OpenBuildersByPath() shouldn't choke on non-buildah containers, so have it handle does-not-exist errors the same way OpenAllBuilders() does. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #1109 Approved by: rhatdan
2018-10-18 04:58:32 +08:00
if err2 := store.DeleteContainer(container.ID); err2 != nil {
Massive refactoring Pull most of the core logic from the CLI into a package that should be easier to consume as a library. Add a "config" command that updates the builder object's configuration. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-02-11 00:48:15 +08:00
logrus.Errorf("error deleting container %q: %v", container.ID, err2)
}
}
}()
Read UID/GID mapping information from containers and images Read UID/GID mapping information when creating or importing containers, and if there is mapping information, use it when building runtime configurations. Mounting sysfs in a user namespace requires that we also have our own network namespace, so default to creating one for that case. Switch permissions on files that we bind in so that they're writable from inside of the container. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #700 Approved by: rhatdan
2018-03-08 07:11:43 +08:00
uidmap, gidmap := convertStorageIDMaps(container.UIDMap, container.GIDMap)
vendor in latest runtime-tools The latest runtime-tools is aware of other OS's than Linux. Libpod needs the newer version to compile on darwin. Unfortunately, the API for generator.New() changed and requires a string representation of the OS; furthermore, it also returns a a generator and an error so code had to be adjusted for this too. Signed-off-by: baude <bbaude@redhat.com>
2018-06-27 04:35:43 +08:00
defaultNamespaceOptions, err := DefaultNamespaceOptions()
if err != nil {
return nil, err
}
namespaceOptions := defaultNamespaceOptions
Read UID/GID mapping information from containers and images Read UID/GID mapping information when creating or importing containers, and if there is mapping information, use it when building runtime configurations. Mounting sysfs in a user namespace requires that we also have our own network namespace, so default to creating one for that case. Switch permissions on files that we bind in so that they're writable from inside of the container. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #700 Approved by: rhatdan
2018-03-08 07:11:43 +08:00
namespaceOptions.AddOrReplace(options.NamespaceOptions...)
Add proper SELinux labeling to buildah run Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #294 Approved by: nalind
2017-10-20 05:47:15 +08:00
Massive refactoring Pull most of the core logic from the CLI into a package that should be easier to consume as a library. Add a "config" command that updates the builder object's configuration. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-02-11 00:48:15 +08:00
builder := &Builder{
Add secrets patch to buildah Signed-off-by: umohnani8 <umohnani@redhat.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2017-11-08 06:44:24 +08:00
store: store,
Type: containerType,
Handle configuration blobs for manifest lists When the base image or an image that we're inspecting is a reference to a manifest list, resolve it to a runnable image instance, then try to read the configuration blob from the runnable image. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #1960 Approved by: TomSweeneyRedHat
2019-11-01 03:18:10 +08:00
FromImage: imageSpec,
Add secrets patch to buildah Signed-off-by: umohnani8 <umohnani@redhat.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2017-11-08 06:44:24 +08:00
FromImageID: imageID,
from/import: record the base image's digest, if it has one Record the digest of the base image's manifest, if there is a base image. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #1724 Approved by: rhatdan
2019-07-02 05:14:07 +08:00
FromImageDigest: imageDigest,
Add secrets patch to buildah Signed-off-by: umohnani8 <umohnani@redhat.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2017-11-08 06:44:24 +08:00
Container: name,
ContainerID: container.ID,
ImageAnnotations: map[string]string{},
ImageCreatedBy: "",
Allow container storage to manage the SELinux labels Also speed up container name selection by making sure the container name is not chosen before trying it out. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2018-10-20 02:49:51 +08:00
ProcessLabel: container.ProcessLabel(),
MountLabel: container.MountLabel(),
Add secrets patch to buildah Signed-off-by: umohnani8 <umohnani@redhat.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2017-11-08 06:44:24 +08:00
DefaultMountsFilePath: options.DefaultMountsFilePath,
Implement basic recognition of the "--isolation" option Add the basics of handling the "--isolation" option, though at the moment, the only recognized option is "oci", which is our default. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #822 Approved by: rhatdan
2018-05-12 01:00:14 +08:00
Isolation: options.Isolation,
Read UID/GID mapping information from containers and images Read UID/GID mapping information when creating or importing containers, and if there is mapping information, use it when building runtime configurations. Mounting sysfs in a user namespace requires that we also have our own network namespace, so default to creating one for that case. Switch permissions on files that we bind in so that they're writable from inside of the container. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #700 Approved by: rhatdan
2018-03-08 07:11:43 +08:00
NamespaceOptions: namespaceOptions,
Use CNI to configure container networks Use CNI to configure networks for containers for which we create new network namespaces. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #700 Approved by: rhatdan
2018-04-14 06:20:25 +08:00
ConfigureNetwork: options.ConfigureNetwork,
CNIPluginPath: options.CNIPluginPath,
CNIConfigDir: options.CNIConfigDir,
