migrate Podman to containers/common/libimage

Migrate the Podman code base over to `common/libimage` which replaces `libpod/image` and a lot of glue code entirely. Note that I tried to leave bread crumbs for changed tests. Miscellaneous changes: * Some errors yield different messages which required to alter some tests. * I fixed some pre-existing issues in the code. Others were marked as `//TODO`s to prevent the PR from exploding. * The `NamesHistory` of an image is returned as is from the storage. Previously, we did some filtering which I think is undesirable. Instead we should return the data as stored in the storage. * Touched handlers use the ABI interfaces where possible. * Local image resolution: previously Podman would match "foo" on "myfoo". This behaviour has been changed and Podman will now only match on repository boundaries such that "foo" would match "my/foo" but not "myfoo". I consider the old behaviour to be a bug, at the very least an exotic corner case. * Futhermore, "foo:none" does *not* resolve to a local image "foo" without tag anymore. It's a hill I am (almost) willing to die on. * `image prune` prints the IDs of pruned images. Previously, in some cases, the names were printed instead. The API clearly states ID, so we should stick to it. * Compat endpoint image removal with _force_ deletes the entire not only the specified tag. Signed-off-by: Valentin Rothberg <[email protected]>
containers · May 5, 2021 · 0f7d54b · 0f7d54b
1 parent 8eefca5
commit 0f7d54b
Show file tree

Hide file tree

Showing 190 changed files with 8,535 additions and 7,609 deletions.
diff --git a/cmd/podman/common/createparse.go b/cmd/podman/common/createparse.go
@@ -1,7 +1,7 @@
 package common
 
 import (
-	"github.com/containers/podman/v3/pkg/util"
+	"github.com/containers/common/pkg/config"
 	"github.com/pkg/errors"
 )
 
@@ -13,7 +13,7 @@ func (c *ContainerCLIOpts) validate() error {
 		return errors.Errorf(`the --rm option conflicts with --restart, when the restartPolicy is not "" and "no"`)
 	}
 
-	if _, err := util.ValidatePullType(c.Pull); err != nil {
+	if _, err := config.ParsePullPolicy(c.Pull); err != nil {
 		return err
 	}
 

diff --git a/cmd/podman/containers/create.go b/cmd/podman/containers/create.go
@@ -8,15 +8,15 @@ import (
 	"strings"
 
 	"github.com/containers/common/pkg/config"
-	"github.com/containers/image/v5/storage"
+	storageTransport "github.com/containers/image/v5/storage"
 	"github.com/containers/image/v5/transports/alltransports"
 	"github.com/containers/podman/v3/cmd/podman/common"
 	"github.com/containers/podman/v3/cmd/podman/registry"
 	"github.com/containers/podman/v3/cmd/podman/utils"
-	"github.com/containers/podman/v3/libpod/define"
 	"github.com/containers/podman/v3/pkg/domain/entities"
 	"github.com/containers/podman/v3/pkg/specgen"
 	"github.com/containers/podman/v3/pkg/util"
+	"github.com/containers/storage"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
@@ -238,6 +238,8 @@ func createInit(c *cobra.Command) error {
 	return nil
 }
 
+// TODO: we should let the backend take care of the pull policy (which it
+// does!). The code below is at risk of causing regression and code divergence.
 func pullImage(imageName string) (string, error) {
 	pullPolicy, err := config.ValidatePullPolicy(cliVals.Pull)
 	if err != nil {
@@ -252,7 +254,7 @@ func pullImage(imageName string) (string, error) {
 		// Assume we specified a local image without the explicit storage transport.
 		fallthrough
 
-	case imageRef.Transport().Name() == storage.Transport.Name():
+	case imageRef.Transport().Name() == storageTransport.Transport.Name():
 		br, err := registry.ImageEngine().Exists(registry.GetContext(), imageName)
 		if err != nil {
 			return "", err
@@ -272,15 +274,15 @@ func pullImage(imageName string) (string, error) {
 			}
 		}
 
-		if pullPolicy != config.PullImageAlways {
+		if pullPolicy != config.PullPolicyAlways {
 			logrus.Info("--platform --arch and --os causes the pull policy to be \"always\"")
-			pullPolicy = config.PullImageAlways
+			pullPolicy = config.PullPolicyAlways
 		}
 	}
 
