unbound reference filter pattern

[ciis0]

Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)

/kind bug

Description

podman images --filter reference=foo: also match afoo images and there does not seem to be a way around that.
(My manpage states reference is a RegEx, but it's actually a shell glob, otherwise ^ might have helped; but that seems to be fixed in recent versions.)

$ podman images -f reference=foo:
REPOSITORY                 TAG     IMAGE ID      CREATED             SIZE
localhost/foo              18      efd8d829d0a6  54 seconds ago      8.63 MB
localhost/afoo             5       f8b10bc19d10  About a minute ago  8.63 MB

it seems to be due to this, which sets reference filter *${reference}*:
https://github.com/containers/common/blob/32e20295f1c657cd304466a54868f60f7c8aaaa8/libimage/filters.go#L148

The reference filter was introduced for docker cli compat (#2266), but on Docker Desktop for Windows does not have this problem.

PS > docker images | findstr foo
afoo         10        6058fcb05da3   20 minutes ago   1.23MB
foo          9         551a6238d4bd   20 minutes ago   1.23MB
foo          8         663cffbe1184   20 minutes ago   1.23MB
PS > docker images -f reference=foo
REPOSITORY   TAG       IMAGE ID       CREATED          SIZE
foo          9         551a6238d4bd   20 minutes ago   1.23MB
foo          8         663cffbe1184   21 minutes ago   1.23MB

Steps to reproduce the issue:

cd $(mktemp -d)

cat >Containerfile <<EOF
FROM busybox
ADD file file
EOF

i=0

echo $((i++)) >file; podman build . -t bar:1
echo $((i++)) >file; podman build . -t bar:2
echo $((i++)) >file; podman build . -t foobar:1

podman images -f reference="bar:"

Describe the results you received:

$ podman images -f reference="bar:"
REPOSITORY        TAG     IMAGE ID      CREATED            SIZE
localhost/foobar  1       9a93cc9112ce  4 seconds ago      1.46 MB
localhost/bar     2       7440513e60e2  5 seconds ago      1.46 MB
localhost/bar     1       8465ad80924d  6 seconds ago      1.46 MB

Describe the results you expected:

$ podman images -f reference="bar:"
REPOSITORY        TAG     IMAGE ID      CREATED            SIZE
localhost/bar     2       7440513e60e2  5 seconds ago      1.46 MB
localhost/bar     1       8465ad80924d  6 seconds ago      1.46 MB

Additional information you deem important (e.g. issue happens only occasionally):

Output of podman version:

Version:      3.0.2-dev
API Version:  3.0.0
Go Version:   go1.15.13
Built:        Tue Jun  8 09:52:06 2021
OS/Arch:      linux/amd64

Output of podman info --debug:

host:                                                                                                                                                                                                                               
  arch: amd64
  buildahVersion: 1.19.8
  cgroupManager: cgroupfs
  cgroupVersion: v1
  conmon:
    package: conmon-2.0.26-3.module+el8.4.0+11311+9da8acfb.x86_64
    path: /usr/bin/conmon
    version: 'conmon version 2.0.26, commit: a35bb9ea67d5a83c7da53202f2fcd505c036d29c'
  cpus: 8
  distribution:
    distribution: '"rhel"'
    version: "8.3"
  eventLogger: file
  hostname: ansible-azure
  idMappings:
    gidmap:
    - container_id: 0
      host_id: 1004
      size: 1
    - container_id: 1
      host_id: 296608
      size: 65536
    uidmap:
    - container_id: 0
      host_id: 1003
      size: 1
    - container_id: 1
      host_id: 296608
      size: 65536
  kernel: 4.18.0-240.22.1.el8_3.x86_64
  linkmode: dynamic
  memFree: 2558521344
  memTotal: 16601964544
  ociRuntime:
    name: runc
    package: runc-1.0.0-73.rc93.module+el8.4.0+11311+9da8acfb.x86_64
    path: /usr/bin/runc
    version: |-
      runc version spec: 1.0.2-dev
      go: go1.15.13
      libseccomp: 2.4.3
  os: linux
  remoteSocket:
    path: /run/user/1003/podman/podman.sock
  security:
    apparmorEnabled: false
    capabilities: CAP_NET_RAW,CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
    rootless: true
    seccompEnabled: true
    selinuxEnabled: false
  slirp4netns:
    executable: /usr/bin/slirp4netns
    package: slirp4netns-1.1.8-1.module+el8.4.0+10607+f4da7515.x86_64
    version: |-
      slirp4netns version 1.1.8
      commit: d361001f495417b880f20329121e3aa431a8f90f
      libslirp: 4.3.1
      SLIRP_CONFIG_VERSION_MAX: 3
      libseccomp: 2.4.3
  swapFree: 0
  swapTotal: 0
  uptime: 3136h 42m 21.17s (Approximately 130.67 days)
registries:
  search:
  - registry.access.redhat.com
  - registry.redhat.io
  - docker.io
store:
  configFile: /home/cschulz/.config/containers/storage.conf
  containerStore:
    number: 0
    paused: 0
    running: 0
    stopped: 0
  graphDriverName: overlay
  graphOptions:
    overlay.mount_program:
      Executable: /usr/bin/fuse-overlayfs
      Package: fuse-overlayfs-1.4.0-2.module+el8.4.0+10607+f4da7515.x86_64
      Version: |-
        fusermount3 version: 3.2.1
        fuse-overlayfs: version 1.4
        FUSE library version 3.2.1
        using FUSE kernel interface version 7.26
  graphRoot: /home/cschulz/.local/share/containers/storage
  graphStatus:
    Backing Filesystem: xfs
    Native Overlay Diff: "false"
    Supports d_type: "true"
    Using metacopy: "false"
  imageStore:
    number: 20
  runRoot: /run/user/1003/containers
  volumePath: /home/cschulz/.local/share/containers/storage/volumes
version:
  APIVersion: 3.0.0
  Built: 1623138726
  BuiltTime: Tue Jun  8 09:52:06 2021
  GitCommit: ""
  GoVersion: go1.15.13
  OsArch: linux/amd64
  Version: 3.0.2-dev

