The storage library can return its errors wrapped in additional context,
so to do a direct comparison we need to dig down to the root cause.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
If $BUILD_REGISTRY_SOURCES is set, expect it to be a valid
github.com/openshift/api/config/v1.Image, and parse its
AllowedRegistries and BlockedRegistries lists when, pulling, committing,
or pushing images.
Override the local signature policy when committing or pushing an image
to ensure that local storage is always allowed.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #1787
Approved by: rhatdan
This commit enabled the `unparam` linter and applies all reported issues.
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
Closes: #1719
Approved by: rhatdan
Avoid calling fmt.Printf() to print things in library logic, which can't
be controlled or suppressed by callers. Prefer returning values and
printing them in our CLI wrapper, as callers would.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #1596
Approved by: rhatdan
Ignore the global signature policy, which is used to control whether or
not we can trust an image, when we're attempting to commit an image from
a container, or pushing an image.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #1579
Approved by: rhatdan
When building an image with multiple layers, go back to committing
images for instructions for which we previously wouldn't bother
committing an image, but create them without adding a new layer.
This violates some assumptions that we currently make elsewhere, as it's
possible for an image that's derived from a base image to add no layers
relative to the base image, when previously it was always the case that
we'd add at least one whenever we committed it.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #1539
Approved by: rhatdan
We don't read the contents of the OnBuild field in CommitOptions, so
drop it from the structure definition.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #1539
Approved by: rhatdan
Instead of passing in an increasing number of the fields of
CommitOptions to makeImageRef(), just pass the whole thing.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #1539
Approved by: rhatdan
Always set a parent ID when we go to commit an image, whether it's as
part of build-using-dockerfile or our "commit" CLI. Coerce the parent
image's ID directly into the value that we use instead of digesting it
again.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #1538
Approved by: vrothberg
Make the name of the image to create an optional parameter. If none is
specified, use a temporary mostly-random name that can't be interpreted
as an ID, so that the image copying logic will compute the correct ID to
assign to the new image, and remove the temporary name before returning.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #1486
Approved by: rhatdan
The Builder object already keeps a pointer to the Store that holds its
container, so a second value that could be different is just confusing.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #1444
Approved by: TomSweeneyRedHat
should omit type ... from declaration of var ...; it will be
inferred from the right-hand side
Signed-off-by: Douglas Schilling Landgraf <dougsland@redhat.com>
Closes: #1426
Approved by: nalind
Miloslav had some good comments on a previous commit.
https://github.com/containers/buildah/pull/1411
These changes address his issues by removing them.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1412
Approved by: mtrmac
Currently rootless podman attempts to write to /var/lib/containers/cache
and fails. This causes us to repeatedly push images that have already been
pushed. This cache directory should be relative to the location of containers/storage
and not always stored in the same directory.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1411
Approved by: TomSweeneyRedHat
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Add Quiet to the PullOptions and PushOptions structures.
If set to true output will be in 'quiet' mode. This
will primarily be used by callers such as OpenShift.
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Closes: #1302
Approved by: rhatdan
By default, a field called "createdAt" is written into the image manifest.
However, even if my image build process is perfectly deterministic, the image
sha256 hash will be different every time, even if my sources are exactly the
same. In many cases it is desirable that the same input results in the exactly
same output.
This commit introduces the flag --omit-timestamp to the commit command. If set to
true, the timestamp is set to epoch 0, instead of the current timestamp (which
causes different results every time commit is invoked).
Signed-off-by: Johannes Brüderl <johannes.bruederl@gmail.com>
Closes: #1294
Approved by: nalind
Add API hooks for designating locations to be used as blob caches when
pulling and pushing images. When we commit read-only copies of
container layers for use in images, if we're using blob caching, store a
copy of the layer in the blob cache directory so that it can be found.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #1149
Approved by: rhatdan
Add a --disable-compression flag to the 'build-using-dockerfile'
command, and set OCIAcceptUncompressedLayers and DirForceCompress in the
SystemContext during Commit() and Push() based on whether or not the
flag is set.
