From b06d4a1c72b207d11fa959b49bd96c8c9befdd45 Mon Sep 17 00:00:00 2001 From: Valentin Rothberg Date: Mon, 20 Dec 2021 14:06:49 +0100 Subject: [PATCH 1/2] pull: fix pulling from dir transport Path-based transports may contain characters that are invalid for a reference. In such cases, we should pessimistically generate an ID and not attempt to look at the (possibly path-based) string within the transport. This fixes an error when running `podman run dir:/tmp/CapitalChar` and will prevent the same issue for the upcoming SIF transport. Extend the tests to make sure we're not going to regress in the future. Signed-off-by: Valentin Rothberg --- libimage/pull.go | 10 ++++++++-- libimage/pull_test.go | 3 +++ ...948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef | Bin 0 -> 1024 bytes ...3c67dcf4cdbd69f9224c74e961c53b589b70499eac443 | 1 + .../testdata/scratch-dir-5pec!@L/manifest.json | 1 + libimage/testdata/scratch-dir-5pec!@L/version | 1 + 6 files changed, 14 insertions(+), 2 deletions(-) create mode 100644 libimage/testdata/scratch-dir-5pec!@L/5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef create mode 100644 libimage/testdata/scratch-dir-5pec!@L/61e17f84d763cc086d43c67dcf4cdbd69f9224c74e961c53b589b70499eac443 create mode 100644 libimage/testdata/scratch-dir-5pec!@L/manifest.json create mode 100644 libimage/testdata/scratch-dir-5pec!@L/version diff --git a/libimage/pull.go b/libimage/pull.go index e9ba5293c..84ce107ee 100644 --- a/libimage/pull.go +++ b/libimage/pull.go @@ -243,8 +243,14 @@ func (r *Runtime) copyFromDefault(ctx context.Context, ref types.ImageReference, imageName = named.String() default: - storageName = toLocalImageName(ref.StringWithinTransport()) - imageName = storageName + // Path-based transports (e.g., dir) may include invalid + // characters, so we should pessimistically generate an ID + // instead of looking at the StringWithinTransport(). + storageName, err = getImageID(ctx, ref, nil) + if err != nil { + return nil, err + } + imageName = "sha256:" + storageName[1:] } // Create a storage reference. diff --git a/libimage/pull_test.go b/libimage/pull_test.go index 1aebd35f4..6bd6137b2 100644 --- a/libimage/pull_test.go +++ b/libimage/pull_test.go @@ -51,6 +51,9 @@ func TestPull(t *testing.T) { {"docker://docker.io/library/alpine", false, 1, []string{"docker.io/library/alpine:latest"}}, {"quay.io/libpod/alpine@sha256:634a8f35b5f16dcf4aaa0822adc0b1964bb786fca12f6831de8ddc45e5986a00", false, 1, []string{"quay.io/libpod/alpine@sha256:634a8f35b5f16dcf4aaa0822adc0b1964bb786fca12f6831de8ddc45e5986a00"}}, {"quay.io/libpod/alpine:pleaseignorethistag@sha256:634a8f35b5f16dcf4aaa0822adc0b1964bb786fca12f6831de8ddc45e5986a00", false, 1, []string{"quay.io/libpod/alpine@sha256:634a8f35b5f16dcf4aaa0822adc0b1964bb786fca12f6831de8ddc45e5986a00"}}, + + // DIR + {"dir:testdata/scratch-dir-5pec!@L", false, 1, []string{"61e17f84d763cc086d43c67dcf4cdbd69f9224c74e961c53b589b70499eac443"}}, } { pulledImages, err := runtime.Pull(ctx, test.input, config.PullPolicyAlways, pullOptions) if test.expectError { diff --git a/libimage/testdata/scratch-dir-5pec!@L/5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef b/libimage/testdata/scratch-dir-5pec!@L/5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef new file mode 100644 index 0000000000000000000000000000000000000000..06d7405020018ddf3cacee90fd4af10487da3d20 GIT binary patch literal 1024 ScmZQz7zLvtFd70QH3R?z00031 literal 0 HcmV?d00001 diff --git a/libimage/testdata/scratch-dir-5pec!@L/61e17f84d763cc086d43c67dcf4cdbd69f9224c74e961c53b589b70499eac443 b/libimage/testdata/scratch-dir-5pec!@L/61e17f84d763cc086d43c67dcf4cdbd69f9224c74e961c53b589b70499eac443 new file mode 100644 index 000000000..0f29a3146 --- /dev/null +++ b/libimage/testdata/scratch-dir-5pec!