Go 1.13.x isn't sensitive to the `GO111MODULE` environment variable
causing `make binary-local` to not use the vendored sources in
`./vendor`. Force builds of module-supporting go versions to use the
vendored sources by setting `-mod=vendor`.
Verified in a `fedora:rawhide` container.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Vendor in the latest c/image to enforce blocking of registries when
creating a c/image/docker.dockerClient. Add integration tests to
avoid regressions.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* progress bar: use spinners for unknown blob sizes
* improve README.md and the review of the changes
* use 'containers_image_ostree' as build tag
* ostree: default is no OStree support
* Add "Env" to ImageInspectInfo
* config.go: improve debug message
* config.go: log where credentials come from
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
containers/storage needs math/bits which has been added in go 1.9, so
this is now the lowest possible go version to build skopeo. We can also
remove the GO15VENDOREXPERIMENT variable since this has been enabled in
go 1.6 per default and removed in go 1.7.
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
Turn of go modules to avoid breaking build environments to accidentally
try pulling the dependencies instead of using the ./vendor directory.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Adds a simple documentation how to install skopeo and its build dependencies
on an openSUSE distribution
Signed-off-by: José Guilherme Vanz <jguilhermevanz@suse.com>
Don't get tricked by the v1.5.2-0.20190620105408-93b1deece293 reference
in the go.mod file. The upper commit is *after* v2.0.0 and go simply
has a bug in dealing with git tags.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
There are cases where we want to pass this flag to the actual copy engine,
so let's add a CLI flag for it.
Signed-off-by: Tycho Andersen <tycho@tycho.ws>
Using `go get` with go modules has side-effects that we can avoid by
installing golint from the Fedora repositories.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
This adds the mirror-by-digest-only option to mirrors, and moves the search
order to an independent list.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
This does not happen in this repo's tests, but containers/image's
(make test-skopeo) fails in the containers_image_openpgp configuration with
> not ok 10 signing
> ...
> # time="2019-06-11T20:59:32Z" level=fatal msg="Signing not supported: signing is not supported in github.com/containers/image built with the containers_image_openpgp build tag"
To reproduce/test this:
> make test-system BUILDTAGS='ostree containers_image_openpgp'
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
The usual 'podman run -d' race condition: we've been forking
off the container but not actually making sure it's up; this
leads to flakes in which we try (and fail) to access it.
Solution: use curl to check the port; we will expect a zero
exit status once we can connect. Time out at ten seconds.
Resolves: #675
Signed-off-by: Ed Santiago <santiago@redhat.com>
Since GPG 2.1, GPG asks for a passphrase by default; opt out when
generating test keys to avoid
> gpg: agent_genkey failed: No pinentry
> gpg: key generation failed: No pinentry
which happens otherwise (and we can't use an interactive pinentry
in a batch process anyway).
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Skopeo CI tests run under podman; hence the registries
run in the tests will be podman-in-podman. This requires
complex muckery to make work:
- install bats, jq, and podman in the test image
- add new test-system Make target. It runs podman
with /var/lib/containers bind-mounted to a tmpdir
and with other necessary options; and invokes a
test script that hack-edits /etc/containers/storage.conf
before running podman for the first time.
- add --cgroup-manager=cgroupfs option to podman
invocations in BATS: without this, podman-in-podman
fails with:
systemd cgroup flag passed, but systemd support for managing cgroups is not available
Also: gpg --pinentry-mode option is not available on all
our test platforms. Check for it before using.
Signed-off-by: Ed Santiago <santiago@redhat.com>
- Got TLS registry working, and test enabled. The trick was to
copy the .crt file to a separate directory *without* the .key
- auth test - set up a private XDG_RUNTIME_DIR, in case tests
are being run by a real user.
- signing test - remove FIXME comments; questions answered.
- helpers.bash - document start_registries(); save a .crt file,
not .cert; and remove unused stop_registries() - it's too hard
to do right, and very easy for individual tests to 'podman rm -f'
- run-tests - remove SKOPEO_BINARY definition, it's inconsistent
with the one in helpers.bash
Signed-off-by: Ed Santiago <santiago@redhat.com>
