remove pkg/registries

Pull the trigger on the `pkg/registries` package which acted as a proxy for `c/image/pkg/sysregistriesv2`. Callers should be using the packages from c/image directly, if needed at all. Also make use of libimage's SystemContext() method which returns a copy of a system context, further reducing the risk of unintentionally altering global data. [NO TESTS NEEDED] Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
2025-05-22 01:27:07 +08:00 · 2021-06-24 14:35:10 +02:00
parent d1f57a07c2
commit f95b0995e5
12 changed files with 52 additions and 181 deletions
--- a/cmd/podman/common/completion.go
+++ b/cmd/podman/common/completion.go
@ -8,11 +8,11 @@ import (
 	"strings"

 	"github.com/containers/common/pkg/config"
+	"github.com/containers/image/v5/pkg/sysregistriesv2"
 	"github.com/containers/podman/v3/cmd/podman/registry"
 	"github.com/containers/podman/v3/libpod/define"
 	"github.com/containers/podman/v3/pkg/domain/entities"
 	"github.com/containers/podman/v3/pkg/network"
-	"github.com/containers/podman/v3/pkg/registries"
 	"github.com/containers/podman/v3/pkg/rootless"
 	systemdDefine "github.com/containers/podman/v3/pkg/systemd/define"
 	"github.com/containers/podman/v3/pkg/util"
@ -236,7 +236,7 @@ func getSecrets(cmd *cobra.Command, toComplete string) ([]string, cobra.ShellCom
 }

 func getRegistries() ([]string, cobra.ShellCompDirective) {
-	regs, err := registries.GetRegistries()
+	regs, err := sysregistriesv2.UnqualifiedSearchRegistries(nil)
 	if err != nil {
 		cobra.CompErrorln(err.Error())
 		return nil, cobra.ShellCompDirectiveNoFileComp
--- a/cmd/podman/login.go
+++ b/cmd/podman/login.go
@ -9,7 +9,6 @@ import (
 	"github.com/containers/image/v5/types"
 	"github.com/containers/podman/v3/cmd/podman/common"
 	"github.com/containers/podman/v3/cmd/podman/registry"
-	"github.com/containers/podman/v3/pkg/registries"
 	"github.com/spf13/cobra"
 )

@ -63,12 +62,29 @@ func login(cmd *cobra.Command, args []string) error {
 		skipTLS = types.NewOptionalBool(!loginOptions.tlsVerify)
 	}

-	sysCtx := types.SystemContext{
+	sysCtx := &types.SystemContext{
 		AuthFilePath:                loginOptions.AuthFile,
 		DockerCertPath:              loginOptions.CertDir,
 		DockerInsecureSkipTLSVerify: skipTLS,
-		SystemRegistriesConfPath:    registries.SystemRegistriesConfPath(),
 	}
+	setRegistriesConfPath(sysCtx)
 	loginOptions.GetLoginSet = cmd.Flag("get-login").Changed
-	return auth.Login(context.Background(), &sysCtx, &loginOptions.LoginOptions, args)
+	return auth.Login(context.Background(), sysCtx, &loginOptions.LoginOptions, args)
+}
+
+// setRegistriesConfPath sets the registries.conf path for the specified context.
+// NOTE: this is a verbatim copy from c/common/libimage which we're not using
+// to prevent leaking c/storage into this file.  Maybe this should go into c/image?
+func setRegistriesConfPath(systemContext *types.SystemContext) {
+	if systemContext.SystemRegistriesConfPath != "" {
+		return
+	}
+	if envOverride, ok := os.LookupEnv("CONTAINERS_REGISTRIES_CONF"); ok {
+		systemContext.SystemRegistriesConfPath = envOverride
+		return
+	}
+	if envOverride, ok := os.LookupEnv("REGISTRIES_CONFIG_PATH"); ok {
+		systemContext.SystemRegistriesConfPath = envOverride
+		return
+	}
 }
--- a/cmd/podman/logout.go
+++ b/cmd/podman/logout.go
@ -8,7 +8,6 @@ import (
 	"github.com/containers/image/v5/types"
 	"github.com/containers/podman/v3/cmd/podman/common"
 	"github.com/containers/podman/v3/cmd/podman/registry"
-	"github.com/containers/podman/v3/pkg/registries"
 	"github.com/spf13/cobra"
 )

