mirror of
https://github.com/containers/podman.git
synced 2025-11-29 17:48:05 +08:00
34166fc004
Tremendous amount of changes in here, but all should amount to the same thing: changing Go import paths from v5 to v6. Also bumped go.mod to github.com/containers/podman/v6 and updated version to v6.0.0-dev. Signed-off-by: Matt Heon <mheon@redhat.com>
96 lines
2.6 KiB
Go
96 lines
2.6 KiB
Go
package ocipull
|
|
|
|
import (
|
|
"context"
|
|
"errors"
|
|
"fmt"
|
|
"io/fs"
|
|
"os"
|
|
|
|
"github.com/containers/buildah/pkg/parse"
|
|
"github.com/containers/podman/v6/pkg/machine/define"
|
|
"github.com/sirupsen/logrus"
|
|
"go.podman.io/image/v5/copy"
|
|
"go.podman.io/image/v5/oci/layout"
|
|
"go.podman.io/image/v5/signature"
|
|
"go.podman.io/image/v5/types"
|
|
)
|
|
|
|
// PullOptions includes data to alter certain knobs when pulling a source
|
|
// image.
|
|
type PullOptions struct {
|
|
// Skip TLS verification when accessing the registry.
|
|
SkipTLSVerify types.OptionalBool
|
|
// [username[:password] to use when connecting to the registry.
|
|
Credentials string
|
|
// Quiet the progress bars when pushing.
|
|
Quiet bool
|
|
}
|
|
|
|
var (
|
|
// noSignaturePolicy is a default policy if policy.json is not found on
|
|
// the host machine.
|
|
noSignaturePolicy string = `{"default":[{"type":"insecureAcceptAnything"}]}`
|
|
)
|
|
|
|
// Pull `imageInput` from a container registry to `sourcePath`.
|
|
func Pull(ctx context.Context, imageInput types.ImageReference, localDestPath *define.VMFile, options *PullOptions) error {
|
|
var (
|
|
policy *signature.Policy
|
|
)
|
|
destRef, err := layout.ParseReference(localDestPath.GetPath())
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
sysCtx := &types.SystemContext{
|
|
DockerInsecureSkipTLSVerify: options.SkipTLSVerify,
|
|
}
|
|
if options.Credentials != "" {
|
|
authConf, err := parse.AuthConfig(options.Credentials)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
sysCtx.DockerAuthConfig = authConf
|
|
}
|
|
|
|
// Policy paths returns a slice of directories where the policy.json
|
|
// may live. Iterate those directories and try to see if any are
|
|
// valid ignoring when the file does not exist
|
|
for _, path := range policyPaths() {
|
|
policy, err = signature.NewPolicyFromFile(path)
|
|
if err != nil {
|
|
if errors.Is(err, fs.ErrNotExist) {
|
|
continue
|
|
}
|
|
return fmt.Errorf("reading signature policy: %w", err)
|
|
}
|
|
}
|
|
|
|
// If no policy has been found yet, we use a no signature policy automatically
|
|
if policy == nil {
|
|
logrus.Debug("no signature policy file found: using default allow everything signature policy")
|
|
policy, err = signature.NewPolicyFromBytes([]byte(noSignaturePolicy))
|
|
if err != nil {
|
|
return fmt.Errorf("obtaining signature policy: %w", err)
|
|
}
|
|
}
|
|
|
|
policyContext, err := signature.NewPolicyContext(policy)
|
|
if err != nil {
|
|
return fmt.Errorf("creating new signature policy context: %w", err)
|
|
}
|
|
|
|
copyOpts := copy.Options{
|
|
SourceCtx: sysCtx,
|
|
}
|
|
if !options.Quiet {
|
|
copyOpts.ReportWriter = os.Stderr
|
|
}
|
|
if _, err := copy.Image(ctx, policyContext, destRef, imageInput, ©Opts); err != nil {
|
|
return fmt.Errorf("pulling source image: %w", err)
|
|
}
|
|
|
|
return nil
|
|
}
|