From 0dd14244da66978656e1c593fa6e83c2029cf075 Mon Sep 17 00:00:00 2001
From: Sonny Sasaka <sonnysasaka@gmail.com>
Date: Tue, 3 Jun 2025 14:01:47 -0700
Subject: [PATCH] [v5.4-rhel] Skip layer digests for podman system check
 --quick

podman system check --quick currently only skips layer contents, but
practically it's not much quicker than without the flag.

This changes the flag to also skip checking layer digests which speed up
the check significantly.

In some cases, it is useful to opt for a quicker check if we prioritize
detecting and fixing severe corruption and can tolerate minor damage.

The check option is derived from CRI-O's internal repair:
https://github.com/cri-o/cri-o/blob/9e4d86d82370ad44c14649f28ebdd8f94aaa28ca/internal/lib/container_server.go#L860

Fixes: https://issues.redhat.com/browse/OCPBUGS-57981

Signed-off-by: Sonny Sasaka <sonnysasaka@gmail.com>
Signed-off-by: tomsweeneyredhat <tsweeney@redhat.com>
---
 docs/source/markdown/podman-system-check.1.md |  2 ++
 libpod/runtime.go                             | 13 ++++++++++++-
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/docs/source/markdown/podman-system-check.1.md b/docs/source/markdown/podman-system-check.1.md
index 1abe83ce6c..e30a3be935 100644
--- a/docs/source/markdown/podman-system-check.1.md
+++ b/docs/source/markdown/podman-system-check.1.md
@@ -34,6 +34,8 @@ attempts to pull images, and should be treated as though they are damaged.
 Skip checks which are known to be time-consuming.  This will prevent some types
 of errors from being detected.
 
+The exact checks performed by this option are subject to change.
+
 #### **--repair**, **-r**
 
 Remove any images which are determined to have been damaged in some way, unless
diff --git a/libpod/runtime.go b/libpod/runtime.go
index fc358de026..c8742665ef 100644
--- a/libpod/runtime.go
+++ b/libpod/runtime.go
@@ -1307,7 +1307,18 @@ func (r *Runtime) PruneBuildContainers() ([]*reports.PruneReport, error) {
 func (r *Runtime) SystemCheck(ctx context.Context, options entities.SystemCheckOptions) (entities.SystemCheckReport, error) {
 	what := storage.CheckEverything()
 	if options.Quick {
-		what = storage.CheckMost()
+		// Turn off checking layer digests and layer contents to do quick check.
+		// This is not a complete check like storage.CheckEverything(), and may fail detecting
+		// whether a file is missing from the image or its content has changed.
+		// In some cases it's desirable to trade check thoroughness for speed.
+		what = &storage.CheckOptions{
+			LayerDigests:   false,
+			LayerMountable: true,
+			LayerContents:  false,
+			LayerData:      true,
+			ImageData:      true,
+			ContainerData:  true,
+		}
 	}
 	if options.UnreferencedLayerMaximumAge != nil {
 		tmp := *options.UnreferencedLayerMaximumAge