mirror of
https://github.com/containers/podman.git
synced 2025-11-30 10:07:33 +08:00
Merge pull request #20192 from umohnani8/images
Fix broken podman images filters
This commit is contained in:
10
vendor/github.com/containers/common/libimage/filters.go
generated
vendored
10
vendor/github.com/containers/common/libimage/filters.go
generated
vendored
@@ -11,7 +11,6 @@ import (
|
||||
filtersPkg "github.com/containers/common/pkg/filters"
|
||||
"github.com/containers/common/pkg/timetype"
|
||||
"github.com/containers/image/v5/docker/reference"
|
||||
"github.com/opencontainers/go-digest"
|
||||
"github.com/sirupsen/logrus"
|
||||
)
|
||||
|
||||
@@ -394,18 +393,17 @@ func filterDangling(ctx context.Context, value bool, tree *layerTree) filterFunc
|
||||
// filterID creates an image-ID filter for matching the specified value.
|
||||
func filterID(value string) filterFunc {
|
||||
return func(img *Image) (bool, error) {
|
||||
return img.ID() == value, nil
|
||||
return strings.HasPrefix(img.ID(), value), nil
|
||||
}
|
||||
}
|
||||
|
||||
// filterDigest creates a digest filter for matching the specified value.
|
||||
func filterDigest(value string) (filterFunc, error) {
|
||||
d, err := digest.Parse(value)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("invalid value %q for digest filter: %w", value, err)
|
||||
if !strings.HasPrefix(value, "sha256:") {
|
||||
return nil, fmt.Errorf("invalid value %q for digest filter", value)
|
||||
}
|
||||
return func(img *Image) (bool, error) {
|
||||
return img.hasDigest(d), nil
|
||||
return img.containsDigestPrefix(value), nil
|
||||
}, nil
|
||||
}
|
||||
|
||||
|
||||
11
vendor/github.com/containers/common/libimage/image.go
generated
vendored
11
vendor/github.com/containers/common/libimage/image.go
generated
vendored
@@ -169,6 +169,17 @@ func (i *Image) hasDigest(wantedDigest digest.Digest) bool {
|
||||
return false
|
||||
}
|
||||
|
||||
// containsDigestPrefix returns whether the specified value matches any digest of the
|
||||
// image. It checks for the prefix and not a full match.
|
||||
func (i *Image) containsDigestPrefix(wantedDigestPrefix string) bool {
|
||||
for _, d := range i.Digests() {
|
||||
if strings.HasPrefix(d.String(), wantedDigestPrefix) {
|
||||
return true
|
||||
}
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
||||
// IsReadOnly returns whether the image is set read only.
|
||||
func (i *Image) IsReadOnly() bool {
|
||||
return i.storageImage.ReadOnly
|
||||
|
||||
2
vendor/github.com/containers/common/libimage/manifest_list.go
generated
vendored
2
vendor/github.com/containers/common/libimage/manifest_list.go
generated
vendored
@@ -440,6 +440,8 @@ func (m *ManifestList) Push(ctx context.Context, destination string, options *Ma
|
||||
SignSigstorePrivateKeyPassphrase: options.SignSigstorePrivateKeyPassphrase,
|
||||
RemoveSignatures: options.RemoveSignatures,
|
||||
ManifestType: options.ManifestMIMEType,
|
||||
MaxRetries: options.MaxRetries,
|
||||
RetryDelay: options.RetryDelay,
|
||||
ForceCompressionFormat: options.ForceCompressionFormat,
|
||||
}
|
||||
|
||||
|
||||
42
vendor/github.com/containers/common/libimage/manifests/manifests.go
generated
vendored
42
vendor/github.com/containers/common/libimage/manifests/manifests.go
generated
vendored
@@ -6,8 +6,10 @@ import (
|
||||
"errors"
|
||||
"fmt"
|
||||
"io"
|
||||
"time"
|
||||
|
||||
"github.com/containers/common/pkg/manifests"
|
||||
"github.com/containers/common/pkg/retry"
|
||||
"github.com/containers/common/pkg/supplemented"
|
||||
cp "github.com/containers/image/v5/copy"
|
||||
"github.com/containers/image/v5/docker/reference"
|
||||
@@ -27,6 +29,10 @@ import (
|
||||
"github.com/sirupsen/logrus"
|
||||
)
|
||||
|
||||
const (
|
||||
defaultMaxRetries = 3
|
||||
)
|
||||
|
||||
const instancesData = "instances.json"
|
||||
|
||||
// LookupReferenceFunc return an image reference based on the specified one.