Package info (e.g. output of rpm -q podman or apt list podman):

$ rpm -q podman
podman-3.0.1-7.module+el8.4.0+11311+9da8acfb.x86_64

Have you tested with the latest version of Podman and have you checked the Podman Troubleshooting Guide? (https://github.com/containers/podman/blob/master/troubleshooting.md)

No, but source code suggests it's still the same.

Troubleshooting does not mention reference filter.

Additional environment details (AWS, VirtualBox, physical, etc.):

RHEL virtual machine in public cloud.

[mheon]

You say " but that seems to be fixed in recent versions." - you've tested on a more recent Podman (3.4.0 ideally)? Does it resolve the issue entirely, or only the reference not being a regular expression?

If the issue is not present upstream and is only in RHEL, please close this an open a Bugzilla.

[ciis0]

the docs i mean, not the pattern itself. :)

I'll check if the bug also is there when building from source.

[criztovyl]

It's reproducible on main branch on Fedora 34.

$ podman --version
Version:      4.0.0-dev
API Version:  4.0.0-dev
Go Version:   go1.podm16.8
Git Commit:   391b73a1956e3b3ea9c06c484c08e1dcfa02b22c
Built:        Sat Aug  4 02:00:00 2018
OS/Arch:      linux/amd64

Not sure where the Git Commit info comes from, but my repo is at ea86893

$ pwd
/home/christoph/podman
$ git show
commit ea868933e8c014ac52192f397f5dc1c3e8ee375a (HEAD -> main, origin/main, origin/HEAD)
Merge: 60c711f78 90b5318b8
Author: OpenShift Merge Robot <[email protected]>
Date:   Sun Oct 10 15:04:29 2021 +0200pwd

    Merge pull request #11904 from siretart/patch-2
    
    [CI:DOCS] oci-hooks.5.md: fixup section in heade

[ciis0]

workaround: podman images --format "{{ .Repository }} {{ .Id }}" | grep "^localhost/bar " | cut -d" " -f2

[github-actions]

A friendly reminder that this issue had no activity for 30 days.

[rhatdan]

This seems to be a factor in Docker hard coding the registry docker.io into the tool.

# docker images
REPOSITORY                              TAG       IMAGE ID       CREATED        SIZE
registry.access.redhat.com/ubi8-micro   latest    c8efdc89ddd2   7 days ago     36.5MB
syncthing/syncthing                     1.18.4    aa10c0945a16   7 days ago     30.5MB
aalpine                                 latest    14119a10abf4   2 months ago   5.59MB
alpine                                  latest    14119a10abf4   2 months ago   5.59MB
# docker images -f reference=alpine
REPOSITORY   TAG       IMAGE ID       CREATED        SIZE
alpine       latest    14119a10abf4   2 months ago   5.59MB
# docker images -f reference=ubi8-micro
REPOSITORY   TAG       IMAGE ID   CREATED   SIZE

Now Podman could do something similar and walk through the registries and grab images that match or just look for images that end with a '/' and only match on the final image name.

Docker only matches on the full image name.

# docker images -f reference=registry.access.redhat.com/ubi8-micro
REPOSITORY                              TAG       IMAGE ID       CREATED      SIZE
registry.access.redhat.com/ubi8-micro   latest    c8efdc89ddd2   7 days ago   36.5MB

[rhatdan]

If I manually add the glob, it works.

docker images -f reference=registry.access.redhat.com/ubi8*
REPOSITORY                              TAG       IMAGE ID       CREATED      SIZE
registry.access.redhat.com/ubi8-micro   latest    c8efdc89ddd2   7 days ago   36.5MB

But only at the end.

sh-5.1# docker images -f reference=*ubi8*
REPOSITORY   TAG       IMAGE ID   CREATED   SIZE