podman/libpod/image/pull.go

package image

import (
	"context"
	"fmt"
	"io"
	"strings"

	cp "github.com/containers/image/copy"
	"github.com/containers/image/directory"
	"github.com/containers/image/docker"
	dockerarchive "github.com/containers/image/docker/archive"
	"github.com/containers/image/docker/reference"
	"github.com/containers/image/docker/tarfile"
	ociarchive "github.com/containers/image/oci/archive"
	"github.com/containers/image/pkg/sysregistries"
	is "github.com/containers/image/storage"
	"github.com/containers/image/transports"
	"github.com/containers/image/transports/alltransports"
	"github.com/containers/image/types"
	"github.com/containers/libpod/pkg/registries"
	"github.com/containers/libpod/pkg/util"
	multierror "github.com/hashicorp/go-multierror"
	"github.com/pkg/errors"
	"github.com/sirupsen/logrus"
)

var (
	// DockerArchive is the transport we prepend to an image name
	// when saving to docker-archive
	DockerArchive = dockerarchive.Transport.Name()
	// OCIArchive is the transport we prepend to an image name
	// when saving to oci-archive
	OCIArchive = ociarchive.Transport.Name()
	// DirTransport is the transport for pushing and pulling
	// images to and from a directory
	DirTransport = directory.Transport.Name()
	// DockerTransport is the transport for docker registries
	DockerTransport = docker.Transport.Name()
	// AtomicTransport is the transport for atomic registries
	AtomicTransport = "atomic"
	// DefaultTransport is a prefix that we apply to an image name
	// NOTE: This is a string prefix, not actually a transport name usable for transports.Get();
	// and because syntaxes of image names are transport-dependent, the prefix is not really interchangeable;
	// each user implicitly assumes the appended string is a Docker-like reference.
	DefaultTransport = DockerTransport + "://"
	// DefaultLocalRegistry is the default local registry for local image operations
	// Remote pulls will still use defined registries
	DefaultLocalRegistry = "localhost"
)

// pullRefPair records a pair of prepared image references to pull.
type pullRefPair struct {
	image  string
	srcRef types.ImageReference
	dstRef types.ImageReference
}

// pullGoal represents the prepared image references and decided behavior to be executed by imagePull
type pullGoal struct {
	refPairs             []pullRefPair
	pullAllPairs         bool     // Pull all refPairs instead of stopping on first success.
	usedSearchRegistries bool     // refPairs construction has depended on registries.GetRegistries()
	searchedRegistries   []string // The list of search registries used; set only if usedSearchRegistries
}

// singlePullRefPairGoal returns a no-frills pull goal for the specified reference pair.
func singlePullRefPairGoal(rp pullRefPair) *pullGoal {
	return &pullGoal{
		refPairs:             []pullRefPair{rp},
		pullAllPairs:         false, // Does not really make a difference.
		usedSearchRegistries: false,
		searchedRegistries:   nil,
	}
}

func (ir *Runtime) getPullRefPair(srcRef types.ImageReference, destName string) (pullRefPair, error) {
	decomposedDest, err := decompose(destName)
	if err == nil && !decomposedDest.hasRegistry {
		// If the image doesn't have a registry, set it as the default repo
		decomposedDest.registry = DefaultLocalRegistry
		decomposedDest.hasRegistry = true
		destName = decomposedDest.assemble()
	}

	reference := destName
	if srcRef.DockerReference() != nil {
		reference = srcRef.DockerReference().String()
	}
	destRef, err := is.Transport.ParseStoreReference(ir.store, reference)
	if err != nil {
		return pullRefPair{}, errors.Wrapf(err, "error parsing dest reference name %#v", destName)
	}
	return pullRefPair{
		image:  destName,
		srcRef: srcRef,
		dstRef: destRef,
	}, nil
}

// getSinglePullRefPairGoal calls getPullRefPair with the specified parameters, and returns a single-pair goal for the return value.
func (ir *Runtime) getSinglePullRefPairGoal(srcRef types.ImageReference, destName string) (*pullGoal, error) {
	rp, err := ir.getPullRefPair(srcRef, destName)
	if err != nil {
		return nil, err
	}
	return singlePullRefPairGoal(rp), nil
}

// pullGoalFromImageReference returns a pull goal for a single ImageReference, depending on the used transport.
func (ir *Runtime) pullGoalFromImageReference(ctx context.Context, srcRef types.ImageReference, imgName string, sc *types.SystemContext) (*pullGoal, error) {
	// supports pulling from docker-archive, oci, and registries
	switch srcRef.Transport().Name() {
	case DockerArchive:
		archivePath := srcRef.StringWithinTransport()
		tarSource, err := tarfile.NewSourceFromFile(archivePath)
		if err != nil {
			return nil, err
		}
		manifest, err := tarSource.LoadTarManifest()

		if err != nil {
			return nil, errors.Wrapf(err, "error retrieving manifest.json")
		}
		// to pull the first image stored in the tar file
		if len(manifest) == 0 {
			// use the hex of the digest if no manifest is found
			reference, err := getImageDigest(ctx, srcRef, sc)
			if err != nil {
				return nil, err
			}
			return ir.getSinglePullRefPairGoal(srcRef, reference)
		}

		if len(manifest[0].RepoTags) == 0 {
			// If the input image has no repotags, we need to feed it a dest anyways
			digest, err := getImageDigest(ctx, srcRef, sc)
			if err != nil {
				return nil, err
			}
			return ir.getSinglePullRefPairGoal(srcRef, digest)
		}