|
||||
@@ -72,6 +78,11 @@ type PushOptions struct {
|
||||
SourceFilter LookupReferenceFunc // filter the list source
|
||||
AddCompression []string // add existing instances with requested compression algorithms to manifest list
|
||||
ForceCompressionFormat bool // force push with requested compression ignoring the blobs which can be reused.
|
||||
// Maximum number of retries with exponential backoff when facing
|
||||
// transient network errors. Default 3.
|
||||
MaxRetries *uint
|
||||
// RetryDelay used for the exponential back off of MaxRetries.
|
||||
RetryDelay *time.Duration
|
||||
}
|
||||
|
||||
// Create creates a new list containing information about the specified image,
|
||||
@@ -262,16 +273,31 @@ func (l *list) Push(ctx context.Context, dest types.ImageReference, options Push
|
||||
ForceCompressionFormat: options.ForceCompressionFormat,
|
||||
}
|
||||
|
||||
retryOptions := retry.Options{}
|
||||
retryOptions.MaxRetry = defaultMaxRetries
|
||||
if options.MaxRetries != nil {
|
||||
retryOptions.MaxRetry = int(*options.MaxRetries)
|
||||
}
|
||||
if options.RetryDelay != nil {
|
||||
retryOptions.Delay = *options.RetryDelay
|
||||
}
|
||||
|
||||
// Copy whatever we were asked to copy.
|
||||
manifestBytes, err := cp.Image(ctx, policyContext, dest, src, copyOptions)
|
||||
if err != nil {
|
||||
return nil, "", err
|
||||
var manifestDigest digest.Digest
|
||||
f := func() error {
|
||||
opts := copyOptions
|
||||
var manifestBytes []byte
|
||||
var digest digest.Digest
|
||||
var err error
|
||||
if manifestBytes, err = cp.Image(ctx, policyContext, dest, src, opts); err == nil {
|
||||
if digest, err = manifest.Digest(manifestBytes); err == nil {
|
||||
manifestDigest = digest
|
||||
}
|
||||
}
|
||||
return err
|
||||
}
|
||||
manifestDigest, err := manifest.Digest(manifestBytes)
|
||||
if err != nil {
|
||||
return nil, "", err
|
||||
}
|
||||
return nil, manifestDigest, nil
|
||||
err = retry.IfNecessary(ctx, f, &retryOptions)
|
||||
return nil, manifestDigest, err
|
||||
}
|
||||
|
||||
func prepareAddWithCompression(variants []string) ([]cp.OptionCompressionVariant, error) {
|
||||
|
||||
5
vendor/github.com/containers/common/libnetwork/netavark/config.go
generated
vendored
5
vendor/github.com/containers/common/libnetwork/netavark/config.go
generated
vendored
@@ -204,7 +204,10 @@ func (n *netavarkNetwork) networkCreate(newNetwork *types.Network, defaultNet bo
|
||||
}
|
||||
// rust only support "true" or "false" while go can parse 1 and 0 as well so we need to change it
|
||||
newNetwork.Options[types.NoDefaultRoute] = strconv.FormatBool(val)
|
||||
|
||||
case types.VRFOption:
|
||||
if len(value) == 0 {
|
||||
return nil, errors.New("invalid vrf name")
|
||||
}
|
||||
default:
|
||||
return nil, fmt.Errorf("unsupported bridge network option %s", key)
|
||||
}
|
||||
|
||||
1
vendor/github.com/containers/common/libnetwork/types/const.go
generated
vendored
1
vendor/github.com/containers/common/libnetwork/types/const.go
generated
vendored
@@ -43,6 +43,7 @@ const (
|
||||
MetricOption = "metric"
|
||||
NoDefaultRoute = "no_default_route"
|
||||
BclimOption = "bclim"
|
||||
VRFOption = "vrf"
|
||||
)
|
||||
|
||||
type NetworkBackend string
|
||||
|
||||
2
vendor/github.com/containers/common/libnetwork/util/filters.go
generated
vendored
2
