Sadly...I swear I had tested this at one point, but it was
*definitely* not the intention that we just return the container
runtime configuration.
I need a method to return the full image configuration. At some point
I must have accidentally added a redundant `.Config`.
This whole new method `GetFullConfig` is like `GetConfig` but
returns the whole image configuration. A specific motivation
here is that it's only in the image configuration that we can
stick arbitrary metadata (labels) that will survive a round trip through
docker schema v2.
just to keep various dependency checkers happy.
> go get github.com/containerd/containerd@v1.5.8
NOTE: This is NOT a fix for CVE-2021-41190 / GHSA-77vh-xpmg-72qh ,
that was fixed in Skopeo 1.5.2.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
... to a version past 1.0.2, just to keep various
dependency checkers happy.
> go get github.com/opencontainers/image-spec@v1.0.2-0.20211123152302-43a7dee1ec31
The commit is intended to match https://github.com/containers/image/pull/1419
to minimize churn.
NOTE: This is NOT a fix for CVE-2021-41190 / GHSA-77vh-xpmg-72qh ,
that was fixed in Skopeo 1.5.2.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
The new --multi-arch option allows the user to select between copying the
image associated with the system platform, all images in the index, or
just the index itself without attempting to copy the images.
Signed-off-by: James Hewitt <james.hewitt@uk.ibm.com>
This test was incorrectly assuming that nothing would be made on disk,
but it was putting files into the source directory.
Signed-off-by: James Hewitt <james.hewitt@uk.ibm.com>
Includes a fix for CVE-2021-41190 / GHSA-77vh-xpmg-72qh .
- use fedora:latest in contrib/skopeoimage/*/Dockerfile
- Fix test bug that prevented useful diagnostics on registry fail
- proxy: Add an API to fetch the config upconverted to OCI
- proxy: Add support for manifest lists
- proxy: Uncapitalize all errors
- Cirrus: Bump Fedora to release 35 & Ubuntu to 21.10
- Update to c/image v5.17.0
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
The Fedora 35 cloud images have switched to UEFI boot with a GPT
partition. Formerly, all Fedora images included support for runtime
re-partitioning. However, the requirement to test alternate storage
has since been dropped/removed. Rather than maintain a disused
feature, and supporting scripts, these Fedora VM images have reverted
to the default: Automatically resize to 100% on boot.
Signed-off-by: Chris Evich <cevich@redhat.com>
To fix compilation on MacOS.
I think actually we want to use this pervasively in our tests
on Linux; it doesn't really matter when run inside a transient
container, but `PDEATHSIG` is useful for persistent containers (e.g.)
toolbox and when running outside of a pid namespace, e.g. on a host
system shell directly or in systemd.
Signed-off-by: Colin Walters <walters@verbum.org>
We need to support manifest lists. I'm not sure how I missed this
originally. At least now we have integration tests that cover this.
The issue here is fairly subtle - the way c/image works right now,
`image.FromUnparsedImage` does pick a matching image from a list
by default. But it also overrides `GetManifest()` to return the
original manifest list, which defeats our goal here.
Handle this by adding explicit manifest list support code. We'll
want this anyways for future support for `GetRawManifest` or so
which exposes OCI manifest lists to the client.
Signed-off-by: Colin Walters <walters@verbum.org>
I debated adding "reverse dependency testing" using
https://crates.io/crates/containers-image-proxy
but I think it's easier to reuse the test infrastructure here.
This also starts fleshing out a Go client for the proxy (not
that this is going to be something most Go projects would want
versus vendoring c/image...but hey, maybe it'll be useful).
Now what I hit in trying to use the main test images is currently
the proxy fails on manifest lists, so I'll need to fix that.
Signed-off-by: Colin Walters <walters@verbum.org>
While the caller could fetch this today as a blob, it'd be in
either docker or oci schema. In keeping with the model of having
this proxy only expose OCI, add an API which uses the c/image logic
to do the conversion.
This is necessary for callers to get the diffIDs, and in general
to implement something like an external `skopeo copy`.
Signed-off-by: Colin Walters <walters@verbum.org>
Sigh. 'expr 1 - 1' yields 0 (correctly) but also exits 1. This
is even documented in the man page, but I didn't know it. And
thus, on the final iteration, when timeout reached 0, BATS
errored out on the expr instead of continuing to the 'podman logs'
or the 'die' message.
Solution is super trivial: use $(( ... )) instead of expr.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Surprisingly, the spf13/cobra CLI parsing logic, when presented
with an unknown subcommand outputs usage to stdout
and *exits successfully*.
This is bad for both users and scripts. Cargo cult some code
I found in podman to handle this.
Motivated by https://github.com/containers/containers-image-proxy-rs/pull/1
Signed-off-by: Colin Walters <walters@verbum.org>
This ensures layers are not uploaded that already exist on the
destination registry, in exchange for streaming layers to temporary
files when digests are unknown (ex. compressing "on the fly").
Signed-off-by: Paul Fisher <pfisher@lyft.com>
Following the discussion in #1478, we don't want to provide
(and maintain) static binaries, but giving instructions to
produce such builds (with appropriate warnings around these
instructions) was considered acceptable, so - here we go!
