Since GPG 2.1, GPG asks for a passphrase by default; opt out when
generating test keys to avoid
> gpg: agent_genkey failed: No pinentry
> gpg: key generation failed: No pinentry
which happens otherwise (and we can't use an interactive pinentry
in a batch process anyway).
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Skopeo CI tests run under podman; hence the registries
run in the tests will be podman-in-podman. This requires
complex muckery to make work:
- install bats, jq, and podman in the test image
- add new test-system Make target. It runs podman
with /var/lib/containers bind-mounted to a tmpdir
and with other necessary options; and invokes a
test script that hack-edits /etc/containers/storage.conf
before running podman for the first time.
- add --cgroup-manager=cgroupfs option to podman
invocations in BATS: without this, podman-in-podman
fails with:
systemd cgroup flag passed, but systemd support for managing cgroups is not available
Also: gpg --pinentry-mode option is not available on all
our test platforms. Check for it before using.
Signed-off-by: Ed Santiago <santiago@redhat.com>
- Got TLS registry working, and test enabled. The trick was to
copy the .crt file to a separate directory *without* the .key
- auth test - set up a private XDG_RUNTIME_DIR, in case tests
are being run by a real user.
- signing test - remove FIXME comments; questions answered.
- helpers.bash - document start_registries(); save a .crt file,
not .cert; and remove unused stop_registries() - it's too hard
to do right, and very easy for individual tests to 'podman rm -f'
- run-tests - remove SKOPEO_BINARY definition, it's inconsistent
with the one in helpers.bash
Signed-off-by: Ed Santiago <santiago@redhat.com>
We need to verfy that the user entered a valid transport before attempting
to see if the transport exists, otherwise skopeo segfaults.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
This change fixes skopeo usage in restricted environment such as
bubblewrap where it doesn't need extra capabilities or user namespace
to perform its action.
Close#649
Signed-off-by: Tristan Cacqueray <tdecacqu@redhat.com>
Add a --config option to "skopeo inspect" to dump an image's
configuration blob in the OCI format, or the original format
if --config and --raw are specified.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Follow PR #433Close#421
Currently skopeo inspect allows to:
Use the default credentials in $HOME/.docker.config
Explicitly define credentials via de --creds flag
This implements a --no-creds flag which will query docker registries anonymously.
Signed-off-by: Qi Wang <qiwan@redhat.com>
overlay: propagate errors from mountProgram
utils: root in a userns uses global conf file
Fix handling of additional stores
Correctly check permissions on rootless directory
Fix possible integer overflow on 32bit builds
Evaluate device path for lvm
lockfile test: make concurrent RW test determinisitc
lockfile test: make concurrent read tests deterministic
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
do not create a user namespace if we already have the capabilities we
need for pulling and storing an image.
Closes: https://github.com/containers/skopeo/issues/637
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
This commit contains the necessary split-up between buildah/pkg and
buildah/util to avoid dependency breaks.
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
This commit simply bumps containers/storage to the latest version to
unblock the containers/image integration test runs.
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
Currently we are only installing the skopeo.1 man page. This
change will generate and install all man pages.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