-	if imageMissing || pullPolicy == config.PullImageAlways {
-		if pullPolicy == config.PullImageNever {
-			return "", errors.Wrapf(define.ErrNoSuchImage, "unable to find a name and tag match for %s in repotags", imageName)
+	if imageMissing || pullPolicy == config.PullPolicyAlways {
+		if pullPolicy == config.PullPolicyNever {
+			return "", errors.Wrap(storage.ErrImageUnknown, imageName)
 		}
 		pullReport, pullErr := registry.ImageEngine().Pull(registry.GetContext(), imageName, entities.ImagePullOptions{
 			Authfile:        cliVals.Authfile,

diff --git a/cmd/podman/images/trust_set.go b/cmd/podman/images/trust_set.go
@@ -1,10 +1,12 @@
 package images
 
 import (
+	"net/url"
+	"regexp"
+
 	"github.com/containers/common/pkg/completion"
 	"github.com/containers/podman/v3/cmd/podman/common"
 	"github.com/containers/podman/v3/cmd/podman/registry"
-	"github.com/containers/podman/v3/libpod/image"
 	"github.com/containers/podman/v3/pkg/domain/entities"
 	"github.com/containers/podman/v3/pkg/util"
 	"github.com/pkg/errors"
@@ -53,7 +55,7 @@ File(s) must exist before using this command`)
 func setTrust(cmd *cobra.Command, args []string) error {
 	validTrustTypes := []string{"accept", "insecureAcceptAnything", "reject", "signedBy"}
 
-	valid, err := image.IsValidImageURI(args[0])
+	valid, err := isValidImageURI(args[0])
 	if err != nil || !valid {
 		return err
 	}
@@ -63,3 +65,23 @@ func setTrust(cmd *cobra.Command, args []string) error {
 	}
 	return registry.ImageEngine().SetTrust(registry.Context(), args, setOptions)
 }
+
+// isValidImageURI checks if image name has valid format
+func isValidImageURI(imguri string) (bool, error) {
+	uri := "http://" + imguri
+	u, err := url.Parse(uri)
+	if err != nil {
+		return false, errors.Wrapf(err, "invalid image uri: %s", imguri)
+	}
+	reg := regexp.MustCompile(`^[a-zA-Z0-9-_\.]+\/?:?[0-9]*[a-z0-9-\/:]*$`)
+	ret := reg.FindAllString(u.Host, -1)
+	if len(ret) == 0 {
+		return false, errors.Wrapf(err, "invalid image uri: %s", imguri)
+	}
+	reg = regexp.MustCompile(`^[a-z0-9-:\./]*$`)
+	ret = reg.FindAllString(u.Fragment, -1)
+	if len(ret) == 0 {
+		return false, errors.Wrapf(err, "invalid image uri: %s", imguri)
+	}
+	return true, nil
+}
diff --git a/cmd/podman/manifest/add.go b/cmd/podman/manifest/add.go
@@ -94,6 +94,8 @@ func add(cmd *cobra.Command, args []string) error {
 		return err
 	}
 
+	// FIXME: (@vrothberg) this interface confuses me a lot.  Why are they
+	// not two arguments?
 	manifestAddOpts.Images = []string{args[1], args[0]}
 
 	if manifestAddOpts.CredentialsCLI != "" {

diff --git a/docs/source/markdown/podman-build.1.md b/docs/source/markdown/podman-build.1.md
@@ -381,12 +381,6 @@ BUILDAH\_LAYERS environment variable. `export BUILDAH_LAYERS=true`
 Log output which would be sent to standard output and standard error to the
 specified file instead of to standard output and standard error.
 
-#### **\-\-loglevel**=*number*
-
-Adjust the logging level up or down.  Valid option values range from -2 to 3,
-with 3 being roughly equivalent to using the global *--debug* option, and
-values below 0 omitting even error messages which accompany fatal errors.
-
 #### **\-\-manifest** "manifest"
 
 Name of the manifest list to which the image will be added. Creates the manifest list
@@ -490,6 +484,18 @@ commands specified by the **RUN** instruction.
 Note: You can also override the default runtime by setting the BUILDAH\_RUNTIME
 environment variable.  `export BUILDAH_RUNTIME=/usr/local/bin/runc`
 
+
+#### **\-\-secret**=**id=id,src=path**
+
+Pass secret information to be used in the Containerfile for building images
+in a safe way that will not end up stored in the final image, or be seen in other stages.
+The secret will be mounted in the container at the default location of `/run/secrets/id`.
+
+To later use the secret, use the --mount flag in a `RUN` instruction within a `Containerfile`:
+
+`RUN --mount=type=secret,id=mysecret cat /run/secrets/mysecret`
+
+
 #### **\-\-security-opt**=*option*
 
 Security Options

diff --git a/go.mod b/go.mod
@@ -11,8 +11,8 @@ require (
 	github.com/container-orchestrated-devices/container-device-interface v0.0.0-20210325223243-f99e8b6c10b9
 	github.com/containernetworking/cni v0.8.1
 	github.com/containernetworking/plugins v0.9.1
-	github.com/containers/buildah v1.20.1-0.20210402144408-36a37402d0c8
-	github.com/containers/common v0.37.1
+	github.com/containers/buildah v1.20.2-0.20210504130217-903dc56408ac
+	github.com/containers/common v0.37.2-0.20210503193405-42134aa138ce
 	github.com/containers/conmon v2.0.20+incompatible
 	github.com/containers/image/v5 v5.11.1
 	github.com/containers/ocicrypt v1.1.1