vendor containers/common@main

Pull in fixes for local image lookups. Fixes: #10835 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
2025-09-23 13:13:42 +08:00 · 2021-07-02 11:37:41 +02:00
parent 955c1d2bfe
commit 7eb9ed9758
90 changed files with 5909 additions and 1795 deletions
--- a/vendor/github.com/containers/common/libimage/filters.go
+++ b/vendor/github.com/containers/common/libimage/filters.go
@ -63,14 +63,14 @@ func (r *Runtime) compileImageFilters(ctx context.Context, filters []string) ([]
 		switch key {

 		case "after", "since":
-			img, _, err := r.LookupImage(value, nil)
+			img, _, err := r.LookupImage(value, &LookupImageOptions{IgnorePlatform: true})
 			if err != nil {
 				return nil, errors.Wrapf(err, "could not find local image for filter %q", filter)
 			}
 			filterFuncs = append(filterFuncs, filterAfter(img.Created()))

 		case "before":
-			img, _, err := r.LookupImage(value, nil)
+			img, _, err := r.LookupImage(value, &LookupImageOptions{IgnorePlatform: true})
 			if err != nil {
 				return nil, errors.Wrapf(err, "could not find local image for filter %q", filter)
 			}
--- a/vendor/github.com/containers/common/libimage/pull.go
+++ b/vendor/github.com/containers/common/libimage/pull.go
@ -61,7 +61,7 @@ func (r *Runtime) Pull(ctx context.Context, name string, pullPolicy config.PullP
 			if pullPolicy == config.PullPolicyAlways {
 				return nil, errors.Errorf("pull policy is always but image has been referred to by ID (%s)", name)
 			}
-			local, _, err := r.LookupImage(name, nil)
+			local, _, err := r.LookupImage(name, &LookupImageOptions{IgnorePlatform: true})
 			if err != nil {
 				return nil, err
 			}
@ -145,9 +145,8 @@ func (r *Runtime) Pull(ctx context.Context, name string, pullPolicy config.PullP
 	}

 	localImages := []*Image{}
-	lookupOptions := &LookupImageOptions{IgnorePlatform: true}
 	for _, name := range pulledImages {
-		local, _, err := r.LookupImage(name, lookupOptions)
+		local, _, err := r.LookupImage(name, &LookupImageOptions{IgnorePlatform: true})
 		if err != nil {
 			return nil, errors.Wrapf(err, "error locating pulled image %q name in containers storage", name)
 		}
--- a/vendor/github.com/containers/common/libimage/save.go
+++ b/vendor/github.com/containers/common/libimage/save.go
@ -74,7 +74,7 @@ func (r *Runtime) Save(ctx context.Context, names []string, format, path string,
 // saveSingleImage saves the specified image name to the specified path.
 // Supported formats are "oci-archive", "oci-dir" and "docker-dir".
 func (r *Runtime) saveSingleImage(ctx context.Context, name, format, path string, options *SaveOptions) error {
-	image, imageName, err := r.LookupImage(name, nil)
+	image, imageName, err := r.LookupImage(name, &LookupImageOptions{IgnorePlatform: true})
 	if err != nil {
 		return err
 	}
@ -155,7 +155,7 @@ func (r *Runtime) saveDockerArchive(ctx context.Context, names []string, path st
 	visitedNames := make(map[string]bool)       // filters duplicate names
 	for _, name := range names {
 		// Look up local images.
-		image, imageName, err := r.LookupImage(name, nil)
+		image, imageName, err := r.LookupImage(name, &LookupImageOptions{IgnorePlatform: true})
 		if err != nil {
 			return err
 		}
--- a/vendor/github.com/containers/common/pkg/config/config.go
+++ b/vendor/github.com/containers/common/pkg/config/config.go
@ -526,9 +526,15 @@ func NewConfig(userConfigPath string) (*Config, error) {
 // the defaults from the config parameter will be used for all other fields.
 func readConfigFromFile(path string, config *Config) error {
 	logrus.Tracef("Reading configuration file %q", path)
-	if _, err := toml.DecodeFile(path, config); err != nil {
+	meta, err := toml.DecodeFile(path, config)
+	if err != nil {
 		return errors.Wrapf(err, "decode configuration %v", path)
 	}
+	keys := meta.Undecoded()
+	if len(keys) > 0 {
+		logrus.Warningf("Failed to decode the keys %q from %q.", keys, path)
+	}
+
 	return nil
 }

--- a/vendor/github.com/containers/common/pkg/secrets/secrets.go
+++ b/vendor/github.com/containers/common/pkg/secrets/secrets.go
@ -9,6 +9,7 @@ import (

