pull/create: add --override-arch/--override-os flags

Add --override-arch and --override-os as hidden flags, in line with the global flag names that skopeo uses, so that we can test behavior around manifest lists without having to conditionalize more of it by arch. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2025-06-18 15:39:08 +08:00 · 2019-10-16 11:57:45 -04:00
parent 803357334c
commit b9313d355e
11 changed files with 58 additions and 2 deletions
--- a/API.md
+++ b/API.md
@ -1557,6 +1557,10 @@ oomKillDisable [?bool](#?bool)

 oomScoreAdj [?int](#?int)

+overrideArch [?string](#?string)
+
+overrideOS [?string](#?string)
+
 pid [?string](#?string)

 pidsLimit [?int](#?int)
--- a/cmd/podman/build.go
+++ b/cmd/podman/build.go
@ -9,6 +9,7 @@ import (
 	"github.com/containers/buildah"
 	"github.com/containers/buildah/imagebuildah"
 	buildahcli "github.com/containers/buildah/pkg/cli"
+	"github.com/containers/image/v5/types"
 	"github.com/containers/libpod/cmd/podman/cliconfig"
 	"github.com/containers/libpod/libpod"
 	"github.com/containers/libpod/pkg/adapter"
@ -360,6 +361,10 @@ func buildCmd(c *cliconfig.BuildValues) error {
 		RuntimeArgs:             runtimeFlags,
 		SignaturePolicyPath:     c.SignaturePolicy,
 		Squash:                  c.Squash,
+		SystemContext: &types.SystemContext{
+			OSChoice:           c.OverrideOS,
+			ArchitectureChoice: c.OverrideArch,
+		},
 		Target: c.Target,
 	}
 	return runtime.Build(getContext(), c, options, containerfiles)
--- a/cmd/podman/cliconfig/config.go
+++ b/cmd/podman/cliconfig/config.go
@ -431,6 +431,8 @@ type PullValues struct {
 	Authfile        string
 	CertDir         string
 	Creds           string
+	OverrideArch    string
+	OverrideOS      string
 	Quiet           bool
 	SignaturePolicy string
 	TlsVerify       bool
--- a/cmd/podman/common.go
+++ b/cmd/podman/common.go
@ -370,6 +370,16 @@ func getCreateFlags(c *cliconfig.PodmanCommand) {
 		"oom-score-adj", 0,
 		"Tune the host's OOM preferences (-1000 to 1000)",
 	)
+	createFlags.String(
+		"override-arch", "",
+		"use `ARCH` instead of the architecture of the machine for choosing images",
+	)
+	markFlagHidden(createFlags, "override-arch")
+	createFlags.String(
+		"override-os", "",
+		"use `OS` instead of the running OS for choosing images",
+	)
+	markFlagHidden(createFlags, "override-os")
 	createFlags.String(
 		"pid", "",
 		"PID namespace to use",
--- a/cmd/podman/pull.go
+++ b/cmd/podman/pull.go
@ -54,6 +54,10 @@ func init() {
 	flags.BoolVar(&pullCommand.AllTags, "all-tags", false, "All tagged images in the repository will be pulled")
 	flags.StringVar(&pullCommand.Creds, "creds", "", "`Credentials` (USERNAME:PASSWORD) to use for authenticating to a registry")
 	flags.BoolVarP(&pullCommand.Quiet, "quiet", "q", false, "Suppress output information when pulling images")
+	flags.StringVar(&pullCommand.OverrideArch, "override-arch", "", "use `ARCH` instead of the architecture of the machine for choosing images")
+	markFlagHidden(flags, "override-arch")
+	flags.StringVar(&pullCommand.OverrideOS, "override-os", "", "use `OS` instead of the running OS for choosing images")
+	markFlagHidden(flags, "override-os")
 	// Disabled flags for the remote client
 	if !remote {
 		flags.StringVar(&pullCommand.Authfile, "authfile", shared.GetAuthFile(""), "Path of the authentication file. Use REGISTRY_AUTH_FILE environment variable to override")
@ -122,6 +126,8 @@ func pullCmd(c *cliconfig.PullValues) (retError error) {
 	dockerRegistryOptions := image.DockerRegistryOptions{
 		DockerRegistryCreds: registryCreds,
 		DockerCertPath:      c.CertDir,
+		OSChoice:            c.OverrideOS,
+		ArchitectureChoice:  c.OverrideArch,
 	}
 	if c.IsSet("tls-verify") {
 		dockerRegistryOptions.DockerInsecureSkipTLSVerify = types.NewOptionalBool(!c.TlsVerify)
--- a/cmd/podman/shared/create.go
+++ b/cmd/podman/shared/create.go
@ -89,7 +89,12 @@ func CreateContainer(ctx context.Context, c *GenericCLIResults, runtime *libpod.
 			return nil, nil, err
 		}