		// Need to load in all the repo tags from the manifest
		res := []pullRefPair{}
		for _, dst := range manifest[0].RepoTags {
			pullInfo, err := ir.getPullRefPair(srcRef, dst)
			if err != nil {
				return nil, err
			}
			res = append(res, pullInfo)
		}
		return &pullGoal{
			refPairs:             res,
			pullAllPairs:         true,
			usedSearchRegistries: false,
			searchedRegistries:   nil,
		}, nil

	case OCIArchive:
		// retrieve the manifest from index.json to access the image name
		manifest, err := ociarchive.LoadManifestDescriptor(srcRef)
		if err != nil {
			return nil, errors.Wrapf(err, "error loading manifest for %q", srcRef)
		}

		var dest string
		if manifest.Annotations == nil || manifest.Annotations["org.opencontainers.image.ref.name"] == "" {
			// If the input image has no image.ref.name, we need to feed it a dest anyways
			// use the hex of the digest
			dest, err = getImageDigest(ctx, srcRef, sc)
			if err != nil {
				return nil, errors.Wrapf(err, "error getting image digest; image reference not found")
			}
		} else {
			dest = manifest.Annotations["org.opencontainers.image.ref.name"]
		}
		return ir.getSinglePullRefPairGoal(srcRef, dest)

	case DirTransport:
		path := srcRef.StringWithinTransport()
		image := path
		if image[:1] == "/" {
			// Set localhost as the registry so docker.io isn't prepended, and the path becomes the repository
			image = DefaultLocalRegistry + image
		}
		return ir.getSinglePullRefPairGoal(srcRef, image)

	default:
		return ir.getSinglePullRefPairGoal(srcRef, imgName)
	}
}

// pullImageFromHeuristicSource pulls an image based on inputName, which is heuristically parsed and may involve configured registries.
// Use pullImageFromReference if the source is known precisely.
func (ir *Runtime) pullImageFromHeuristicSource(ctx context.Context, inputName string, writer io.Writer, authfile, signaturePolicyPath string, signingOptions SigningOptions, dockerOptions *DockerRegistryOptions, forceSecure bool) ([]string, error) {
	var goal *pullGoal
	sc := GetSystemContext(signaturePolicyPath, authfile, false)
	srcRef, err := alltransports.ParseImageName(inputName)
	if err != nil {
		// could be trying to pull from registry with short name
		goal, err = ir.pullGoalFromPossiblyUnqualifiedName(inputName)
		if err != nil {
			return nil, errors.Wrap(err, "error getting default registries to try")
		}
	} else {
		goal, err = ir.pullGoalFromImageReference(ctx, srcRef, inputName, sc)
		if err != nil {
			return nil, errors.Wrapf(err, "error determining pull goal for image %q", inputName)
		}
	}
	return ir.doPullImage(ctx, sc, *goal, writer, signingOptions, dockerOptions, forceSecure)
}

// pullImageFromReference pulls an image from a types.imageReference.
func (ir *Runtime) pullImageFromReference(ctx context.Context, srcRef types.ImageReference, writer io.Writer, authfile, signaturePolicyPath string, signingOptions SigningOptions, dockerOptions *DockerRegistryOptions, forceSecure bool) ([]string, error) {
	sc := GetSystemContext(signaturePolicyPath, authfile, false)
	goal, err := ir.pullGoalFromImageReference(ctx, srcRef, transports.ImageName(srcRef), sc)
	if err != nil {
		return nil, errors.Wrapf(err, "error determining pull goal for image %q", transports.ImageName(srcRef))
	}
	return ir.doPullImage(ctx, sc, *goal, writer, signingOptions, dockerOptions, forceSecure)
}

// doPullImage is an internal helper interpreting pullGoal. Almost everyone should call one of the callers of doPullImage instead.
func (ir *Runtime) doPullImage(ctx context.Context, sc *types.SystemContext, goal pullGoal, writer io.Writer, signingOptions SigningOptions, dockerOptions *DockerRegistryOptions, forceSecure bool) ([]string, error) {
	policyContext, err := getPolicyContext(sc)
	if err != nil {
		return nil, err
	}
	defer policyContext.Destroy()

	insecureRegistries, err := registries.GetInsecureRegistries()
	if err != nil {
		return nil, err
	}
	var images []string
	var pullErrors *multierror.Error
	for _, imageInfo := range goal.refPairs {
		copyOptions := getCopyOptions(sc, writer, dockerOptions, nil, signingOptions, "", nil)
		if imageInfo.srcRef.Transport().Name() == DockerTransport {
			imgRef := imageInfo.srcRef.DockerReference()
			if imgRef == nil { // This should never happen; such references can’t be created.
				return nil, fmt.Errorf("internal error: DockerTransport reference %s does not have a DockerReference",
					transports.ImageName(imageInfo.srcRef))
			}
			registry := reference.Domain(imgRef)

			if util.StringInSlice(registry, insecureRegistries) && !forceSecure {
				copyOptions.SourceCtx.DockerInsecureSkipTLSVerify = true
				logrus.Info(fmt.Sprintf("%s is an insecure registry; pulling with tls-verify=false", registry))
			}
		}
		// Print the following statement only when pulling from a docker or atomic registry
		if writer != nil && (imageInfo.srcRef.Transport().Name() == DockerTransport || imageInfo.srcRef.Transport().Name() == AtomicTransport) {
			io.WriteString(writer, fmt.Sprintf("Trying to pull %s...", imageInfo.image))
		}
		_, err = cp.Image(ctx, policyContext, imageInfo.dstRef, imageInfo.srcRef, copyOptions)
		if err != nil {
			pullErrors = multierror.Append(pullErrors, err)
			logrus.Debugf("Error pulling image ref %s: %v", imageInfo.srcRef.StringWithinTransport(), err)
			if writer != nil {
				io.WriteString(writer, "Failed\n")
			}
		} else {
			if !goal.pullAllPairs {
				return []string{imageInfo.image}, nil
			}
			images = append(images, imageInfo.image)
		}
	}
	// If no image was found, we should handle.  Lets be nicer to the user and see if we can figure out why.
	if len(images) == 0 {
		registryPath := sysregistries.RegistriesConfPath(&types.SystemContext{})
		if goal.usedSearchRegistries && len(goal.searchedRegistries) == 0 {
			return nil, errors.Errorf("image name provided is a short name and no search registries are defined in %s.", registryPath)
		}
		// If the image passed in was fully-qualified, we will have 1 refpair.  Bc the image is fq'd, we dont need to yap about registries.
		if !goal.usedSearchRegistries {
			if pullErrors != nil && len(pullErrors.Errors) > 0 { // this should always be true
				return nil, errors.Wrap(pullErrors.Errors[0], "unable to pull image")
			}
			return nil, errors.Errorf("unable to pull image, or you do not have pull access")
		}
		return nil, pullErrors
	}
	return images, nil
}

