From aa20fbfdf5949cfeadbdb8d4549bfa5b8d2926d2 Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@redhat.com>
Date: Sat, 28 Mar 2020 07:09:22 -0400
Subject: [PATCH] Skopeo should support for BigFilesTemporaryDir
 (SystemContext)

Enhancement request: https://github.com/containers/skopeo/issues/805

Also sorted commands and options on skopeo man page and skopeo --help

Originally submitted by  Michel Belleau <michel.belleau@malaiwah.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
---
 cmd/skopeo/main.go       | 52 ++++++++++++++++++++++------------------
 cmd/skopeo/utils.go      |  1 +
 cmd/skopeo/utils_test.go |  4 ++++
 completions/bash/skopeo  |  1 +
 docs/skopeo.1.md         | 14 ++++++-----
 5 files changed, 43 insertions(+), 29 deletions(-)

diff --git a/cmd/skopeo/main.go b/cmd/skopeo/main.go
index fdb60b90..4e26afbe 100644
--- a/cmd/skopeo/main.go
+++ b/cmd/skopeo/main.go
@@ -28,6 +28,7 @@ type globalOptions struct {
 	overrideVariant    string        // Architecture variant to use for choosing images, instead of the runtime one
 	commandTimeout     time.Duration // Timeout for the command execution
 	registriesConfPath string        // Path to the "registries.conf" file
+	tmpDir             string        // Path to use for big temporary files
 }
 
 // createApp returns a cli.App, and the underlying globalOptions object, to be run or tested.
@@ -44,32 +45,21 @@ func createApp() (*cli.App, *globalOptions) {
 	}
 	app.Usage = "Various operations with container images and container image registries"
 	app.Flags = []cli.Flag{
+		cli.DurationFlag{
+			Name:        "command-timeout",
+			Usage:       "timeout for the command execution",
+			Destination: &opts.commandTimeout,
+		},
 		cli.BoolFlag{
 			Name:        "debug",
 			Usage:       "enable debug output",
 			Destination: &opts.debug,
 		},
-		cli.GenericFlag{
-			Name:   "tls-verify",
-			Usage:  "require HTTPS and verify certificates when talking to container registries (defaults to true)",
-			Hidden: true,
-			Value:  newOptionalBoolValue(&opts.tlsVerify),
-		},
-		cli.StringFlag{
-			Name:        "policy",
-			Usage:       "Path to a trust policy file",
-			Destination: &opts.policyPath,
-		},
 		cli.BoolFlag{
 			Name:        "insecure-policy",
 			Usage:       "run the tool without any policy check",
 			Destination: &opts.insecurePolicy,
 		},
-		cli.StringFlag{
-			Name:        "registries.d",
-			Usage:       "use registry configuration files in `DIR` (e.g. for container signature storage)",
-			Destination: &opts.registriesDirPath,
-		},
 		cli.StringFlag{
 			Name:        "override-arch",
 			Usage:       "use `ARCH` instead of the architecture of the machine for choosing images",
@@ -85,10 +75,10 @@ func createApp() (*cli.App, *globalOptions) {
 			Usage:       "use `VARIANT` instead of the running architecture variant for choosing images",
 			Destination: &opts.overrideVariant,
 		},
-		cli.DurationFlag{
-			Name:        "command-timeout",
-			Usage:       "timeout for the command execution",
-			Destination: &opts.commandTimeout,
+		cli.StringFlag{
+			Name:        "policy",
+			Usage:       "Path to a trust policy file",
+			Destination: &opts.policyPath,
 		},
 		cli.StringFlag{
 			Name:        "registries-conf",
@@ -96,19 +86,35 @@ func createApp() (*cli.App, *globalOptions) {
 			Destination: &opts.registriesConfPath,
 			Hidden:      true,
 		},
+		cli.StringFlag{
+			Name:        "registries.d",
+			Usage:       "use registry configuration files in `DIR` (e.g. for container signature storage)",
+			Destination: &opts.registriesDirPath,
+		},
+		cli.GenericFlag{
+			Name:   "tls-verify",
+			Usage:  "require HTTPS and verify certificates when talking to container registries (defaults to true)",
+			Hidden: true,
+			Value:  newOptionalBoolValue(&opts.tlsVerify),
+		},
+		cli.StringFlag{
+			Name:        "tmpdir",
+			Usage:       "directory used to store temporary files",
+			Destination: &opts.tmpDir,
+		},
 	}
 	app.Before = opts.before
 	app.Commands = []cli.Command{
 		copyCmd(&opts),
+		deleteCmd(&opts),
 		inspectCmd(&opts),
 		layersCmd(&opts),
-		deleteCmd(&opts),
+		tagsCmd(&opts),
 		manifestDigestCmd(),
-		syncCmd(&opts),
 		standaloneSignCmd(),
 		standaloneVerifyCmd(),
+		syncCmd(&opts),
 		untrustedSignatureDumpCmd(),
-		tagsCmd(&opts),
 	}
 	return app, &opts
 }
diff --git a/cmd/skopeo/utils.go b/cmd/skopeo/utils.go
index 5296432c..72f109b4 100644
--- a/cmd/skopeo/utils.go
+++ b/cmd/skopeo/utils.go
@@ -158,6 +158,7 @@ func (opts *imageOptions) newSystemContext() (*types.SystemContext, error) {
 		DockerDaemonHost:         opts.dockerDaemonHost,
 		DockerDaemonCertPath:     opts.dockerCertPath,
 		SystemRegistriesConfPath: opts.global.registriesConfPath,
+		BigFilesTemporaryDir:     opts.global.tmpDir,
 	}
 	if opts.dockerImageOptions.authFilePath.present {
 		ctx.AuthFilePath = opts.dockerImageOptions.authFilePath.value
diff --git a/cmd/skopeo/utils_test.go b/cmd/skopeo/utils_test.go
index 63ac6f42..ea3d7c5a 100644
--- a/cmd/skopeo/utils_test.go
+++ b/cmd/skopeo/utils_test.go
@@ -54,6 +54,7 @@ func TestImageOptionsNewSystemContext(t *testing.T) {
 		"--override-arch", "overridden-arch",
 		"--override-os", "overridden-os",
 		"--override-variant", "overridden-variant",
+		"--tmpdir", "/srv",
 	}, []string{
 		"--authfile", "/srv/authfile",
 		"--dest-authfile", "/srv/dest-authfile",
@@ -78,6 +79,7 @@ func TestImageOptionsNewSystemContext(t *testing.T) {
 		DockerDaemonCertPath:              "/srv/cert-dir",
 		DockerDaemonHost:                  "daemon-host.example.com",
 		DockerDaemonInsecureSkipTLSVerify: true,
+		BigFilesTemporaryDir:              "/srv",
 	}, res)
 
