Typically, use %q instead of %s (or instead of "%s"), to expose
various control characters and the like without interpreting them.
This is not really comprehensive; the codebase makes no _general_
guarantee that any returned string values are free of control
characters or other malicious/misleading metadata. Not even
in returned "error" values (which can legitimately contain newlines,
if nothing else).
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
- Separate the code imports from transport-registration imports
- Improve the comment about updating documentation
- Add a missing comment about docker-daemon
- Sort transports, and transport comments alphabetically.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
This means we won't save the stack, which is cheaper
(and possibly might break callers' format strings that
want to print the stack, but we never promised the stack
to be available).
Use either fmt.Errorf, or errors.New (usually as a local
edit, not carring about errors.new vs. pkg/errors.New;
that's going to be cleaned up later).
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
It probabaly doesn't _work_ right now, at least macOS is
missing a working fakeroot. We do intend to avoid the use of
fakeroot eventually.
(Adventurous experimenting developers might provide a no-op
"fakeroot" script on most platforms.)
Also, having the code compile on macOS significantly helps
development.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Go 1.17 introduces a much more reasonable build constraint format,
and gofmt now fails without using it.
Sadly we still need the old format _as well_, to support <1.17 builds.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
... so that major-version-aware Go module import
(as opposed to vX.Y.Z+incompatible, which does not allow different
packages to use different versions) works right.
Also requires adding some more GO111MODULE=on options to Makefile.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Catching up with be91505 (docs: rename manpages to *.5.md, 2019-03-01, #594).
Generated with:
$ sed -i 's/policy.json.md/containers-policy.json.5.md/g' $(git grep -l policy.json.md)
Looking to carry this over the finish line for Wking.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Since only Skopeo uses the OStree transport for fetching images from
OStree repositories, making default no support for OStree. It
simplifies building on other components like libpod and buildah.
Signed-off-by: Silvano Cirujano Cuesta <silvano.cirujano-cuesta@siemens.com>
This change adds a new alltransports.TransportFromImageName procedure
to get the transport's name of an image without parsing the store
reference.
Signed-off-by: Tristan Cacqueray <tdecacqu@redhat.com>
Make the docker-daemon transport something that can be stubbed out by
supplying the "containers_image_docker_daemon_stub" build tag.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Add a "tarball" transport which can be used to import tarballs of root
filesystem as images by treating each tarball as a single layer,
supplying a default OCI configuration (or one passed to the image from
which the ImageSource or Image was initialized), and generating an OCI
manifest to describe it all.
A tarball named "-" is buffered in memory using the contents of stdin.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Fix oci to save the full image name "image:tag" instead of just the tag in index.json.
Add function to retrieve the image name from index.json when loading or pulling image from oci directory.
Signed-off-by: umohnani8 <umohnani@redhat.com>
We don't want transports/ListNames to return deprecated
transports, since we don't want to present them to the
users.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
If this tag is defined, transports/alltransports registers a stub
instead of the real package.
Also updates README, adding the ostree-devel dependency to the dnf
command and restructuring it to have a list of build tags.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
This is useful primarily so that we can use build tags to remove transports
from transports/alltransports, while giving users more hints about what
to do instead of a bland “unknown transport”.
Tests can also use this instead of their own mocks.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
This interface can be used by callers in their Usage statements, to
guide users to all potential transports.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
This archive allows you to export a docker-load-friendly archive without
needing a Docker daemon to facilitate the exporting. Effectively this is
just an on-disk version of the docker-daemon transport (they both use
docker/tarfile).
Signed-off-by: Aleksa Sarai <asarai@suse.de>
Add containers/storage as a backend type called 'storage'.
The image's blobs are stored either as storage layers (if they look like
archived layers) or (alongside the manifest and signatures) as named big
data items associated with the image.
Inspection data and record-keeping (so that we can remember which blobs
were layers and which weren't) are encoded as a JSON object which is
stored in the storage image's metadata field.
When importing blobs, layer IDs are generated by concatenating the
parent's layer ID (if there is one) with the hex string representation
of the expected digest of the content blob, if one is known. If there
is no expected digest, the ID is randomly generated.
If we find ourselves importing a layer with the same ID as a layer that
we already have, we digest the incoming stream and compare it to the
cached digest of the already-present layer, and return an error only if
they don't match. If an expected blob digest is provided, the actual
digest of the blob is compared with it, and if they don't match, an
error is returned.
If we find ourselves importing a blob more than once, we track the IDs
of each of the resulting layers.
If we find ourselves importing an image that wants to be tagged with a
name that is already in use, the name is then assigned to the new image
and the old image remains otherwise unmodified. If that incoming image
claims to have the same ID as an image which we already have, the import
will fail.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Allow either a !NameOnly named reference, or a sha256:hex digest. Both
forms can be used for an ImageSource; ImageDestination accepts only a
name:tag value.
Because the sha256:hex reference values make it impossible to create
a reasonable policy hierarchy, only support a trivial namespace with
a single per-transport policy.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
This package maintains the list of all known transports, and provides
helpers to convert between strings and types.ImageReference ; this
should be the primary entrypoint for callers who want to just provide an
UI without dealing with the underlying ImageReference structures or
specific transports.
This makes the skopeo/cmd/skopeo/utils.go transport:transport-specific
string format a containers/image -defined feature.
This would fit nicely into containers/image/image, but the individual
transports depend on that package for creating a types.Image instance,
so we would have a circular dependency. And containers/image/signature
will need to depend on the list of transports maintained by this, so
maintaining it at the top containers/image level would be a bad fit as
well.
So, sadly, another small subpackage.
Though perhaps it should be called /reference instead of /transports?
Either way, one half of the API will feel a bit off.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