@ -48,9 +47,9 @@ func init() {

 // Implementation of podman-logout.
 func logout(cmd *cobra.Command, args []string) error {
-	sysCtx := types.SystemContext{
+	sysCtx := &types.SystemContext{
 		AuthFilePath: logoutOptions.AuthFile,
-		SystemRegistriesConfPath: registries.SystemRegistriesConfPath(),
 	}
-	return auth.Logout(&sysCtx, &logoutOptions, args)
+	setRegistriesConfPath(sysCtx)
+	return auth.Logout(sysCtx, &logoutOptions, args)
 }
--- a/go.mod
+++ b/go.mod
@ -12,7 +12,7 @@ require (
 	github.com/containernetworking/cni v0.8.1
 	github.com/containernetworking/plugins v0.9.1
 	github.com/containers/buildah v1.21.1
-	github.com/containers/common v0.40.2-0.20210623133759-d13a31743aec
+	github.com/containers/common v0.40.2-0.20210624120009-b1d3c4dc2515
 	github.com/containers/conmon v2.0.20+incompatible
 	github.com/containers/image/v5 v5.13.2
 	github.com/containers/ocicrypt v1.1.1
--- a/go.sum
+++ b/go.sum
@ -221,8 +221,8 @@ github.com/containernetworking/plugins v0.9.1/go.mod h1:xP/idU2ldlzN6m4p5LmGiwRD
 github.com/containers/buildah v1.21.1 h1:e9LmTCUKUBLg72v5DnIOT/wc8ffkfB7LbpQBywLZo20=
 github.com/containers/buildah v1.21.1/go.mod h1:yPdlpVd93T+i91yGxrJbW1YOWrqN64j5ZhHOZmHUejs=
 github.com/containers/common v0.38.4/go.mod h1:egfpX/Y3+19Dz4Wa1eRZDdgzoEOeneieF9CQppKzLBg=
-github.com/containers/common v0.40.2-0.20210623133759-d13a31743aec h1:ZcteA2klZSZAZgVonwJAqezF6hdO9SMKUy49ZHXZd38=
-github.com/containers/common v0.40.2-0.20210623133759-d13a31743aec/go.mod h1:J23CfuhN1fAg85q5HxS6SKYhKbGqmqieKQqoHaQbEI8=
+github.com/containers/common v0.40.2-0.20210624120009-b1d3c4dc2515 h1:ih6akqzrwgKFRxLzdoRBFRUlIGbDWPoDYxhn5GihfXM=
+github.com/containers/common v0.40.2-0.20210624120009-b1d3c4dc2515/go.mod h1:J23CfuhN1fAg85q5HxS6SKYhKbGqmqieKQqoHaQbEI8=
 github.com/containers/conmon v2.0.20+incompatible h1:YbCVSFSCqFjjVwHTPINGdMX1F6JXHGTUje2ZYobNrkg=
 github.com/containers/conmon v2.0.20+incompatible/go.mod h1:hgwZ2mtuDrppv78a/cOBNiCm6O0UMWGx1mu7P00nu5I=
 github.com/containers/image/v5 v5.12.0/go.mod h1:VasTuHmOw+uD0oHCfApQcMO2+36SfyncoSahU7513Xs=
--- a/libpod/info.go
+++ b/libpod/info.go
@ -15,10 +15,10 @@ import (
 	"github.com/containers/buildah"
 	"github.com/containers/common/pkg/apparmor"
 	"github.com/containers/common/pkg/seccomp"
+	"github.com/containers/image/v5/pkg/sysregistriesv2"
 	"github.com/containers/podman/v3/libpod/define"
 	"github.com/containers/podman/v3/libpod/linkmode"
 	"github.com/containers/podman/v3/pkg/cgroups"
-	registries2 "github.com/containers/podman/v3/pkg/registries"
 	"github.com/containers/podman/v3/pkg/rootless"
 	"github.com/containers/storage"
 	"github.com/containers/storage/pkg/system"
@ -49,14 +49,16 @@ func (r *Runtime) info() (*define.Info, error) {
 	}
 	info.Store = storeInfo
 	registries := make(map[string]interface{})
-	data, err := registries2.GetRegistriesData()
+
+	sys := r.SystemContext()
+	data, err := sysregistriesv2.GetRegistries(sys)
 	if err != nil {
 		return nil, errors.Wrapf(err, "error getting registries")
 	}
 	for _, reg := range data {
 		registries[reg.Prefix] = reg
 	}
-	regs, err := registries2.GetRegistries()
+	regs, err := sysregistriesv2.UnqualifiedSearchRegistries(sys)
 	if err != nil {
 		return nil, errors.Wrapf(err, "error getting registries")
 	}
--- a/libpod/runtime.go
+++ b/libpod/runtime.go
@ -29,7 +29,6 @@ import (
 	"github.com/containers/podman/v3/libpod/plugin"
 	"github.com/containers/podman/v3/libpod/shutdown"
 	"github.com/containers/podman/v3/pkg/cgroups"
-	"github.com/containers/podman/v3/pkg/registries"
 	"github.com/containers/podman/v3/pkg/rootless"
 	"github.com/containers/podman/v3/pkg/util"
 	"github.com/containers/storage"
@ -932,7 +931,9 @@ func (r *Runtime) LibimageRuntime() *libimage.Runtime {