// hasShaInInputName returns a bool as to whether the user provided an image name that includes
// a reference to a specific sha
func hasShaInInputName(inputName string) bool {
	return strings.Contains(inputName, "@sha256:")
}

// pullGoalFromPossiblyUnqualifiedName looks at inputName and determines the possible
// image references to try pulling in combination with the registries.conf file as well
func (ir *Runtime) pullGoalFromPossiblyUnqualifiedName(inputName string) (*pullGoal, error) {
	decomposedImage, err := decompose(inputName)
	if err != nil {
		return nil, err
	}
	if decomposedImage.hasRegistry {
		var imageName, destName string
		if hasShaInInputName(inputName) {
			imageName = fmt.Sprintf("%s%s", decomposedImage.transport, inputName)
		} else {
			imageName = decomposedImage.assembleWithTransport()
		}
		srcRef, err := alltransports.ParseImageName(imageName)
		if err != nil {
			return nil, errors.Wrapf(err, "unable to parse '%s'", inputName)
		}
		if hasShaInInputName(inputName) {
			destName = decomposedImage.assemble()
		} else {
			destName = inputName
		}
		destRef, err := is.Transport.ParseStoreReference(ir.store, destName)
		if err != nil {
			return nil, errors.Wrapf(err, "error parsing dest reference name %#v", destName)
		}
		ps := pullRefPair{
			image:  inputName,
			srcRef: srcRef,
			dstRef: destRef,
		}
		return singlePullRefPairGoal(ps), nil
	}

	searchRegistries, err := registries.GetRegistries()
	if err != nil {
		return nil, err
	}
	var refPairs []pullRefPair
	for _, registry := range searchRegistries {
		decomposedImage.registry = registry
		imageName := decomposedImage.assembleWithTransport()
		if hasShaInInputName(inputName) {
			imageName = fmt.Sprintf("%s%s/%s", decomposedImage.transport, registry, inputName)
		}
		srcRef, err := alltransports.ParseImageName(imageName)
		if err != nil {
			return nil, errors.Wrapf(err, "unable to parse '%s'", inputName)
		}
		ps := pullRefPair{
			image:  decomposedImage.assemble(),
			srcRef: srcRef,
		}
		ps.dstRef, err = is.Transport.ParseStoreReference(ir.store, ps.image)
		if err != nil {
			return nil, errors.Wrapf(err, "error parsing dest reference name %#v", ps.image)
		}
		refPairs = append(refPairs, ps)
	}
	return &pullGoal{
		refPairs:             refPairs,
		pullAllPairs:         false,
		usedSearchRegistries: true,
		searchedRegistries:   searchRegistries,
	}, nil
}
-												Stage3 Image Library

This represents the stage3 implementation for the image library.  At this point, we
are moving the image-centric functions to pkg/image including migration of args and
object-oriented references.  This is a not a one-for-one migration of funcs and some
funcs will need to continue to reside in runtime_img as they are overly specific to
libpod and probably not useful to others.

Signed-off-by: baude <bbaude@redhat.com>

Closes: #484
Approved by: baude

											
										
										
											2018-03-08 21:45:52 +00:00
+								package image
 								import (
-												Vendor in latest containers/image and contaners/storage

Made necessary changes to functions to include contex.Context wherever needed

Signed-off-by: umohnani8 <umohnani@redhat.com>

Closes: #640
Approved by: baude

											
										
										
											2018-04-18 20:48:35 +00:00
+									"context"
-												Stage3 Image Library

This represents the stage3 implementation for the image library.  At this point, we
are moving the image-centric functions to pkg/image including migration of args and
object-oriented references.  This is a not a one-for-one migration of funcs and some
funcs will need to continue to reside in runtime_img as they are overly specific to
libpod and probably not useful to others.

Signed-off-by: baude <bbaude@redhat.com>

Closes: #484
Approved by: baude

											
										
										
											2018-03-08 21:45:52 +00:00
+									"fmt"
 									"io"
 									"strings"
 									cp "github.com/containers/image/copy"
 									"github.com/containers/image/directory"
 									"github.com/containers/image/docker"
 									dockerarchive "github.com/containers/image/docker/archive"
-												regression: tls verify should be set on registries.conf if insecure

In the case where podman needs to pull an image, if that registry that the image
resides on is known to be insesure (as defined in /etc/containers/registries.conf),
tls-verify should be altered on the fly.

Signed-off-by: baude <bbaude@redhat.com>

Closes: #626
Approved by: mheon

											
										
										
											2018-04-16 18:39:00 +00:00
+									"github.com/containers/image/docker/reference"
-												Stage3 Image Library

This represents the stage3 implementation for the image library.  At this point, we
are moving the image-centric functions to pkg/image including migration of args and
object-oriented references.  This is a not a one-for-one migration of funcs and some
funcs will need to continue to reside in runtime_img as they are overly specific to
libpod and probably not useful to others.

Signed-off-by: baude <bbaude@redhat.com>

Closes: #484
Approved by: baude

											
										
										
											2018-03-08 21:45:52 +00:00
+									"github.com/containers/image/docker/tarfile"
 									ociarchive "github.com/containers/image/oci/archive"
 									"github.com/containers/image/pkg/sysregistries"
 									is "github.com/containers/image/storage"
-												Don't format to string and re-parse a DockerReference()

We already have a c/image/docker/reference.Named; no need to
round-trip it through a string.  This also eliminates the theoretical
parsing failure, and the unchecked .(reference.Named) cast.