-		newImage, err := runtime.ImageRuntime().New(ctx, name, rtc.SignaturePolicyPath, GetAuthFile(c.String("authfile")), writer, nil, image.SigningOptions{}, nil, pullType)
+		dockerRegistryOptions := image.DockerRegistryOptions{
+			OSChoice:           c.String("override-os"),
+			ArchitectureChoice: c.String("override-arch"),
+		}
+
+		newImage, err := runtime.ImageRuntime().New(ctx, name, rtc.SignaturePolicyPath, GetAuthFile(c.String("authfile")), writer, &dockerRegistryOptions, image.SigningOptions{}, nil, pullType)
 		if err != nil {
 			return nil, nil, err
 		}
--- a/cmd/podman/shared/intermediate.go
+++ b/cmd/podman/shared/intermediate.go
@ -428,6 +428,8 @@ func NewIntermediateLayer(c *cliconfig.PodmanCommand, remote bool) GenericCLIRes
 	m["no-hosts"] = newCRBool(c, "no-hosts")
 	m["oom-kill-disable"] = newCRBool(c, "oom-kill-disable")
 	m["oom-score-adj"] = newCRInt(c, "oom-score-adj")
+	m["override-arch"] = newCRString(c, "override-arch")
+	m["override-os"] = newCRString(c, "override-os")
 	m["pid"] = newCRString(c, "pid")
 	m["pids-limit"] = newCRInt64(c, "pids-limit")
 	m["pod"] = newCRString(c, "pod")
--- a/cmd/podman/shared/intermediate_varlink.go
+++ b/cmd/podman/shared/intermediate_varlink.go
@ -131,6 +131,8 @@ func (g GenericCLIResults) MakeVarlink() iopodman.Create {
 		Network:                StringToPtr(g.Find("network")),
 		OomKillDisable:         BoolToPtr(g.Find("oom-kill-disable")),
 		OomScoreAdj:            AnyIntToInt64Ptr(g.Find("oom-score-adj")),
+		OverrideOS:             StringToPtr(g.Find("override-os")),
+		OverrideArch:           StringToPtr(g.Find("override-arch")),
 		Pid:                    StringToPtr(g.Find("pid")),
 		PidsLimit:              AnyIntToInt64Ptr(g.Find("pids-limit")),
 		Pod:                    StringToPtr(g.Find("pod")),
@ -389,6 +391,8 @@ func VarlinkCreateToGeneric(opts iopodman.Create) GenericCLIResults {
 	m["no-hosts"] = boolFromVarlink(opts.NoHosts, "no-hosts", false)
 	m["oom-kill-disable"] = boolFromVarlink(opts.OomKillDisable, "oon-kill-disable", false)
 	m["oom-score-adj"] = intFromVarlink(opts.OomScoreAdj, "oom-score-adj", nil)
+	m["override-os"] = stringFromVarlink(opts.OverrideOS, "override-os", nil)
+	m["override-arch"] = stringFromVarlink(opts.OverrideArch, "override-arch", nil)
 	m["pid"] = stringFromVarlink(opts.Pid, "pid", nil)
 	m["pids-limit"] = int64FromVarlink(opts.PidsLimit, "pids-limit", nil)
 	m["pod"] = stringFromVarlink(opts.Pod, "pod", nil)
--- a/cmd/podman/varlink/io.podman.varlink
+++ b/cmd/podman/varlink/io.podman.varlink
@ -342,6 +342,8 @@ type Create (
    noHosts: ?bool,
    oomKillDisable: ?bool,
    oomScoreAdj: ?int,
+    overrideArch: ?string,
+    overrideOS: ?string,
    pid: ?string,
    pidsLimit: ?int,
    pod: ?string,
--- a/libpod/image/docker_registry_options.go
+++ b/libpod/image/docker_registry_options.go
@ -26,6 +26,10 @@ type DockerRegistryOptions struct {
 	// certificates and allows connecting to registries without encryption
 	// - or forces it on even if registries.conf has the registry configured as insecure.
 	DockerInsecureSkipTLSVerify types.OptionalBool
+	// If not "", overrides the use of platform.GOOS when choosing an image or verifying OS match.
+	OSChoice string
+	// If not "", overrides the use of platform.GOARCH when choosing an image or verifying architecture match.
+	ArchitectureChoice string
 }

 // GetSystemContext constructs a new system context from a parent context. the values in the DockerRegistryOptions, and other parameters.
@ -35,12 +39,16 @@ func (o DockerRegistryOptions) GetSystemContext(parent *types.SystemContext, add
 		DockerCertPath:              o.DockerCertPath,
 		DockerInsecureSkipTLSVerify: o.DockerInsecureSkipTLSVerify,
 		DockerArchiveAdditionalTags: additionalDockerArchiveTags,
+		OSChoice:                    o.OSChoice,
+		ArchitectureChoice:          o.ArchitectureChoice,
 	}
 	if parent != nil {
 		sc.SignaturePolicyPath = parent.SignaturePolicyPath
 		sc.AuthFilePath = parent.AuthFilePath
 		sc.DirForceCompress = parent.DirForceCompress
 		sc.DockerRegistryUserAgent = parent.DockerRegistryUserAgent
+		sc.OSChoice = parent.OSChoice
+		sc.ArchitectureChoice = parent.ArchitectureChoice
 	}
 	return sc
 }
--- a/libpod/image/pull.go
+++ b/libpod/image/pull.go
@ -223,6 +223,10 @@ func (ir *Runtime) pullImageFromHeuristicSource(ctx context.Context, inputName s

 	var goal *pullGoal
 	sc := GetSystemContext(signaturePolicyPath, authfile, false)
+	if dockerOptions != nil {
+		sc.OSChoice = dockerOptions.OSChoice
+		sc.ArchitectureChoice = dockerOptions.ArchitectureChoice
+	}
 	sc.BlobInfoCacheDir = filepath.Join(ir.store.GraphRoot(), "cache")
 	srcRef, err := alltransports.ParseImageName(inputName)
 	if err != nil {
@ -246,6 +250,10 @@ func (ir *Runtime) pullImageFromReference(ctx context.Context, srcRef types.Imag
 	defer span.Finish()

 	sc := GetSystemContext(signaturePolicyPath, authfile, false)
+	if dockerOptions != nil {
+		sc.OSChoice = dockerOptions.OSChoice
+		sc.ArchitectureChoice = dockerOptions.ArchitectureChoice
+	}
 	goal, err := ir.pullGoalFromImageReference(ctx, srcRef, transports.ImageName(srcRef), sc)
 	if err != nil {
 		return nil, errors.Wrapf(err, "error determining pull goal for image %q", transports.ImageName(srcRef))