 // SystemContext returns the imagecontext
 func (r *Runtime) SystemContext() *types.SystemContext {
-	return r.imageContext
+	// Return the context from the libimage runtime.  libimage is sensitive
+	// to a number of env vars.
+	return r.libimageRuntime.SystemContext()
 }

 // GetOCIRuntimePath retrieves the path of the default OCI runtime.
@ -1042,9 +1043,9 @@ func (r *Runtime) Reload() error {
 	if err := r.reloadStorageConf(); err != nil {
 		return err
 	}
-	if err := reloadRegistriesConf(); err != nil {
-		return err
-	}
+	// Invalidate the registries.conf cache. The next invocation will
+	// reload all data.
+	sysregistriesv2.InvalidateCache()
 	return nil
 }

@ -1059,17 +1060,6 @@ func (r *Runtime) reloadContainersConf() error {
 	return nil
 }

-// reloadRegistries reloads the registries.conf
-func reloadRegistriesConf() error {
-	sysregistriesv2.InvalidateCache()
-	registries, err := sysregistriesv2.GetRegistries(&types.SystemContext{SystemRegistriesConfPath: registries.SystemRegistriesConfPath()})
-	if err != nil {
-		return err
-	}
-	logrus.Infof("applied new registry configuration: %+v", registries)
-	return nil
-}
-
 // reloadStorageConf reloads the storage.conf
 func (r *Runtime) reloadStorageConf() error {
 	configFile, err := storage.DefaultConfigFile(rootless.IsRootless())
--- a/libpod/runtime_img_test.go
+++ b/libpod/runtime_img_test.go
@ -1,54 +0,0 @@
-package libpod
-
-import (
-	"io/ioutil"
-	"os"
-	"reflect"
-	"testing"
-
-	sysreg "github.com/containers/podman/v3/pkg/registries"
-	"github.com/stretchr/testify/assert"
-)
-
-var (
-	registry = `[registries.search]
-registries = ['one']
-
-[registries.insecure]
-registries = ['two']`
-)
-
-func createTmpFile(content []byte) (string, error) {
-	tmpfile, err := ioutil.TempFile(os.TempDir(), "unittest")
-	if err != nil {
-		return "", err
-	}
-
-	if _, err := tmpfile.Write(content); err != nil {
-		return "", err
-	}
-	if err := tmpfile.Close(); err != nil {
-		return "", err
-	}
-	return tmpfile.Name(), nil
-}
-
-func TestGetRegistries(t *testing.T) {
-	registryPath, err := createTmpFile([]byte(registry))
-	assert.NoError(t, err)
-	defer os.Remove(registryPath)
-	os.Setenv("CONTAINERS_REGISTRIES_CONF", registryPath)
-	registries, err := sysreg.GetRegistries()
-	assert.NoError(t, err)
-	assert.True(t, reflect.DeepEqual(registries, []string{"one"}))
-}
-
-func TestGetInsecureRegistries(t *testing.T) {
-	registryPath, err := createTmpFile([]byte(registry))
-	assert.NoError(t, err)
-	os.Setenv("CONTAINERS_REGISTRIES_CONF", registryPath)
-	defer os.Remove(registryPath)
-	registries, err := sysreg.GetInsecureRegistries()
-	assert.NoError(t, err)
-	assert.True(t, reflect.DeepEqual(registries, []string{"two"}))
-}
--- a/pkg/api/handlers/compat/auth.go
+++ b/pkg/api/handlers/compat/auth.go
@ -9,9 +9,9 @@ import (

 	DockerClient "github.com/containers/image/v5/docker"
 	"github.com/containers/image/v5/types"
+	"github.com/containers/podman/v3/libpod"
 	"github.com/containers/podman/v3/pkg/api/handlers/utils"
 	"github.com/containers/podman/v3/pkg/domain/entities"
-	"github.com/containers/podman/v3/pkg/registries"
 	docker "github.com/docker/docker/api/types"
 	"github.com/pkg/errors"
 )
@ -37,15 +37,13 @@ func Auth(w http.ResponseWriter, r *http.Request) {
 		skipTLS = types.NewOptionalBool(true)
 	}

