We expect schema1 images to work. Also, docker/distribution
doesn't provide useful errors for rejected schema1 images
( https://github.com/distribution/distribution/issues/2925 ),
which makes it impractical for Skopeo to automatically convert
schema1 to schema2.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
The k8s.gcr.io/coredns/coredns repo now contains an OCI
artifact, which we can't copy; so, use a different
repo to test syncing.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Mostly just name changes that should not change behavior, apart
from ioutil.ReadDir -> os.ReadDir avoiding per-item lstat(2) in
one case.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
This enables pushing to registries where the push and pull uris may be
different, for example where pushed images are mirrored to a read only
replica for distribution.
Closes#1588
Signed-off-by: James Hewitt <james.hewitt@uk.ibm.com>
This saves us at least 2 lines (error check, and cleanup) on every
instance, or in some cases adds cleanup that we forgot.
This is inspired by, but not directly related to, Go 1.15's addition of
Testing.T.TempDir.
NOTE: This might significantly increase the tests' disk space requirements;
AFAICS the temporary directories are only cleaned up when a whole "suite
finishes running.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
... as found by (golangci-lint run).
Note: this does not add (golangci-lint run) to the Makefile
to ensure the coding standard.
(BTW golangci-lint currently fails on structcheck, which doesn't
handle embedded structs, and that's a years-long known unfixed
limitation.)
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
> receiver name should be a reflection of its identity; don't use generic names such as "this" or "self" (ST1006)
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Sadly...I swear I had tested this at one point, but it was
*definitely* not the intention that we just return the container
runtime configuration.
I need a method to return the full image configuration. At some point
I must have accidentally added a redundant `.Config`.
This whole new method `GetFullConfig` is like `GetConfig` but
returns the whole image configuration. A specific motivation
here is that it's only in the image configuration that we can
stick arbitrary metadata (labels) that will survive a round trip through
docker schema v2.
The new --multi-arch option allows the user to select between copying the
image associated with the system platform, all images in the index, or
just the index itself without attempting to copy the images.
Signed-off-by: James Hewitt <james.hewitt@uk.ibm.com>
This test was incorrectly assuming that nothing would be made on disk,
but it was putting files into the source directory.
Signed-off-by: James Hewitt <james.hewitt@uk.ibm.com>
To fix compilation on MacOS.
I think actually we want to use this pervasively in our tests
on Linux; it doesn't really matter when run inside a transient
container, but `PDEATHSIG` is useful for persistent containers (e.g.)
toolbox and when running outside of a pid namespace, e.g. on a host
system shell directly or in systemd.
Signed-off-by: Colin Walters <walters@verbum.org>
We need to support manifest lists. I'm not sure how I missed this
originally. At least now we have integration tests that cover this.
The issue here is fairly subtle - the way c/image works right now,
`image.FromUnparsedImage` does pick a matching image from a list
by default. But it also overrides `GetManifest()` to return the
original manifest list, which defeats our goal here.
Handle this by adding explicit manifest list support code. We'll
want this anyways for future support for `GetRawManifest` or so
which exposes OCI manifest lists to the client.
Signed-off-by: Colin Walters <walters@verbum.org>
I debated adding "reverse dependency testing" using
https://crates.io/crates/containers-image-proxy
but I think it's easier to reuse the test infrastructure here.
This also starts fleshing out a Go client for the proxy (not
that this is going to be something most Go projects would want
versus vendoring c/image...but hey, maybe it'll be useful).
Now what I hit in trying to use the main test images is currently
the proxy fails on manifest lists, so I'll need to fix that.
Signed-off-by: Colin Walters <walters@verbum.org>
Go 1.17 introduces a much more reasonable build constraint format, and gofmt now fails without using it.
Sadly we still need the old format as well, to support <1.17 builds.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Dependabot was apparently not picking these up (and
several haven't had a release for a long time anyway).
Also move from github.com/go-check/check to its newly
declared (and go.mod-enforced) name gopkg.in/check.v1.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
... so that we terminate with the full context and pointing at
the relevant code, instead of relying
on the overall test suite timeout.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
The necessary images have been manually copied over to quay. Code was
updated with centralized constants for the utilized images. Tests then
all reference the constants (in case the image locations need to change
again).
Signed-off-by: Chris Evich <cevich@redhat.com>
`podman push` gained this a while ago, and we want it here for the
same reason.
Motivated by closing a race condition in ostree-rs-ext:
17a991050c/lib/src/container/export.rs (L85)
Co-authored-by: Miloslav Trmač <mitr@redhat.com>
PREFIX should default to /usr/local according to GNU coding standards.
DESTDIR should just be used for install
This will allow us to specify
make PREFIX=/usr DESTDIR=/tmp/build/ install
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Do repository synchronization tests using k8s.gcr.io/pause and
k8s.gcr.io/coredns/coredns instead of docker.io/alpine.
The k8s.gcr.io/pause repository includes multiple tags, at least one of
which is a single image ("1.0"), and at least one of which is a manifest
list ("3.2", "3.3"), and includes a "latest" tag.
The k8s.gcr.io/coredns/coredns repository includes multiple tags, at
least one of which is a single image ("v1.6.6"), and at least one of which
is a manifest list ("v1.8.0").
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Switch most of our tests that exercise reading, copying from, and
inspecting tags that point to manifest lists from using
docker.io/estesp/busybox to using
registry.fedoraproject.org/fedora-minimal, which doesn't limit how often
we can pull the images.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
This replicates the --all copy flag to sync to perform the same
behavior. Namely, the default is CopySystemImage unless --all is passed
which changes the behavior to CopyAllImages. While it is probably
desirable for --all to be the default as there is no option to override
ones architecture with the sync command, --all can potentially break
existing sync incantations depending on registry support. Hence
CopySystemImage remains the default.
Signed-off-by: Andrew DeMaria <ademaria@cloudflare.com>
For yet unknown reasons, Travis throws permission errors when trying to
recursively list the contents of a temp directory. It passes locally,
so disable the logs to unblock CI. Note, the reasons for the error are
yet to be revealed.
Related-issue: https://github.com/containers/skopeo/issues/1093
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Fields that magically change their behavior depending on type of the value
are too much hassle for no benefit.
For now, this just copies&pastes the full loop in imagesToCopyFromRegistry
to create another loop handling the new ImagesByTagRegex field. Simplifications
to reduce duplication will follow.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