Also add a check for DockerReference() == nil to be extra paranoid,
although that should never happen.

Should not change behavior (but does not add unit tests).

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Closes: #1176
Approved by: rhatdan

											
										
										
											2018-07-28 00:36:12 +00:00
+									"github.com/containers/image/transports"
-												Stage3 Image Library

This represents the stage3 implementation for the image library.  At this point, we
are moving the image-centric functions to pkg/image including migration of args and
object-oriented references.  This is a not a one-for-one migration of funcs and some
funcs will need to continue to reside in runtime_img as they are overly specific to
libpod and probably not useful to others.

Signed-off-by: baude <bbaude@redhat.com>

Closes: #484
Approved by: baude

											
										
										
											2018-03-08 21:45:52 +00:00
+									"github.com/containers/image/transports/alltransports"
 									"github.com/containers/image/types"
-												switch projectatomic to containers

Need to get some small changes into libpod to pull back into buildah
to complete buildah transition.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

Closes: #1270
Approved by: mheon

											
										
										
											2018-08-16 10:41:15 +00:00
+									"github.com/containers/libpod/pkg/registries"
 									"github.com/containers/libpod/pkg/util"
-												libpod/image/pull: Return image-pulling errors from doPullImage

We were already writing these to our debug logs.  But collecting them
and including them in the error message will make it easier for
callers who don't have debugging enabled to figure out what's going
wrong.

Using multierror gives us both pretty formatting (when we print this
for the user) and programmatic access (for any callers that need to
inspect the constituent errors).  With this commit and a config like:

  $ cat /etc/containers/registries.conf
  [registries.search]
  registries = ['registry.access.redhat.com', 'quay.io', 'docker.io']

pulling an unqualified missing image looks like:

  $ podman pull does-not/exist
  Trying to pull registry.access.redhat.com/does-not/exist:latest...Failed
  Trying to pull quay.io/does-not/exist:latest...Failed
  Trying to pull docker.io/does-not/exist:latest...Failed
  error pulling image "does-not/exist": unable to pull does-not/exist: 3 errors occurred:

  * Error determining manifest MIME type for docker://registry.access.redhat.com/does-not/exist:latest: Error reading manifest latest in registry.access.redhat.com/does-not/exist: unknown: Not Found
  * Error determining manifest MIME type for docker://quay.io/does-not/exist:latest: Error reading manifest latest in quay.io/does-not/exist: unauthorized: access to the requested resource is not authorized
  * Error determining manifest MIME type for docker://does-not/exist:latest: Error reading manifest latest in docker.io/does-not/exist: errors:
  denied: requested access to the resource is denied
  unauthorized: authentication required

A qualified image looks like:

  $ podman pull quay.io/does-not/exist
  Trying to pull quay.io/does-not/exist...Failed
  error pulling image "quay.io/does-not/exist": unable to pull quay.io/does-not/exist: unable to pull image: Error determining manifest MIME type for docker://quay.io/does-not/exist:latest: Error reading manifest latest in quay.io/does-not/exist: unauthorized: access to the requested resource is not authorized

If one of the searched repositories was offline, you'd get a more
useful routing error for that specific registry.  For example:

  $ cat /etc/hosts
  127.0.0.1   quay.io
  $ podman pull does-not/exist
  Trying to pull registry.access.redhat.com/does-not/exist:latest...Failed
  Trying to pull quay.io/does-not/exist:latest...Failed
  Trying to pull docker.io/does-not/exist:latest...Failed
  error pulling image "does-not/exist": unable to pull does-not/exist: 3 errors occurred:

  * Error determining manifest MIME type for docker://registry.access.redhat.com/does-not/exist:latest: Error reading manifest latest in registry.access.redhat.com/does-not/exist: unknown: Not Found
  * Error determining manifest MIME type for docker://quay.io/does-not/exist:latest: pinging docker registry returned: Get https://quay.io/v2/: dial tcp 127.0.0.1:443: connect: connection refused
  * Error determining manifest MIME type for docker://does-not/exist:latest: Error reading manifest latest in docker.io/does-not/exist: errors:
  denied: requested access to the resource is denied
  unauthorized: authentication required

This is our first direct dependency on multierror, but we've been
vendoring it for a while now because opencontainers/runtime-tools uses
it for config validation.

Signed-off-by: W. Trevor King <wking@tremily.us>

Closes: #1456
Approved by: rhatdan

											
										
										
											2018-09-12 23:44:58 +00:00
+									multierror "github.com/hashicorp/go-multierror"
-												Stage3 Image Library

This represents the stage3 implementation for the image library.  At this point, we
are moving the image-centric functions to pkg/image including migration of args and
object-oriented references.  This is a not a one-for-one migration of funcs and some
funcs will need to continue to reside in runtime_img as they are overly specific to
libpod and probably not useful to others.

Signed-off-by: baude <bbaude@redhat.com>

Closes: #484
Approved by: baude

											
										
										
											2018-03-08 21:45:52 +00:00
+									"github.com/pkg/errors"
-												regression: tls verify should be set on registries.conf if insecure

In the case where podman needs to pull an image, if that registry that the image
resides on is known to be insesure (as defined in /etc/containers/registries.conf),
tls-verify should be altered on the fly.

Signed-off-by: baude <bbaude@redhat.com>

Closes: #626
Approved by: mheon

											
										
										
											2018-04-16 18:39:00 +00:00
+									"github.com/sirupsen/logrus"
-												Stage3 Image Library

This represents the stage3 implementation for the image library.  At this point, we
are moving the image-centric functions to pkg/image including migration of args and
object-oriented references.  This is a not a one-for-one migration of funcs and some
funcs will need to continue to reside in runtime_img as they are overly specific to
libpod and probably not useful to others.