vendor/github.com/containers/common/libnetwork/util/filters.go
generated
vendored
@@ -67,7 +67,7 @@ func createPruneFilterFuncs(key string, filterValues []string) (types.FilterFunc
|
||||
}, nil
|
||||
case "label!":
|
||||
return func(net types.Network) bool {
|
||||
return !filters.MatchLabelFilters(filterValues, net.Labels)
|
||||
return filters.MatchNegatedLabelFilters(filterValues, net.Labels)
|
||||
}, nil
|
||||
case "until":
|
||||
until, err := filters.ComputeUntilTimestamp(filterValues)
|
||||
|
||||
29
vendor/github.com/containers/common/pkg/subscriptions/subscriptions.go
generated
vendored
29
vendor/github.com/containers/common/pkg/subscriptions/subscriptions.go
generated
vendored
@@ -362,6 +362,35 @@ func addFIPSModeSubscription(mounts *[]rspec.Mount, containerRunDir, mountPoint,
|
||||
}
|
||||
*mounts = append(*mounts, m)
|
||||
}
|
||||
|
||||
// Make sure we set the config to FIPS so that the container does not overwrite
|
||||
// /etc/crypto-policies/back-ends when crypto-policies-scripts is reinstalled.
|
||||
cryptoPoliciesConfigFile := filepath.Join(containerRunDir, "fips-config")
|
||||
file, err := os.Create(cryptoPoliciesConfigFile)
|
||||
if err != nil {
|
||||
return fmt.Errorf("creating fips config file in container for FIPS mode: %w", err)
|
||||
}
|
||||
defer file.Close()
|
||||
if _, err := file.WriteString("FIPS\n"); err != nil {
|
||||
return fmt.Errorf("writing fips config file in container for FIPS mode: %w", err)
|
||||
}
|
||||
if err = label.Relabel(cryptoPoliciesConfigFile, mountLabel, false); err != nil {
|
||||
return fmt.Errorf("applying correct labels on fips-config file: %w", err)
|
||||
}
|
||||
if err := file.Chown(uid, gid); err != nil {
|
||||
return fmt.Errorf("chown fips-config file: %w", err)
|
||||
}
|
||||
|
||||
policyConfig := "/etc/crypto-policies/config"
|
||||
if !mountExists(*mounts, policyConfig) {
|
||||
m := rspec.Mount{
|
||||
Source: cryptoPoliciesConfigFile,
|
||||
Destination: policyConfig,
|
||||
Type: "bind",
|
||||
Options: []string{"bind", "rprivate"},
|
||||
}
|
||||
*mounts = append(*mounts, m)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
|
||||
15
vendor/github.com/onsi/gomega/CHANGELOG.md
generated
vendored
15
vendor/github.com/onsi/gomega/CHANGELOG.md
generated
vendored
@@ -1,3 +1,18 @@
|
||||
## 1.28.0
|
||||
|
||||
### Features
|
||||
- Add VerifyHost handler to ghttp (#698) [0b03b36]
|
||||
|
||||
### Fixes
|
||||
- Read Body for Newer Responses in HaveHTTPBodyMatcher (#686) [18d6673]
|
||||
|
||||
### Maintenance
|
||||
- Bump github.com/onsi/ginkgo/v2 from 2.11.0 to 2.12.0 (#693) [55a33f3]
|
||||
- Typo in matchers.go (#691) [de68e8f]
|
||||
- Bump commonmarker from 0.23.9 to 0.23.10 in /docs (#690) [ab17f5e]
|
||||
- chore: update test matrix for Go 1.21 (#689) [5069017]
|
||||
- Bump golang.org/x/net from 0.12.0 to 0.14.0 (#688) [babe25f]
|
||||
|
||||
## 1.27.10
|
||||
|
||||
### Fixes
|
||||
|
||||
2
vendor/github.com/onsi/gomega/gomega_dsl.go
generated
vendored
2
vendor/github.com/onsi/gomega/gomega_dsl.go
generated
vendored
@@ -22,7 +22,7 @@ import (
|
||||
"github.com/onsi/gomega/types"
|
||||
)
|
||||
|
||||
const GOMEGA_VERSION = "1.27.10"
|
||||
const GOMEGA_VERSION = "1.28.0"
|
||||
|
||||
const nilGomegaPanic = `You are trying to make an assertion, but haven't registered Gomega's fail handler.