@L/61e17f84d763cc086d43c67dcf4cdbd69f9224c74e961c53b589b70499eac443 @@ -0,0 +1 @@ +{"created":"2021-12-20T13:03:01.601633431Z","architecture":"amd64","os":"linux","config":{"Env":["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"],"Labels":{"io.buildah.version":"1.23.1"}},"rootfs":{"type":"layers","diff_ids":["sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef"]},"history":[{"created":"2021-12-20T13:03:01.602339865Z","created_by":"/bin/sh"}]} \ No newline at end of file diff --git a/libimage/testdata/scratch-dir-5pec!@L/manifest.json b/libimage/testdata/scratch-dir-5pec!@L/manifest.json new file mode 100644 index 000000000..00e9e0d37 --- /dev/null +++ b/libimage/testdata/scratch-dir-5pec!@L/manifest.json @@ -0,0 +1 @@ +{"schemaVersion":2,"config":{"mediaType":"application/vnd.oci.image.config.v1+json","digest":"sha256:61e17f84d763cc086d43c67dcf4cdbd69f9224c74e961c53b589b70499eac443","size":402},"layers":[{"mediaType":"application/vnd.oci.image.layer.v1.tar","digest":"sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef","size":1024}],"annotations":{"org.opencontainers.image.base.digest":"","org.opencontainers.image.base.name":""}} \ No newline at end of file diff --git a/libimage/testdata/scratch-dir-5pec!@L/version b/libimage/testdata/scratch-dir-5pec!@L/version new file mode 100644 index 000000000..75a4f5701 --- /dev/null +++ b/libimage/testdata/scratch-dir-5pec!@L/version @@ -0,0 +1 @@ +Directory Transport Version: 1.1 From 134e83ff55ce83a37756ef473bf083b65e2c2c3c Mon Sep 17 00:00:00 2001 From: Valentin Rothberg Date: Mon, 10 Jan 2022 14:24:12 +0100 Subject: [PATCH 2/2] libimage filters: allow duplicates with the same value Podman CI wants that for pruning. The pruning code unconditionally sets the dangling filter since that's crucial for pruning. Also fix a typo in the error message: `s/more then/more than/` Signed-off-by: Valentin Rothberg --- libimage/filters.go | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/libimage/filters.go b/libimage/filters.go index bc4e85165..063f07149 100644 --- a/libimage/filters.go +++ b/libimage/filters.go @@ -91,7 +91,7 @@ func (r *Runtime) compileImageFilters(ctx context.Context, options *ListImagesOp } filters := map[string][]filterFunc{} - duplicate := map[string]bool{} + duplicate := map[string]string{} for _, f := range options.Filters { var key, value string var filter filterFunc @@ -167,7 +167,6 @@ func (r *Runtime) compileImageFilters(ctx context.Context, options *ListImagesOp if err != nil { return nil, err } - duplicate[key] = true filter = filterManifest(ctx, manifest) case "reference": @@ -189,11 +188,11 @@ func (r *Runtime) compileImageFilters(ctx context.Context, options *ListImagesOp return filters, nil } -func (r *Runtime) containers(duplicate map[string]bool, key, value string, externalFunc IsExternalContainerFunc) error { - if duplicate[key] { - return errors.Errorf("specifying %q filter more then once is not supported", key) +func (r *Runtime) containers(duplicate map[string]string, key, value string, externalFunc IsExternalContainerFunc) error { + if exists, ok := duplicate[key]; ok && exists != value { + return errors.Errorf("specifying %q filter more than once with different values is not supported", key) } - duplicate[key] = true + duplicate[key] = value switch value { case "false", "true": case "external": @@ -227,11 +226,11 @@ func (r *Runtime) time(key, value string) (*Image, error) { return img, nil } -func (r *Runtime) bool(duplicate map[string]bool, key, value string) (bool, error) { - if duplicate[key] { - return false, errors.Errorf("specifying %q filter more then once is not supported", key) +func (r *Runtime) bool(duplicate map[string]string, key, value string) (bool, error) { + if exists, ok := duplicate[key]; ok && exists != value { + return false, errors.Errorf("specifying %q filter more than once with different values is not supported", key) } - duplicate[key] = true + duplicate[key] = value set, err := strconv.ParseBool(value) if err != nil { return false, errors.Wrapf(err, "non-boolean value %q for %s filter", key, value)