Signed-off-by: baude <bbaude@redhat.com>

Closes: #484
Approved by: baude

											
										
										
											2018-03-08 21:45:52 +00:00
+								)
 								var (
 									// DockerArchive is the transport we prepend to an image name
 									// when saving to docker-archive
 									DockerArchive = dockerarchive.Transport.Name()
 									// OCIArchive is the transport we prepend to an image name
 									// when saving to oci-archive
 									OCIArchive = ociarchive.Transport.Name()
 									// DirTransport is the transport for pushing and pulling
 									// images to and from a directory
 									DirTransport = directory.Transport.Name()
 									// DockerTransport is the transport for docker registries
-												Remove the :// end from DockerTransport

(... but keep it in DefaultTransport, which remains irregular.)

This makes DockerTransport consistent with the others, and much more importantly,
allows several instances to do
> imgRef.Transport().Name() == DockerTransport
instead of the current
> strings.HasPrefix(DockerTransport, imgRef.Transport().Name())
, which currently works but is pretty nonsensical (it does not check
the "docker://" prefix against the _full reference_, but it checks
the _transport name_ as a prefix of "docker://", i.e.  a transport named
"d" would be accepted.

Should not change behavior, because the only currently existing transport
which has a name that is a prefix of "docker://" is c/image/docker.Transport
(but does not add unit tests).

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Closes: #1176
Approved by: rhatdan

											
										
										
											2018-07-28 00:58:56 +00:00
+									DockerTransport = docker.Transport.Name()
-												Stage3 Image Library

This represents the stage3 implementation for the image library.  At this point, we
are moving the image-centric functions to pkg/image including migration of args and
object-oriented references.  This is a not a one-for-one migration of funcs and some
funcs will need to continue to reside in runtime_img as they are overly specific to
libpod and probably not useful to others.

Signed-off-by: baude <bbaude@redhat.com>

Closes: #484
Approved by: baude

											
										
										
											2018-03-08 21:45:52 +00:00
+									// AtomicTransport is the transport for atomic registries
 									AtomicTransport = "atomic"
 									// DefaultTransport is a prefix that we apply to an image name
-												Document the properties of DefaultTransport a bit better.

This has no ambition to change the design, just to be clear about
what the design is.

Should not change behavior.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Closes: #1176
Approved by: rhatdan

											
										
										
											2018-07-28 00:40:41 +00:00
+									// NOTE: This is a string prefix, not actually a transport name usable for transports.Get();
 									// and because syntaxes of image names are transport-dependent, the prefix is not really interchangeable;
 									// each user implicitly assumes the appended string is a Docker-like reference.
-												Remove the :// end from DockerTransport

(... but keep it in DefaultTransport, which remains irregular.)

This makes DockerTransport consistent with the others, and much more importantly,
allows several instances to do
> imgRef.Transport().Name() == DockerTransport
instead of the current
> strings.HasPrefix(DockerTransport, imgRef.Transport().Name())
, which currently works but is pretty nonsensical (it does not check
the "docker://" prefix against the _full reference_, but it checks
the _transport name_ as a prefix of "docker://", i.e.  a transport named
"d" would be accepted.

Should not change behavior, because the only currently existing transport
which has a name that is a prefix of "docker://" is c/image/docker.Transport
(but does not add unit tests).

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Closes: #1176
Approved by: rhatdan

											
										
										
											2018-07-28 00:58:56 +00:00
+									DefaultTransport = DockerTransport + "://"
-												Fix ambiguity in adding localhost to podman save

...and some naming decisions.

This change ensures podman save doesn't incorrectly prepend localhost when saving an image.

Signed-off-by: haircommander <pehunt@redhat.com>

Closes: #1140
Approved by: rhatdan

											
										
										
											2018-07-23 16:56:24 +00:00
+									// DefaultLocalRegistry is the default local registry for local image operations
-												Podman load/tag/save prepend localhost when no repository is present

Instead of having docker.io/library as its repository. Test included.

Signed-off-by: haircommander <pehunt@redhat.com>

											
										
										
											2018-07-13 21:45:55 +00:00
+									// Remote pulls will still use defined registries
-												Fix ambiguity in adding localhost to podman save

...and some naming decisions.

This change ensures podman save doesn't incorrectly prepend localhost when saving an image.

Signed-off-by: haircommander <pehunt@redhat.com>

Closes: #1140
Approved by: rhatdan

											
										
										
											2018-07-23 16:56:24 +00:00
+									DefaultLocalRegistry = "localhost"
-												Stage3 Image Library

This represents the stage3 implementation for the image library.  At this point, we
are moving the image-centric functions to pkg/image including migration of args and
object-oriented references.  This is a not a one-for-one migration of funcs and some
funcs will need to continue to reside in runtime_img as they are overly specific to
libpod and probably not useful to others.

Signed-off-by: baude <bbaude@redhat.com>

Closes: #484
Approved by: baude

											
										
										
											2018-03-08 21:45:52 +00:00
+								)
-												Eliminate the "DockerArchive means pull all refPairs" special case

Instead, encode it explicitly in pullGoal.pullAllPairs.

Should not change behavior (but does not add unit tests for
all of it).

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Closes: #1176
Approved by: rhatdan

											
										
										
											2018-07-28 04:25:23 +00:00
+								// pullRefPair records a pair of prepared image references to pull.
-												Rename pullStruct to pullRefPair

"Struct" is meaningless, and we will need the "reference pair"
mentioned to distinguish srcRef+dstRef from srcRef+dstName.

Should not change behavior.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Closes: #1112
Approved by: rhatdan

											
										
										
											2018-07-18 21:46:14 +00:00
+								type pullRefPair struct {
-												Introduce nameToPull, move shaPullName in there

shaPullName is only used internally in createNamesToPull; so, introduce
a nameToPull as a variant of pullStruct which has shaPullName (and does not
have destRef).

Eventually, we want to split pullStruct preparation into easily-testable
store-independent name preparation, and a store-dependent and difficult-to-test
but trivial conversion using StorageTransport.ParseStoreReference.