Read UID/GID mapping information from containers and images Read UID/GID mapping information when creating or importing containers, and if there is mapping information, use it when building runtime configurations. Mounting sysfs in a user namespace requires that we also have our own network namespace, so default to creating one for that case. Switch permissions on files that we bind in so that they're writable from inside of the container. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #700 Approved by: rhatdan
2018-03-08 07:11:43 +08:00
IDMappingOptions: IDMappingOptions{
HostUIDMapping: len(uidmap) == 0,
HostGIDMapping: len(uidmap) == 0,
UIDMap: uidmap,
GIDMap: gidmap,
},
Run(): add options for adding and removing capabilities Add RunOptions and BuildOptions flags for modifying the list of granted capabilities from the default. Default to granting the current (as of this writing) defaults from runtime-tools, with CAP_NET_RAW removed: * CAP_AUDIT_WRITE * CAP_CHOWN * CAP_DAC_OVERRIDE * CAP_FOWNER * CAP_FSETID * CAP_KILL * CAP_MKNOD * CAP_NET_BIND_SERVICE * CAP_SETFCAP * CAP_SETGID * CAP_SETPCAP * CAP_SETUID * CAP_SYS_CHROOT Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #799 Approved by: rhatdan
2018-06-05 05:36:26 +08:00
AddCapabilities: copyStringSlice(options.AddCapabilities),
DropCapabilities: copyStringSlice(options.DropCapabilities),
CommonBuildOpts: options.CommonBuildOpts,
TopLayer: topLayer,
Fix ARGS parsing for run commands Currently we are not adding the ARGS passed in via Dockerfile or --build-args into the running container as environment variables. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #816 Approved by: umohnani8
2018-06-25 20:53:47 +08:00
Args: options.Args,
Warn about using Commands in Dockerfile that are not supported by OCI. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #957 Approved by: umohnani8
2018-08-24 00:55:16 +08:00
Format: options.Format,
Add support for Overlay volumes into the container. Overlay mounts allow buildah bud and buildah from to specify a directory on the disk that will be mounted as an overlay into the container, where the overlay can be written to but when the RUN or buildah run exits, the modified files will dissapear. The basic idea is to be able to mount cache from the disk for things like yum/dnf/apt to be able to be used and modified in the contianer on a run command, but to be kept fresh for each RUN. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1560 Approved by: giuseppe
2019-04-29 21:41:18 +08:00
TempVolumes: map[string]bool{},
Add --devices flag to bud and from Some Dockerfiles (fuse-overlay) require additional devices to be in the build environment. This patch allows the user to specify additional devices. Also I noticed that CapAdd and CapDrop was not working in buildah bud situations, so this patch also fixes this. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1820 Approved by: @TomSweeneyRedHat
2019-09-07 03:07:18 +08:00
Devices: options.Devices,
Massive refactoring Pull most of the core logic from the CLI into a package that should be easier to consume as a library. Add a "config" command that updates the builder object's configuration. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-02-11 00:48:15 +08:00
}
if options.Mount {
Allow container storage to manage the SELinux labels Also speed up container name selection by making sure the container name is not chosen before trying it out. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2018-10-20 02:49:51 +08:00
_, err = builder.Mount(container.MountLabel())
Massive refactoring Pull most of the core logic from the CLI into a package that should be easier to consume as a library. Add a "config" command that updates the builder object's configuration. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-02-11 00:48:15 +08:00
if err != nil {
Make sure we log or return every error Make sure that when attempting to diagnose an error, if we encounter an error during the diagnostic attempt, we return the original error rather than the error encountered in trying to diagnose it. Log that one. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #1072 Approved by: rhatdan
2018-10-03 22:05:46 +08:00
return nil, errors.Wrapf(err, "error mounting build container %q", builder.ContainerID)
Massive refactoring Pull most of the core logic from the CLI into a package that should be easier to consume as a library. Add a "config" command that updates the builder object's configuration. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-02-11 00:48:15 +08:00
}
}
Consolidate loading manifest and config in initConfig Both callers of initConfig contain exactly the same code to load the manifest and config; move it inside initConfig now that initConfig has the necessary types.Image available. Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #776 Approved by: rhatdan
2018-06-12 06:41:11 +08:00
if err := builder.initConfig(ctx, src); err != nil {
Do not ignore any parsing errors in initConfig Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #776 Approved by: rhatdan
2018-06-12 05:43:21 +08:00
return nil, errors.Wrapf(err, "error preparing image configuration")
}
Massive refactoring Pull most of the core logic from the CLI into a package that should be easier to consume as a library. Add a "config" command that updates the builder object's configuration. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-02-11 00:48:15 +08:00
err = builder.Save()
if err != nil {
Make sure we log or return every error Make sure that when attempting to diagnose an error, if we encounter an error during the diagnostic attempt, we return the original error rather than the error encountered in trying to diagnose it. Log that one. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #1072 Approved by: rhatdan
2018-10-03 22:05:46 +08:00
return nil, errors.Wrapf(err, "error saving builder state for container %q", builder.ContainerID)
Massive refactoring Pull most of the core logic from the CLI into a package that should be easier to consume as a library. Add a "config" command that updates the builder object's configuration. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-02-11 00:48:15 +08:00
}
return builder, nil
}