 	// Global/per-command tlsVerify behavior
@@ -166,6 +168,7 @@ func TestImageDestOptionsNewSystemContext(t *testing.T) {
 		"--override-arch", "overridden-arch",
 		"--override-os", "overridden-os",
 		"--override-variant", "overridden-variant",
+		"--tmpdir", "/srv",
 	}, []string{
 		"--authfile", "/srv/authfile",
 		"--dest-cert-dir", "/srv/cert-dir",
@@ -191,6 +194,7 @@ func TestImageDestOptionsNewSystemContext(t *testing.T) {
 		DockerDaemonHost:                  "daemon-host.example.com",
 		DockerDaemonInsecureSkipTLSVerify: true,
 		DirForceCompress:                  true,
+		BigFilesTemporaryDir:              "/srv",
 	}, res)
 
 	// Invalid option values in imageOptions
diff --git a/completions/bash/skopeo b/completions/bash/skopeo
index 49a456c1..5c3c9582 100644
--- a/completions/bash/skopeo
+++ b/completions/bash/skopeo
@@ -168,6 +168,7 @@ _skopeo_skopeo() {
        --override-os
        --override-variant
        --command-timeout
+       --tmpdir
      "
      local boolean_options="
        --insecure-policy
diff --git a/docs/skopeo.1.md b/docs/skopeo.1.md
index 9d596c4a..ba989d1f 100644
--- a/docs/skopeo.1.md
+++ b/docs/skopeo.1.md
@@ -46,23 +46,25 @@ Most commands refer to container images, using a _transport_`:`_details_ format.
 
 ## OPTIONS
 
+  **--command-timeout** _duration_ Timeout for the command execution.
+
   **--debug** enable debug output
 
-  **--policy** _path-to-policy_ Path to a policy.json file to use for verifying signatures and deciding whether an image is trusted, overriding the default trust policy file.
+  **--help**|**-h** Show help
 
   **--insecure-policy** Adopt an insecure, permissive policy that allows anything. This obviates the need for a policy file.
 
-  **--registries.d** _dir_ use registry configuration files in _dir_ (e.g. for container signature storage), overriding the default path.
-
   **--override-arch** _arch_ Use _arch_ instead of the architecture of the machine for choosing images.
 
   **--override-os** _OS_ Use _OS_ instead of the running OS for choosing images.
 
   **--override-variant** _VARIANT_ Use _VARIANT_ instead of the running architecture variant for choosing images.
 
-  **--command-timeout** _duration_ Timeout for the command execution.
+  **--policy** _path-to-policy_ Path to a policy.json file to use for verifying signatures and deciding whether an image is trusted, overriding the default trust policy file.
 
-  **--help**|**-h** Show help
+  **--registries.d** _dir_ use registry configuration files in _dir_ (e.g. for container signature storage), overriding the default path.
+
+  **--tmpdir:**_dir_ _dir_ used to store temporary files. Defaults to /var/tmp.
 
   **--version**|**-v** print the version number
 
@@ -73,11 +75,11 @@ Most commands refer to container images, using a _transport_`:`_details_ format.
 | [skopeo-copy(1)](skopeo-copy.1.md)        | Copy an image (manifest, filesystem layers, signatures) from one location to another. |
 | [skopeo-delete(1)](skopeo-delete.1.md)    | Mark image-name for deletion.                                                  |
 | [skopeo-inspect(1)](skopeo-inspect.1.md)  | Return low-level information about image-name in a registry.                   |
+| [skopeo-list-tags(1)](skopeo-list-tags.1.md)  | List the tags for the given transport/repository.                           |
 | [skopeo-manifest-digest(1)](skopeo-manifest-digest.1.md)    | Compute a manifest digest of manifest-file and write it to standard output.|
 | [skopeo-standalone-sign(1)](skopeo-standalone-sign.1.md)    | Sign an image.                                               |
 | [skopeo-standalone-verify(1)](skopeo-standalone-verify.1.md)| Verify an image.                                             |
 | [skopeo-sync(1)](skopeo-sync.1.md)| Copy images from one or more repositories to a user specified destination.             |
-| [skopeo-list-tags(1)](skopeo-list-tags.1.md)  | List the tags for the given transport/repository.                           |
 
 ## FILES
   **/etc/containers/policy.json**