Should not change behavior.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Closes: #1112
Approved by: rhatdan

											
										
										
											2018-07-18 21:20:36 +00:00
+									image  string
 									srcRef types.ImageReference
 									dstRef types.ImageReference
-												Stage3 Image Library

This represents the stage3 implementation for the image library.  At this point, we
are moving the image-centric functions to pkg/image including migration of args and
object-oriented references.  This is a not a one-for-one migration of funcs and some
funcs will need to continue to reside in runtime_img as they are overly specific to
libpod and probably not useful to others.

Signed-off-by: baude <bbaude@redhat.com>

Closes: #484
Approved by: baude

											
										
										
											2018-03-08 21:45:52 +00:00
+								}
-												Introduce struct pullGoal

The eventual goal is to cleanly capture semantics like "pull all images
for DockerArchive" and "did a search through $registries" without
hard-coding it through; and to allow a pullImage variant where
the caller can pass an imageReference directly.

For now, this just wraps []pullRefPair and should not change behavior.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Closes: #1176
Approved by: rhatdan

											
										
										
											2018-07-28 03:36:47 +00:00
+								// pullGoal represents the prepared image references and decided behavior to be executed by imagePull
 								type pullGoal struct {
-												Eliminate duplicate determination whether to use search registries

Instead of duplicating the hasRegistry logic, just record whether we
did use search or not.

Should not change behavior (but does not add unit tests for all of it).

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Closes: #1176
Approved by: rhatdan

											
										
										
											2018-07-28 04:33:11 +00:00
+									refPairs             []pullRefPair
-												Do not re-parse the list of search registries just for an error message

... when we even only count them.

This eliminates a rare error case, and saves time re-reading and re-parsing
the input.

(We still compute registryPath redundantly, and it may get out of sync.)

Should not change behavior (but does not add unit tests).

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Closes: #1176
Approved by: rhatdan

											
										
										
											2018-07-28 04:42:43 +00:00
+									pullAllPairs         bool     // Pull all refPairs instead of stopping on first success.
 									usedSearchRegistries bool     // refPairs construction has depended on registries.GetRegistries()
 									searchedRegistries   []string // The list of search registries used; set only if usedSearchRegistries
-												Introduce struct pullGoal

The eventual goal is to cleanly capture semantics like "pull all images
for DockerArchive" and "did a search through $registries" without
hard-coding it through; and to allow a pullImage variant where
the caller can pass an imageReference directly.

For now, this just wraps []pullRefPair and should not change behavior.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Closes: #1176
Approved by: rhatdan

											
										
										
											2018-07-28 03:36:47 +00:00
+								}
-												Replace getPullRefName by Runtime.getPullRefPair

This more or less reverts 9c9401a96c0b7d43dcea19c2972ef9612cc0a136
"Replace getPullRefPair with getPullRefName"; now that tests don't require
us to use pullRefName, move creation of storage references deeper into the
calls stack to reduce string use.

ir.getSinglePullRefNameGoal is accordingly updated to ir.getSinglePullRefPairGoal,
and we need to add a ~duplicate singlePullRefPairGoal; that duplication
of singlePullRefNameGoal will soon be resolved by dropping singlePullRefNameGoal.

Should not change behavior.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Closes: #1198
Approved by: mheon

											
										
										
											2018-08-01 22:05:52 +00:00
+								// singlePullRefPairGoal returns a no-frills pull goal for the specified reference pair.
 								func singlePullRefPairGoal(rp pullRefPair) *pullGoal {
 									return &pullGoal{
 										refPairs:             []pullRefPair{rp},
 										pullAllPairs:         false, // Does not really make a difference.
 										usedSearchRegistries: false,
 										searchedRegistries:   nil,
 									}
 								}
 								func (ir *Runtime) getPullRefPair(srcRef types.ImageReference, destName string) (pullRefPair, error) {
-												Fix ambiguity in adding localhost to podman save

...and some naming decisions.

This change ensures podman save doesn't incorrectly prepend localhost when saving an image.

Signed-off-by: haircommander <pehunt@redhat.com>

Closes: #1140
Approved by: rhatdan

											
										
										
											2018-07-23 16:56:24 +00:00
+									decomposedDest, err := decompose(destName)
 									if err == nil && !decomposedDest.hasRegistry {
-												Podman load/tag/save prepend localhost when no repository is present

Instead of having docker.io/library as its repository. Test included.

Signed-off-by: haircommander <pehunt@redhat.com>

											
										
										
											2018-07-13 21:45:55 +00:00
+										// If the image doesn't have a registry, set it as the default repo
-												Fix ambiguity in adding localhost to podman save

...and some naming decisions.

This change ensures podman save doesn't incorrectly prepend localhost when saving an image.

Signed-off-by: haircommander <pehunt@redhat.com>

Closes: #1140
Approved by: rhatdan

											
										
										
											2018-07-23 16:56:24 +00:00
+										decomposedDest.registry = DefaultLocalRegistry
 										decomposedDest.hasRegistry = true
 										destName = decomposedDest.assemble()
-												Podman load/tag/save prepend localhost when no repository is present

Instead of having docker.io/library as its repository. Test included.

Signed-off-by: haircommander <pehunt@redhat.com>

											
										
										
											2018-07-13 21:45:55 +00:00
+									}
-												Stage3 Image Library

This represents the stage3 implementation for the image library.  At this point, we
are moving the image-centric functions to pkg/image including migration of args and
object-oriented references.  This is a not a one-for-one migration of funcs and some
funcs will need to continue to reside in runtime_img as they are overly specific to
libpod and probably not useful to others.

