diff --git a/libpod/container_validate.go b/libpod/container_validate.go index 01ec586b8b..cedcfce150 100644 --- a/libpod/container_validate.go +++ b/libpod/container_validate.go @@ -3,11 +3,13 @@ package libpod import ( + "context" "fmt" "strings" "github.com/containers/podman/v6/libpod/define" spec "github.com/opencontainers/runtime-spec/specs-go" + "go.podman.io/common/pkg/libartifact/store" "go.podman.io/image/v5/docker" "go.podman.io/image/v5/pkg/shortnames" "go.podman.io/image/v5/transports/alltransports" @@ -177,6 +179,23 @@ func (c *Container) validate() error { return fmt.Errorf("default rootfs-based infra container is set for non-infra container") } + if len(c.config.ArtifactVolumes) > 0 { + artStore, err := c.runtime.ArtifactStore() + if err != nil { + return err + } + for _, artifactMount := range c.config.ArtifactVolumes { + asr, err := store.NewArtifactStorageReference(artifactMount.Source) + if err != nil { + return err + } + _, err = artStore.Inspect(context.Background(), asr) + if err != nil { + return err + } + } + } + return nil } diff --git a/libpod/runtime_ctr.go b/libpod/runtime_ctr.go index 6ce7c95e2f..a7af59dd36 100644 --- a/libpod/runtime_ctr.go +++ b/libpod/runtime_ctr.go @@ -306,6 +306,8 @@ func (r *Runtime) setupContainer(ctx context.Context, ctr *Container) (_ *Contai ctr.config.Networks = normalizeNetworks } + ctr.runtime = r + // Validate the container if err := ctr.validate(); err != nil { return nil, err @@ -337,8 +339,6 @@ func (r *Runtime) setupContainer(ctx context.Context, ctr *Container) (_ *Contai ctr.valid = true ctr.state.State = define.ContainerStateConfigured - ctr.runtime = r - if ctr.config.OCIRuntime == "" { ctr.ociRuntime = r.defaultOCIRuntime } else { diff --git a/test/system/702-artifact.bats b/test/system/702-artifact.bats index df23645d27..a07c3e6e5c 100644 --- a/test/system/702-artifact.bats +++ b/test/system/702-artifact.bats @@ -151,5 +151,14 @@ function teardown() { run_podman artifact rm "$artifact_name" } +@test "podman artifact volume validation at creation" { + # Issue #27747: Artifact volume validation should fail at creation, not start + local artifact_name="localhost/test/nonexistent-artifact" + + # Creation should fail if the artifact does not exist + run_podman 125 create --name test-artifact-fail --mount type=artifact,source=$artifact_name,target=/tmp $IMAGE + assert "$output" = "Error: $artifact_name:latest: artifact does not exist" "creation should fail for nonexistent artifact" +} + # vim: filetype=sh