|
||||
If you're using Ginkgo then you probably forgot to put your assertion in an It().
|
||||
|
||||
2
vendor/github.com/onsi/gomega/matchers.go
generated
vendored
2
vendor/github.com/onsi/gomega/matchers.go
generated
vendored
@@ -94,7 +94,7 @@ func Succeed() types.GomegaMatcher {
|
||||
//
|
||||
// Expect(err).Should(MatchError("an error")) //asserts that err.Error() == "an error"
|
||||
// Expect(err).Should(MatchError(SomeError)) //asserts that err == SomeError (via reflect.DeepEqual)
|
||||
// Expect(err).Should(MatchError(ContainSubstring("sprocket not found"))) // asserts that edrr.Error() contains substring "sprocket not found"
|
||||
// Expect(err).Should(MatchError(ContainSubstring("sprocket not found"))) // asserts that err.Error() contains substring "sprocket not found"
|
||||
//
|
||||
// It is an error for err to be nil or an object that does not implement the
|
||||
// Error interface
|
||||
|
||||
9
vendor/github.com/onsi/gomega/matchers/have_http_body_matcher.go
generated
vendored
9
vendor/github.com/onsi/gomega/matchers/have_http_body_matcher.go
generated
vendored
@@ -11,8 +11,9 @@ import (
|
||||
)
|
||||
|
||||
type HaveHTTPBodyMatcher struct {
|
||||
Expected interface{}
|
||||
cachedBody []byte
|
||||
Expected interface{}
|
||||
cachedResponse interface{}
|
||||
cachedBody []byte
|
||||
}
|
||||
|
||||
func (matcher *HaveHTTPBodyMatcher) Match(actual interface{}) (bool, error) {
|
||||
@@ -73,7 +74,7 @@ func (matcher *HaveHTTPBodyMatcher) NegatedFailureMessage(actual interface{}) (m
|
||||
// the Reader is closed and it is not readable again in FailureMessage()
|
||||
// or NegatedFailureMessage()
|
||||
func (matcher *HaveHTTPBodyMatcher) body(actual interface{}) ([]byte, error) {
|
||||
if matcher.cachedBody != nil {
|
||||
if matcher.cachedResponse == actual && matcher.cachedBody != nil {
|
||||
return matcher.cachedBody, nil
|
||||
}
|
||||
|
||||
@@ -91,8 +92,10 @@ func (matcher *HaveHTTPBodyMatcher) body(actual interface{}) ([]byte, error) {
|
||||
|
||||
switch a := actual.(type) {
|
||||
case *http.Response:
|
||||
matcher.cachedResponse = a
|
||||
return body(a)
|
||||
case *httptest.ResponseRecorder:
|
||||
matcher.cachedResponse = a
|
||||
return body(a.Result())
|
||||
default:
|
||||
return nil, fmt.Errorf("HaveHTTPBody matcher expects *http.Response or *httptest.ResponseRecorder. Got:\n%s", format.Object(actual, 1))
|
||||
|
||||
Reference in New Issue
Block a user