Signed-off-by: baude <bbaude@redhat.com>

Closes: #484
Approved by: baude

											
										
										
											2018-03-08 21:45:52 +00:00
+									reference := destName
 									if srcRef.DockerReference() != nil {
 										reference = srcRef.DockerReference().String()
 									}
-												Replace getPullRefName by Runtime.getPullRefPair

This more or less reverts 9c9401a96c0b7d43dcea19c2972ef9612cc0a136
"Replace getPullRefPair with getPullRefName"; now that tests don't require
us to use pullRefName, move creation of storage references deeper into the
calls stack to reduce string use.

ir.getSinglePullRefNameGoal is accordingly updated to ir.getSinglePullRefPairGoal,
and we need to add a ~duplicate singlePullRefPairGoal; that duplication
of singlePullRefNameGoal will soon be resolved by dropping singlePullRefNameGoal.

Should not change behavior.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Closes: #1198
Approved by: mheon

											
										
										
											2018-08-01 22:05:52 +00:00
+									destRef, err := is.Transport.ParseStoreReference(ir.store, reference)
 									if err != nil {
 										return pullRefPair{}, errors.Wrapf(err, "error parsing dest reference name %#v", destName)
-												Remove the error return value from getPullRefName

... it is always nil.

Should not change behavior.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Closes: #1176
Approved by: rhatdan

											
										
										
											2018-07-27 00:47:43 +00:00
+									}
-												Replace getPullRefName by Runtime.getPullRefPair

This more or less reverts 9c9401a96c0b7d43dcea19c2972ef9612cc0a136
"Replace getPullRefPair with getPullRefName"; now that tests don't require
us to use pullRefName, move creation of storage references deeper into the
calls stack to reduce string use.

ir.getSinglePullRefNameGoal is accordingly updated to ir.getSinglePullRefPairGoal,
and we need to add a ~duplicate singlePullRefPairGoal; that duplication
of singlePullRefNameGoal will soon be resolved by dropping singlePullRefNameGoal.

Should not change behavior.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Closes: #1198
Approved by: mheon

											
										
										
											2018-08-01 22:05:52 +00:00
+									return pullRefPair{
 										image:  destName,
 										srcRef: srcRef,
 										dstRef: destRef,
 									}, nil
-												Stage3 Image Library

This represents the stage3 implementation for the image library.  At this point, we
are moving the image-centric functions to pkg/image including migration of args and
object-oriented references.  This is a not a one-for-one migration of funcs and some
funcs will need to continue to reside in runtime_img as they are overly specific to
libpod and probably not useful to others.

Signed-off-by: baude <bbaude@redhat.com>

Closes: #484
Approved by: baude

											
										
										
											2018-03-08 21:45:52 +00:00
+								}
-												Replace getPullRefName by Runtime.getPullRefPair

This more or less reverts 9c9401a96c0b7d43dcea19c2972ef9612cc0a136
"Replace getPullRefPair with getPullRefName"; now that tests don't require
us to use pullRefName, move creation of storage references deeper into the
calls stack to reduce string use.

ir.getSinglePullRefNameGoal is accordingly updated to ir.getSinglePullRefPairGoal,
and we need to add a ~duplicate singlePullRefPairGoal; that duplication
of singlePullRefNameGoal will soon be resolved by dropping singlePullRefNameGoal.

Should not change behavior.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Closes: #1198
Approved by: mheon

											
										
										
											2018-08-01 22:05:52 +00:00
+								// getSinglePullRefPairGoal calls getPullRefPair with the specified parameters, and returns a single-pair goal for the return value.
 								func (ir *Runtime) getSinglePullRefPairGoal(srcRef types.ImageReference, destName string) (*pullGoal, error) {
 									rp, err := ir.getPullRefPair(srcRef, destName)
-												Inline pullGoalNamesFromImageReference back into Runtime.pullGoalFromImageReference

Now that we don't need a separate pullGoalNamesFromImageReference for
running tests, inline it back.

This forces us to add some glue code to getSinglePullRefNameGoal
and to convert between pullGoal and *pullGoal; that is temporary
and will be cleaned up soon.

Should not change behavior.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Closes: #1198
Approved by: mheon

											
										
										
											2018-08-01 21:46:35 +00:00
+									if err != nil {
 										return nil, err
 									}
-												Replace getPullRefName by Runtime.getPullRefPair

This more or less reverts 9c9401a96c0b7d43dcea19c2972ef9612cc0a136
"Replace getPullRefPair with getPullRefName"; now that tests don't require
us to use pullRefName, move creation of storage references deeper into the
calls stack to reduce string use.

ir.getSinglePullRefNameGoal is accordingly updated to ir.getSinglePullRefPairGoal,
and we need to add a ~duplicate singlePullRefPairGoal; that duplication
of singlePullRefNameGoal will soon be resolved by dropping singlePullRefNameGoal.

Should not change behavior.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Closes: #1198
Approved by: mheon

											
										
										
											2018-08-01 22:05:52 +00:00
+									return singlePullRefPairGoal(rp), nil
-												Introduce getSinglePullRefNameGoal

This merely wraps the
> return singlePullRefNameGoal(getPullRefName(... reference)), nil
pattern which is used for almost all getPullRefName uses.  For now
it seems not really worth it, but it will result in shorter code
(and smaller migration) after we replace getPullRefName with
getPullRefPair, which can fail, again - the pullGoalNamesFromImageReference
will not have to add any error handling.

Should not change behavior.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Closes: #1198
Approved by: mheon

											
										
										
											2018-08-01 21:36:07 +00:00
+								}
-												Inline pullGoalNamesFromImageReference back into Runtime.pullGoalFromImageReference

Now that we don't need a separate pullGoalNamesFromImageReference for
running tests, inline it back.

This forces us to add some glue code to getSinglePullRefNameGoal
and to convert between pullGoal and *pullGoal; that is temporary
and will be cleaned up soon.

Should not change behavior.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Closes: #1198
Approved by: mheon

											
										
										
											2018-08-01 21:46:35 +00:00
+								// pullGoalFromImageReference returns a pull goal for a single ImageReference, depending on the used transport.
 								func (ir *Runtime) pullGoalFromImageReference(ctx context.Context, srcRef types.ImageReference, imgName string, sc *types.SystemContext) (*pullGoal, error) {
-												Stage3 Image Library

This represents the stage3 implementation for the image library.  At this point, we
are moving the image-centric functions to pkg/image including migration of args and
object-oriented references.  This is a not a one-for-one migration of funcs and some
funcs will need to continue to reside in runtime_img as they are overly specific to
libpod and probably not useful to others.

