-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Move to containers/image v5, support manifest lists #4310
Move to containers/image v5, support manifest lists #4310
Conversation
e2fdd6c
to
e324fb6
Compare
Do you foresee issues with containers and/or images on the system that were created before these changes go into play? i.e. will each pre-existing containers and images need to be migrated/updated? |
81ce933
to
30014f3
Compare
No, the contents on disk stay the same when we pull an image down using a tag or a digest that doesn't point to a list. For such images, the only visible differences should be in the |
23e1c4e
to
7cd5e67
Compare
4d36fe4
to
b5ab257
Compare
Move to containers/image v5 and containers/buildah to v1.11.4. Replace an equality check with a type assertion when checking for a docker.ErrUnauthorizedForCredentials in `podman login`. Signed-off-by: Nalin Dahyabhai <[email protected]>
Test that when we pull using tag or digest references from locations that are manifest lists, that we can inspect using the references that we used for pulling, that the tags show up in the RepoTag list when we inspect an image that was pulled using a tag, and that the list and instance digests always both show up in the RepoDigest list. Signed-off-by: Nalin Dahyabhai <[email protected]>
When an image can be opened as an ImageSource but not an Image, handle the case where it's an image list all by itself, the case where it's an image for a different architecture/OS combination, or the case where it's both. Signed-off-by: Nalin Dahyabhai <[email protected]>
Add --override-arch and --override-os as hidden flags, in line with the global flag names that skopeo uses, so that we can test behavior around manifest lists without having to conditionalize more of it by arch. Signed-off-by: Nalin Dahyabhai <[email protected]>
Be prepared to report multiple image digests for images which contain multiple manifests but, because they continue to have the same set of layers and the same configuration, are considered to be the same image. Signed-off-by: Nalin Dahyabhai <[email protected]>
Generate an image's RepoDigests list using all applicable digests, and refrain from outputting a digest in the tag column of the "images" output. Signed-off-by: Nalin Dahyabhai <[email protected]>
b5ab257
to
4e19376
Compare
Currently podman play kube is not using the system default seccomp.json file. This PR will use the default or override location for podman play. Signed-off-by: Daniel J Walsh <[email protected]>
4e19376
to
66c126d
Compare
/lgtm |
/hold cancel |
Since containers/storage#283, the storage library's Image type has been able to track multiple digests for an image in storage, so we should support that, as proposed changes in containers/image#400 will start storing manifest lists alongside runnable images. This also extends the exported API and inspection types to provide that information.
When we encounter an image in local storage that we can read as an image library
ImageSource
but not as anImage
, we should handle it gracefully, since it might be an image list with no corresponding runnable image, as containers/buildah#1902 will start creating.Add some tests to exercise pulling using tags that point to manifest lists, using digests of manifest lists, and digests of images that aren't manifest lists, that we're able to successfully inspect the result, and that when we create an image using the result of one of the pulls, that we get back the name we specified when creating the image. The tests require
--override-os
and--override-arch
flags topull
, which we add but leave hidden, for now at least.