For other transports, we still end up going with the receiver's
preference, so update the man page to mention that this controls a
default.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #1149
Approved by: rhatdan
Copying an image now returns the manifest of the written image. Return
the digest of that manifest, and a canonical reference, from our Commit
and Push APIs.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #1097
Approved by: rhatdan
Make sure that when attempting to diagnose an error, if we encounter an
error during the diagnostic attempt, we return the original error rather
than the error encountered in trying to diagnose it. Log that one.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #1072
Approved by: rhatdan
Check if reading and writing from the registry named by an image is
allowed when the transport is "docker".
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #1056
Approved by: rhatdan
The image library's copy routine doesn't itself consult the registries
configuration in order to decide whether or not to disable TLS
verification when communicating with a registry, so it's on us to use
the name of a source or destination image to decide whether to set the
flag for that behavior.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #1056
Approved by: rhatdan
Recognize cases when we're committing to local storage, but in a
location other than where the working container is, by checking if the
base image (by ID, in case it's tagged and the tag points to a different
image with different layers) is present in the destination's store.
In those cases, we can't just assume that we can skip exporting the base
image's layers.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Add an --annotation flag to "buildah build-using-dockerfile".
Refactor the logic for --label handling to use SetLabel() to set them in
the image configuration in Executor.Commit(), instead of passing them as
a field in CommitOptions for Builder.Commit() and expecting it to do so.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #716
Approved by: rhatdan
Handle a Squash option when committing images, and make it available as
a flag for "buildah commit" and "buildah build-using-dockerfile".
Breaks up containerImageRef.NewImageSource to keep the complexity more
manageable.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #714
Approved by: rhatdan
We want to be able to add labels when building a container image.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #698
Approved by: umohnani8
Buildah is being used as a library in Podman, and as such should
avoid printing directly to standard streams. Instead, return an
image ID which can be printed by the caller (if desired)
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #647
Approved by: rhatdan
Extend util.ResolveName() to prepend "localhost" to the list of
registries, and teach util.FindImage(), util.ExpandNames(), and
util.AddImageNames() to use util.ResolveName().
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #648
Approved by: rhatdan
Add support for an --iidfile which specifies the file to write the
image id, when committing a new image.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #636
Approved by: TomSweeneyRedHat
Changes to paramters in functions.
Change to the error returned by the oci and oci-archive transport.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #578
Approved by: rhatdan
Remove shallowCopy(), which shouldn't be saving us time any more since
containers/image's storage transport's HasBlob() implementation was last
updated.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #508
Approved by: rhatdan
Avoid reading the container's layer a second time in shallowCopy (after
the first time it's read, in NewImageSource()).
Our second copy of the diff isn't going to match the first one if it's
of any serious size, because when NaiveDiff is used to generate the
diff, whiteout entries have their times set to "now", rather than a
fixed value, which causes both the uncompressed and compressed digests
to differ from what NewImageSource() records in the manifest.
Instead, use the generic manifest-reading API that the image library
now provides to read the layer info list and the config blob info, and
use their values to PutBlob() them to the destination image.
We can probably drop shallowCopy() completely, since the newer version
of the image library has a more reliable HasBlob(), which should save us
the time that shallowCopy() was originally meant to save, but we should
probably consider the use of compression for this code path as part of
that, too.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #506
Approved by: rhatdan
When locating an image for pulling, inspection, or pushing, if we're
given an image name that doesn't include a domain/registry, try building
a set of candidate names using the configured registries as domains, and
then pull/inspect/push using the first of those names that works.
If a name that we're given corresponds to a prefix of the ID of a local
image, skip completion and use the ID directly instead.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #360
Approved by: rhatdan
Update shallowCopy() to work with the newer version of image.
Remove things from Push() that we don't need to do any more.
Preserve digests in image names, make sure we update creation times, and
add a test to ensure that we can pull, commit, and push using such names
as sources.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #187
Approved by: rhatdan
buildah push supports manifest type conversion when pushing using the 'dir' transport
Manifest types include oci, v2s1, and v2s2
e.g buildah push --format v2s2 alpine dir:my-directory
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
Closes: #321
Approved by: rhatdan
Whenever we create a containers/image/signature.PolicyContext, make sure
we don't forget to destroy it.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #231
Approved by: rhatdan