 	"github.com/containers/common/pkg/secrets/filedriver"
 	"github.com/containers/common/pkg/secrets/passdriver"
+	"github.com/containers/common/pkg/secrets/shelldriver"
 	"github.com/containers/storage/pkg/lockfile"
 	"github.com/containers/storage/pkg/stringid"
 	"github.com/pkg/errors"
@ -281,6 +282,8 @@ func getDriver(name string, opts map[string]string) (SecretsDriver, error) {
 		}
 	case "pass":
 		return passdriver.NewDriver(opts)
+	case "shell":
+		return shelldriver.NewDriver(opts)
 	}
 	return nil, errInvalidDriver
 }
--- a/vendor/github.com/containers/common/pkg/secrets/shelldriver/shelldriver.go
+++ b/vendor/github.com/containers/common/pkg/secrets/shelldriver/shelldriver.go
@ -0,0 +1,159 @@
+package shelldriver
+
+import (
+	"bytes"
+	"context"
+	"os"
+	"os/exec"
+	"sort"
+	"strings"
+
+	"github.com/mitchellh/mapstructure"
+	"github.com/pkg/errors"
+)
+
+var (
+
+	// errMissingConfig indicates that one or more of the external actions are not configured
+	errMissingConfig = errors.New("missing config value")
+
+	// errNoSecretData indicates that there is not data associated with an id
+	errNoSecretData = errors.New("no secret data with ID")
+
+	// errInvalidKey indicates that something about your key is wrong
+	errInvalidKey = errors.New("invalid key")
+)
+
+type driverConfig struct {
+	// DeleteCommand contains a shell command that deletes a secret.
+	// The secret id is provided as environment variable SECRET_ID
+	DeleteCommand string `mapstructure:"delete"`
+	// ListCommand contains a shell command that lists all secrets.
+	// The output is expected to be one id per line
+	ListCommand string `mapstructure:"list"`
+	// LookupCommand contains a shell command that retrieves a secret.
+	// The secret id is provided as environment variable SECRET_ID
+	LookupCommand string `mapstructure:"lookup"`
+	// StoreCommand contains a shell command that stores a secret.
+	// The secret id is provided as environment variable SECRET_ID
+	// The secret value itself is provied over stdin
+	StoreCommand string `mapstructure:"store"`
+}
+
+func (cfg *driverConfig) ParseOpts(opts map[string]string) error {
+	if err := mapstructure.Decode(opts, cfg); err != nil {
+		return err
+	}
+	if cfg.DeleteCommand == "" ||
+		cfg.ListCommand == "" ||
+		cfg.LookupCommand == "" ||
+		cfg.StoreCommand == "" {
+
+		return errMissingConfig
+	}
+	return nil
+}
+
+// Driver is the passdriver object
+type Driver struct {
+	driverConfig
+}
+
+// NewDriver creates a new secret driver.
+func NewDriver(opts map[string]string) (*Driver, error) {
+	cfg := &driverConfig{}
+	if err := cfg.ParseOpts(opts); err != nil {
+		return nil, err
+	}
+
+	driver := &Driver{
+		driverConfig: *cfg,
+	}
+
+	return driver, nil
+}
+
+// List returns all secret IDs
+func (d *Driver) List() (secrets []string, err error) {
+	cmd := exec.CommandContext(context.TODO(), "/bin/sh", "-c", d.ListCommand)
+	cmd.Env = os.Environ()
+	cmd.Stderr = os.Stderr
+
+	buf := &bytes.Buffer{}
+	cmd.Stdout = buf
+
+	err = cmd.Run()
+	if err != nil {
+		return nil, err
+	}
+
+	parts := bytes.Split(buf.Bytes(), []byte("\n"))
+	for _, part := range parts {
+		id := strings.Trim(string(part), " \r\n")
+		if len(id) > 0 {
+			secrets = append(secrets, id)
+		}
+	}
+	sort.Strings(secrets)
+
+	return secrets, nil
+}
+
+// Lookup returns the bytes associated with a secret ID
+func (d *Driver) Lookup(id string) ([]byte, error) {
+	if strings.Contains(id, "..") {
+		return nil, errInvalidKey
+	}
+
+	cmd := exec.CommandContext(context.TODO(), "/bin/sh", "-c", d.LookupCommand)
+	cmd.Env = os.Environ()
+	cmd.Env = append(cmd.Env, "SECRET_ID="+id)
+	cmd.Stderr = os.Stderr
+
+	buf := &bytes.Buffer{}
+	cmd.Stdout = buf
+
+	err := cmd.Run()
+	if err != nil {
+		return nil, errors.Wrap(errNoSecretData, id)
+	}
+	return buf.Bytes(), nil
+}
+
+// Store saves the bytes associated with an ID. An error is returned if the ID already exists
+func (d *Driver) Store(id string, data []byte) error {
+	if strings.Contains(id, "..") {
+		return errInvalidKey
+	}
+
+	cmd := exec.CommandContext(context.TODO(), "/bin/sh", "-c", d.StoreCommand)
+	cmd.Env = os.Environ()
+	cmd.Env = append(cmd.Env, "SECRET_ID="+id)
+
+	cmd.Stderr = os.Stderr
+	cmd.Stdout = os.Stdout
+	cmd.Stdin = bytes.NewReader(data)
+
+	return cmd.Run()
+}
+
+// Delete removes the secret associated with the specified ID.  An error is returned if no matching secret is found.
+func (d *Driver) Delete(id string) error {
+	if strings.Contains(id, "..") {
+		return errInvalidKey
+	}
+
+	cmd := exec.CommandContext(context.TODO(), "/bin/sh", "-c", d.DeleteCommand)
+	cmd.Env = os.Environ()
+	cmd.Env = append(cmd.Env, "SECRET_ID="+id)
+
+	cmd.Stderr = os.Stderr
+	cmd.Stdout = os.Stdout
+
+	err := cmd.Run()
+	if err != nil {
+		return errors.Wrap(errNoSecretData, id)
+	}
+
+	return nil
+}