Following PR makes sure that `podman manifest rm <list>` only removes
the named manifest list and not referenced images.
Bumping and squashing c/common to v0.43.3-0.20210902095222-a7acc160fb25
in same commit in order to make sure build commit test passes.
Signed-off-by: Aditya Rajan <arajan@redhat.com>
Bump Buildah to v1.22.0 in preparation for RHEL 8.5 and
RHEL 9.0beta. Also bump c/common to v0.42.1
[NO TESTS NEEDED]
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
This adds the integration tests for the repository or namespaced
registry feature introduced in c/common.
Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
By proxy by vendoring containers/common. Previously, a "dangling" image
was an untagged image; just a described in the Docker docs. The
definition of dangling has now been refined to an untagged image without
children to be compatible with Docker.
Further update a redundant image-prune test.
Fixes: #10998Fixes: #10832
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
The `IgnorePlatform` options has been removed from the
`LookupImageOptions` in libimage to properly support multi-arch images.
Skip one buildah-bud test which requires updated CI images. This is
currently being done in github.com/containers/podman/pull/10829 but
we need to unblock merging common and buildah into podman.
[NO TESTS NEEDED]
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Pull the trigger on the `pkg/registries` package which acted as a proxy
for `c/image/pkg/sysregistriesv2`. Callers should be using the packages
from c/image directly, if needed at all.
Also make use of libimage's SystemContext() method which returns a copy
of a system context, further reducing the risk of unintentionally
altering global data.
[NO TESTS NEEDED]
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Much to my regret, there is a number of images in the wild with invalid
platforms breaking the platform checks in libimage that want to make
sure that a local image is matching the expected platform.
Imagine a `podman run --arch=arm64 fedora` with a local amd64 fedora
image. We really shouldn't use the local one in this case and pull down
the arm64 one.
The strict platform checks in libimage in combination with invalid
platforms in images surfaced in Podman being able to pull an image but
failing to look it up in subsequent presence checks. A `podman run`
would hence pull such an image but fail to create the container.
Support images with invalid platforms by vendoring the latest HEAD from
containers/common. Also remove the partially implemented pull-policy
logic from Podman and let libimage handle that entirely. However,
whenever --arch, --os or --platform are specified, the pull policy will
be forced to "newer". This way, we pessimistically assume that the
local image has an invalid platform and we reach out to the registry.
If there's a newer image (i.e., one with a different digest), we'll pull
it down.
Please note that most of the logic has either already been implemented
in libimage or been moved down which allows for removing some clutter
from Podman.
[NO TESTS NEEDED] since c/common has new tests. Podman can rely on the
existing tests.
Fixes: #10648Fixes: #10682
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Users are complaining about read/only /var/tmp failing
even if TMPDIR=/tmp is set.
This PR Fixes: https://github.com/containers/podman/issues/10698
[NO TESTS NEEDED] No way to test this.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Vendor in the latest HEAd of containers/common to implicitly support the
tag@digest notation for images. To remain compatible with Docker, the
tag will be stripped off the image reference and is entirely ignored.
Fixes: #6721
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
When the containers.conf field "NetNS" is set to "Bridge" and the
"RootlessNetworking" field is set to "cni", Podman will now
handle rootless in the same way it does root - all containers
will be joined to a default CNI network, instead of exclusively
using slirp4netns.
If no CNI default network config is present for the user, one
will be auto-generated (this also works for root, but it won't be
nearly as common there since the package should already ship a
config).
I eventually hope to remove the "NetNS=Bridge" bit from
containers.conf, but let's get something in for Brent to work
with.
Signed-off-by: Matthew Heon <mheon@redhat.com>
Update containers common to the latest HEAD. Some bug fixes in libimage
forced us to have a clearer separation between ordinary images and
manifest lists. Hence, when looking up manifest lists without recursing
into any of their instances, we need to use `LookupManifestList()`.
Also account for some other changes in c/common (e.g., the changed order
in the security labels).
Further vendor the latest HEAD from Buildah which is required to get the
bud tests to pass.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
The initial version of libimage changed the order of layers which has
now been restored to remain backwards compatible.
Further changes:
* Fix a bug in the journald logging which requires to strip trailing
new lines from the message. The system tests did not pass due to
empty new lines. Triggered by changing the default logger to
journald in containers/common.
* Fix another bug in the journald logging which embedded the container
ID inside the message rather than the specifid field. That surfaced
in a preceeding whitespace of each log line which broke the system
tests.
* Alter the system tests to make sure that the k8s-file and the
journald logging drivers are executed.
* A number of e2e tests have been changed to force the k8s-file driver
to make them pass when running inside a root container.
* Increase the timeout in a kill test which seems to take longer now.
Reasons are unknown. Tests passed earlier and no signal-related
changes happend. It may be CI VM flake since some system tests but
other flaked.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Migrate the Podman code base over to `common/libimage` which replaces
`libpod/image` and a lot of glue code entirely.
Note that I tried to leave bread crumbs for changed tests.
Miscellaneous changes:
* Some errors yield different messages which required to alter some
tests.
* I fixed some pre-existing issues in the code. Others were marked as
`//TODO`s to prevent the PR from exploding.
* The `NamesHistory` of an image is returned as is from the storage.
Previously, we did some filtering which I think is undesirable.
Instead we should return the data as stored in the storage.
* Touched handlers use the ABI interfaces where possible.
* Local image resolution: previously Podman would match "foo" on
"myfoo". This behaviour has been changed and Podman will now
only match on repository boundaries such that "foo" would match
"my/foo" but not "myfoo". I consider the old behaviour to be a
bug, at the very least an exotic corner case.
* Futhermore, "foo:none" does *not* resolve to a local image "foo"
without tag anymore. It's a hill I am (almost) willing to die on.
* `image prune` prints the IDs of pruned images. Previously, in some
cases, the names were printed instead. The API clearly states ID,
so we should stick to it.
* Compat endpoint image removal with _force_ deletes the entire not
only the specified tag.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
When in podman machine virtual machines, podman needs to be able to
detect as such. One implementation for this is when creating networks,
the podman-machine cni plugin needs to be added to the configuration.
This PR also includes the latest containers-common.
[NO TESTS NEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
