update c/common

Update containers common to the latest HEAD. Some bug fixes in libimage forced us to have a clearer separation between ordinary images and manifest lists. Hence, when looking up manifest lists without recursing into any of their instances, we need to use `LookupManifestList()`. Also account for some other changes in c/common (e.g., the changed order in the security labels). Further vendor the latest HEAD from Buildah which is required to get the bud tests to pass. Signed-off-by: Valentin Rothberg <rothberg@redhat.com> <MH: Stripped out vendor bits - just left remaining changes> Signed-off-by: Matthew Heon <mheon@redhat.com>
2025-08-06 19:44:14 +08:00 · 2021-05-18 10:05:03 +02:00
parent 0649552f2b
commit 32dd933a7e
4 changed files with 22 additions and 35 deletions
--- a/pkg/domain/infra/abi/images.go
+++ b/pkg/domain/infra/abi/images.go
@ -313,12 +313,9 @@ func (ir *ImageEngine) Push(ctx context.Context, source string, destination stri
 	// list but could not find a matching image instance in the local
 	// containers storage. In that case, fall back and attempt to push the
 	// (entire) manifest.
-	if errors.Cause(pushError) == storage.ErrImageUnknown {
-		// Image might be a manifest list so attempt a manifest push
-		_, manifestErr := ir.ManifestPush(ctx, source, destination, options)
-		if manifestErr == nil {
-			return nil
-		}
+	if _, err := ir.Libpod.LibimageRuntime().LookupManifestList(source); err == nil {
+		_, err := ir.ManifestPush(ctx, source, destination, options)
+		return err
 	}
 	return pushError
 }
--- a/pkg/domain/infra/abi/manifest.go
+++ b/pkg/domain/infra/abi/manifest.go
@ -68,29 +68,17 @@ func (ir *ImageEngine) ManifestInspect(ctx context.Context, name string) ([]byte
 	// inspect foo` wants to do a remote-inspect of foo iff "foo" in the
 	// containers storage is an ordinary image but not a manifest list.

-	lookupOptions := &libimage.LookupImageOptions{IgnorePlatform: true}
-	image, _, err := ir.Libpod.LibimageRuntime().LookupImage(name, lookupOptions)
+	manifestList, err := ir.Libpod.LibimageRuntime().LookupManifestList(name)
 	if err != nil {
-		// If the image doesn't exist, do a remote inspect.
-		if errors.Cause(err) == storage.ErrImageUnknown {
+		switch errors.Cause(err) {
+		// Do a remote inspect if there's no local image or if the
+		// local image is not a manifest list.
+		case storage.ErrImageUnknown, libimage.ErrNotAManifestList:
 			return ir.remoteManifestInspect(ctx, name)
+
+		default:
+			return nil, err
 		}
-		return nil, err
-	}
-
-	isManifestList, err := image.IsManifestList(ctx)
-	if err != nil {
-		return nil, err
-	}
-
-	// If the image isn't a manifest list, do a remote inspect.
-	if !isManifestList {
-		return ir.remoteManifestInspect(ctx, name)
-	}
-
-	manifestList, err := image.ToManifestList()
-	if err != nil {
-		return nil, err
 	}

 	schema2List, err := manifestList.Inspect()
--- a/test/buildah-bud/buildah-tests.diff
+++ b/test/buildah-bud/buildah-tests.diff
@ -1,22 +1,23 @@
-From a51192239fafdb59f26c9ddaab1ca9fcac2bb664 Mon Sep 17 00:00:00 2001
+From 90c93048c9f3bdedf39c3c5ce3216ee2518220b4 Mon Sep 17 00:00:00 2001
 From: Ed Santiago <santiago@redhat.com>
 Date: Tue, 9 Feb 2021 17:28:05 -0700
 Subject: [PATCH] tweaks for running buildah tests under podman

 Signed-off-by: Ed Santiago <santiago@redhat.com>
 ---
- tests/helpers.bash | 26 +++++++++++++++++++++++---
- 1 file changed, 23 insertions(+), 3 deletions(-)
+ tests/helpers.bash | 28 +++++++++++++++++++++++++---
+ 1 file changed, 25 insertions(+), 3 deletions(-)

 diff --git a/tests/helpers.bash b/tests/helpers.bash
-index 4dc3a7dbda13..003575f48cec 100644
+index b85f99d3..1a827cd7 100644
 --- a/tests/helpers.bash
 +++ b/tests/helpers.bash
-@@ -140,15 +140,35 @@ function run_buildah() {
+@@ -147,15 +147,37 @@ function run_buildah() {
         --retry)         retry=3;        shift;;  # retry network flakes
     esac

 +    local podman_or_buildah=${BUILDAH_BINARY}
+    local registry_opts=${BUILDAH_REGISTRY_OPTS}
 +    if [[ $1 == "bud" || $1 == "build-using-dockerfile" ]]; then
 +        shift
 +        # podman defaults to --layers=true; buildah to --false.
@ -28,6 +29,7 @@ index 4dc3a7dbda13..003575f48cec 100644
 +            set "build" "--force-rm=false" "--layers=false" "$@"
 +        fi
 +        podman_or_buildah=${PODMAN_BINARY}
+        registry_opts=${PODMAN_REGISTRY_OPTS}
 +
 +        # podman always exits 125 where buildah exits 1 or 2
 +        case $expected_rc in
@ -45,9 +47,9 @@ index 4dc3a7dbda13..003575f48cec 100644

         # stdout is only emitted upon error; this echo is to help a debugger
 -        echo "\$ $BUILDAH_BINARY $*"
-        run timeout --foreground --kill=10 $BUILDAH_TIMEOUT ${BUILDAH_BINARY} ${REGISTRY_OPTS} ${ROOTDIR_OPTS} "$@"
+-        run timeout --foreground --kill=10 $BUILDAH_TIMEOUT ${BUILDAH_BINARY} ${BUILDAH_REGISTRY_OPTS} ${ROOTDIR_OPTS} "$@"
 +        echo "\$ $cmd_basename $*"
-+        run timeout --foreground --kill=10 $BUILDAH_TIMEOUT ${podman_or_buildah} --registries-conf ${TESTSDIR}/registries.conf --root ${TESTDIR}/root --runroot ${TESTDIR}/runroot --storage-driver ${STORAGE_DRIVER} "$@"
+        run timeout --foreground --kill=10 $BUILDAH_TIMEOUT ${podman_or_buildah} ${registry_opts} ${ROOTDIR_OPTS} "$@"
         # without "quotes", multiple lines are glommed together into one
         if [ -n "$output" ]; then
             echo "$output"
--- a/test/e2e/run_security_labels_test.go
+++ b/test/e2e/run_security_labels_test.go
@ -45,7 +45,7 @@ var _ = Describe("Podman generate kube", func() {

 		ctr := inspect.InspectContainerToJSON()
 		caps := strings.Join(ctr[0].EffectiveCaps, ",")
-		Expect(caps).To(Equal("CAP_SETUID,CAP_SETGID"))
+		Expect(caps).To(Equal("CAP_SETGID,CAP_SETUID"))
 	})

 	It("podman bad security labels", func() {
@ -109,7 +109,7 @@ var _ = Describe("Podman generate kube", func() {

 		ctr := inspect.InspectContainerToJSON()
 		caps := strings.Join(ctr[0].EffectiveCaps, ",")
-		Expect(caps).To(Equal("CAP_SYS_CHROOT,CAP_SETUID"))
+		Expect(caps).To(Equal("CAP_SETUID,CAP_SYS_CHROOT"))

 	})