If we get a storage.LayerUnknown error while committing to local
storage, guess that we tried to reuse a layer in an image that got
deleted in the brief window between when the commit logic decided that
it could reuse the layer, and when it actually tried to create the image
record.
It's tempting to try to resolve this in the image library, but at the
point where this error crops up, it may already have skipped pulling the
relevant layer blob, so the entire copy operation would have to be
restarted from the beginning anyway, and that's the retry package's job.
It's tempting to bake this into the common library's retry package, but
that would require it to "know" about containers/storage, and while in
practice most of its callers already depend on the storage library, that
may a bit much.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Add CertPath and InsecureSkipTLSVerify flags to AddAndCopyOptions, and
connect the CLI flag values passed to `buildah add` and `buildah build`
so that Builder.Add() gets those.
Add MaxRetries and RetryDelay fields to AddAndCopyOptions, and connect
them to the values passed on the command line to `buildah add` and
`buildah build`.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
We want to shrink the size of the import when importing pkg from
buildah. This should help us shrink the size of the golang bindings
in podman.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
When it was first introduced, the blob info cache's location didn't
change from the system-wide default location when we were running in
rootless mode, so we started setting its location ourselves to avoid
triggering permissions errors when updating it.
The image library has since started taking into account that it was
running in rootless mode, but its hardwired default isn't the same as
the one we were setting, so we ended up creating a second cache file.
Stop doing that.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Pass our own API values for retry delays to common's retry package when
we use it to handle retrying image pull/commit/push operations.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
unix constants do not work when vendored into libpod, because
libpod can potentially be used on non unix platforms, so
compilation blows up. Switching to syscall should fix this issue.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
If PullOptions/BuilderOptions/CommitOptions/PushOptions includes a
MaxRetries value other than 0, retry operations except for (currently)
connection-refused, authentication, and no-such-repository/no-such-tag
errors, at a default-but-configurable interval of 5 seconds.
Set the default for `buildah pull/from/commit/push` to 3 retries at 2
second intervals.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Add the --sign-by option to `buildah build-using-dockerfile`,
`buildah commit`, `buildah push`, and `buildah manifest push`. Add the
`--remove-signatures` option to `buildah pull`, `buildah push`, and
`buildah manifest push`. We just pass them to the image library, which
does all of the heavy lifting.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #2085
Approved by: rhatdan
We have moved share code from buildah, podman and others into containers/common.
Specifically for this PR we are moving to use containers/common/pkg/unshare and
containers/common/pkg/cgroups.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #2010
Approved by: QiWang19
This commit enabled the `unparam` linter and applies all reported issues.
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
Closes: #1719
Approved by: rhatdan
We don't want to vendor anything from libpod into Buildah.
We want to switch this around. Moving pkg content from libpod
to Buildah allows us to fix this.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1400
Approved by: giuseppe
Currently rootless podman attempts to write to /var/lib/containers/cache
and fails. This causes us to repeatedly push images that have already been
pushed. This cache directory should be relative to the location of containers/storage
and not always stored in the same directory.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1411
Approved by: TomSweeneyRedHat
- OCIInsecureSkipTLSVerify applies only to c/image/layout.Transport and
c/image/archive.Transport; in both, ImageTransport.DockerReference
always returns nil, which causes isReferenceSomething, and therefore
isRegistryInsecure, to always return false; i.e., this code
was never executed for those transports for which it could make a difference.
- The oci: and oci-archive: transports refer to local filesystems, so matching that
against docker/distribution hostnames does not really make sense.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1255
Approved by: rhatdan
Mostly this is a straightforward elimination of manual GetRegistries calls.
In getCopyOptions, we just remove setting the DockerInsecureSkipTLSVerify
values because the docker:// tranport now does that automatically. (This
actually changes behavior, because docker:// supports namespace prefixes
in addition to matching only by hostnames, but that's a superset of the
previous behavior.)
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1214
Approved by: rhatdan
The image library's copy routine doesn't itself consult the registries
configuration in order to decide whether or not to disable TLS
verification when communicating with a registry, so it's on us to use
the name of a source or destination image to decide whether to set the
flag for that behavior.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #1056
Approved by: rhatdan
When locating an image for pulling, inspection, or pushing, if we're
given an image name that doesn't include a domain/registry, try building
a set of candidate names using the configured registries as domains, and
then pull/inspect/push using the first of those names that works.
If a name that we're given corresponds to a prefix of the ID of a local
image, skip completion and use the ID directly instead.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #360
Approved by: rhatdan
buildah push supports manifest type conversion when pushing using the 'dir' transport
Manifest types include oci, v2s1, and v2s2
e.g buildah push --format v2s2 alpine dir:my-directory
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
Closes: #321
Approved by: rhatdan
Have 'from', 'commit', and 'build-using-dockerfile' report progress via
stderr (so that capturing output from 'from' and 'commit' still works as
expected) unless --quiet is used to suppress the reporting.
Closes#94.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #98
Approved by: rhatdan
Pull most of the core logic from the CLI into a package that should be
easier to consume as a library. Add a "config" command that updates the
builder object's configuration.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Adam Eijdenberg
Nalin Dahyabhai
Giuseppe Scrivano
Daniel J Walsh
Qi Wang
Brandon Lum
Miloslav Trmač
Sascha Grunert
Urvashi Mohnani
TomSweeneyRedHat