+	runtime := r.Context().Value("runtime").(*libpod.Runtime)
+	sysCtx := runtime.SystemContext()
+	sysCtx.DockerInsecureSkipTLSVerify = skipTLS
+
 	fmt.Println("Authenticating with existing credentials...")
-	sysCtx := types.SystemContext{
-		AuthFilePath:                "",
-		DockerCertPath:              "",
-		DockerInsecureSkipTLSVerify: skipTLS,
-		SystemRegistriesConfPath:    registries.SystemRegistriesConfPath(),
-	}
 	registry := stripAddressOfScheme(authConfig.ServerAddress)
-	if err := DockerClient.CheckAuth(context.Background(), &sysCtx, authConfig.Username, authConfig.Password, registry); err == nil {
+	if err := DockerClient.CheckAuth(context.Background(), sysCtx, authConfig.Username, authConfig.Password, registry); err == nil {
 		utils.WriteResponse(w, http.StatusOK, entities.AuthReport{
 			IdentityToken: "",
 			Status:        "Login Succeeded",
--- a/pkg/registries/registries.go
+++ b/pkg/registries/registries.go
@ -1,85 +0,0 @@
-package registries
-
-// TODO: this package should not exist anymore.  Users should either use
-// c/image's `sysregistriesv2` package directly OR, even better, we cache a
-// config in libpod's image runtime so we don't need to parse the
-// registries.conf files redundantly.
-
-import (
-	"os"
-	"path/filepath"
-
-	"github.com/containers/image/v5/pkg/sysregistriesv2"
-	"github.com/containers/image/v5/types"
-	"github.com/containers/podman/v3/pkg/rootless"
-	"github.com/pkg/errors"
-)
-
-// userRegistriesFile is the path to the per user registry configuration file.
-var userRegistriesFile = filepath.Join(os.Getenv("HOME"), ".config/containers/registries.conf")
-
-// SystemRegistriesConfPath returns an appropriate value for types.SystemContext.SystemRegistriesConfPath
-// (possibly "", which is not an error), taking into account rootless mode and environment variable overrides.
-//
-// FIXME: This should be centralized in a global SystemContext initializer inherited throughout the code,
-// not haphazardly called throughout the way it is being called now.
-func SystemRegistriesConfPath() string {
-	if envOverride, ok := os.LookupEnv("CONTAINERS_REGISTRIES_CONF"); ok {
-		return envOverride
-	}
-	if envOverride, ok := os.LookupEnv("REGISTRIES_CONFIG_PATH"); ok {
-		return envOverride
-	}
-
-	if rootless.IsRootless() {
-		if _, err := os.Stat(userRegistriesFile); err == nil {
-			return userRegistriesFile
-		}
-	}
-
-	return ""
-}
-
-// GetRegistriesData obtains the list of registries
-func GetRegistriesData() ([]sysregistriesv2.Registry, error) {
-	registries, err := sysregistriesv2.GetRegistries(&types.SystemContext{SystemRegistriesConfPath: SystemRegistriesConfPath()})
-	if err != nil {
-		return nil, errors.Wrapf(err, "unable to parse the registries.conf file")
-	}
-	return registries, nil
-}
-
-// GetRegistries obtains the list of search registries defined in the global registries file.
-func GetRegistries() ([]string, error) {
-	return sysregistriesv2.UnqualifiedSearchRegistries(&types.SystemContext{SystemRegistriesConfPath: SystemRegistriesConfPath()})
-}
-
-// GetBlockedRegistries obtains the list of blocked registries defined in the global registries file.
-func GetBlockedRegistries() ([]string, error) {
-	var blockedRegistries []string
-	registries, err := GetRegistriesData()
-	if err != nil {
-		return nil, err
-	}
-	for _, reg := range registries {
-		if reg.Blocked {
-			blockedRegistries = append(blockedRegistries, reg.Prefix)
-		}
-	}
-	return blockedRegistries, nil
-}
-
-// GetInsecureRegistries obtains the list of insecure registries from the global registration file.
-func GetInsecureRegistries() ([]string, error) {
-	var insecureRegistries []string
-	registries, err := GetRegistriesData()
-	if err != nil {
-		return nil, err
-	}
-	for _, reg := range registries {
-		if reg.Insecure {
-			insecureRegistries = append(insecureRegistries, reg.Prefix)
-		}
-	}
-	return insecureRegistries, nil
-}
--- a/vendor/github.com/containers/common/libimage/runtime.go
+++ b/vendor/github.com/containers/common/libimage/runtime.go
@ -53,6 +53,11 @@ type Runtime struct {
 	systemContext types.SystemContext
 }

+// Returns a copy of the runtime's system context.
+func (r *Runtime) SystemContext() *types.SystemContext {
+	return r.systemContextCopy()
+}
+
 // Returns a copy of the runtime's system context.
 func (r *Runtime) systemContextCopy() *types.SystemContext {
 	var sys types.SystemContext
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@ -93,7 +93,7 @@ github.com/containers/buildah/pkg/overlay
 github.com/containers/buildah/pkg/parse
 github.com/containers/buildah/pkg/rusage
 github.com/containers/buildah/util
-# github.com/containers/common v0.40.2-0.20210623133759-d13a31743aec
+# github.com/containers/common v0.40.2-0.20210624120009-b1d3c4dc2515
 github.com/containers/common/libimage
 github.com/containers/common/libimage/manifests
 github.com/containers/common/pkg/apparmor