Signed-off-by: baude <bbaude@redhat.com>

Closes: #484
Approved by: baude

											
										
										
											2018-03-08 21:45:52 +00:00
+									// supports pulling from docker-archive, oci, and registries
-												Use a switch instead of if/if else/.../else

Should not change behavior.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Closes: #1176
Approved by: rhatdan

											
										
										
											2018-07-27 00:50:43 +00:00
+									switch srcRef.Transport().Name() {
 									case DockerArchive:
-												Use srcRef.StringWithinTransport() instead of parsing imgName again

Because srcRef is created by parsing imgName, both hard-code assumptions
about transport-specific formats of the strings, so that is neither better nor worse;
but we do less explicit parsing.

Should not change behavior for dir:, nor for fully-correct docker-archive:.

docker-archive:, though, also supports docker-archive:path:reference, where
the reference is ignored (with a warning) on read; in such cases the previous
code would use the reference only (not the path), the new code uses both
as the path.  Neither works, we just change the failure mode (but
"error opening path:reference" is now more suggestive of the correct usage).

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Closes: #1176
Approved by: rhatdan

											
										
										
											2018-07-27 00:56:57 +00:00
+										archivePath := srcRef.StringWithinTransport()
 										tarSource, err := tarfile.NewSourceFromFile(archivePath)
-												Stage3 Image Library

This represents the stage3 implementation for the image library.  At this point, we
are moving the image-centric functions to pkg/image including migration of args and
object-oriented references.  This is a not a one-for-one migration of funcs and some
funcs will need to continue to reside in runtime_img as they are overly specific to
libpod and probably not useful to others.

Signed-off-by: baude <bbaude@redhat.com>

Closes: #484
Approved by: baude

											
										
										
											2018-03-08 21:45:52 +00:00
+										if err != nil {
 											return nil, err
 										}
 										manifest, err := tarSource.LoadTarManifest()
 										if err != nil {
-												Remove more Errorf in favor of Wrapf

Signed-off-by: Matthew Heon <mheon@redhat.com>

Closes: #668
Approved by: rhatdan

											
										
										
											2018-04-24 21:32:07 +00:00
+											return nil, errors.Wrapf(err, "error retrieving manifest.json")
-												Stage3 Image Library

This represents the stage3 implementation for the image library.  At this point, we
are moving the image-centric functions to pkg/image including migration of args and
object-oriented references.  This is a not a one-for-one migration of funcs and some
funcs will need to continue to reside in runtime_img as they are overly specific to
libpod and probably not useful to others.

Signed-off-by: baude <bbaude@redhat.com>

Closes: #484
Approved by: baude

											
										
										
											2018-03-08 21:45:52 +00:00
+										}
 										// to pull the first image stored in the tar file
 										if len(manifest) == 0 {
 											// use the hex of the digest if no manifest is found
-												Vendor in latest containers/image and contaners/storage

Made necessary changes to functions to include contex.Context wherever needed

Signed-off-by: umohnani8 <umohnani@redhat.com>

Closes: #640
Approved by: baude

											
										
										
											2018-04-18 20:48:35 +00:00
+											reference, err := getImageDigest(ctx, srcRef, sc)
-												Stage3 Image Library

This represents the stage3 implementation for the image library.  At this point, we
are moving the image-centric functions to pkg/image including migration of args and
object-oriented references.  This is a not a one-for-one migration of funcs and some
funcs will need to continue to reside in runtime_img as they are overly specific to
libpod and probably not useful to others.

Signed-off-by: baude <bbaude@redhat.com>

Closes: #484
Approved by: baude

											
										
										
											2018-03-08 21:45:52 +00:00
+											if err != nil {
 												return nil, err
 											}
-												Replace getPullRefName by Runtime.getPullRefPair

This more or less reverts 9c9401a96c0b7d43dcea19c2972ef9612cc0a136
"Replace getPullRefPair with getPullRefName"; now that tests don't require
us to use pullRefName, move creation of storage references deeper into the
calls stack to reduce string use.

ir.getSinglePullRefNameGoal is accordingly updated to ir.getSinglePullRefPairGoal,
and we need to add a ~duplicate singlePullRefPairGoal; that duplication
of singlePullRefNameGoal will soon be resolved by dropping singlePullRefNameGoal.

Should not change behavior.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Closes: #1198
Approved by: mheon

											
										
										
											2018-08-01 22:05:52 +00:00
+											return ir.getSinglePullRefPairGoal(srcRef, reference)
-												Return early in refNamesFromImageReference instead of appending to pullNames

Almost all paths appended to pullNames exactly once; just construct a
single-element array in place and return it.

That way we can add empty lines as separators, and still come out shorter.

Should not change behavior.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Closes: #1176
Approved by: rhatdan

											
										
										
											2018-07-27 01:20:25 +00:00
+										}
-												Reorganize the tag loading in DockerArchive case

This should not change behavior, only to make future edits
for an early exit easier to review.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Closes: #1176
Approved by: rhatdan

											
										
										
											2018-07-27 01:34:04 +00:00
+										if len(manifest[0].RepoTags) == 0 {
-												Return early in refNamesFromImageReference instead of appending to pullNames

Almost all paths appended to pullNames exactly once; just construct a
single-element array in place and return it.

That way we can add empty lines as separators, and still come out shorter.

Should not change behavior.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Closes: #1176
Approved by: rhatdan

											
										
										
											2018-07-27 01:20:25 +00:00
+											// If the input image has no repotags, we need to feed it a dest anyways
 											digest, err := getImageDigest(ctx, srcRef, sc)
 											if err != nil {
 												return nil, err
-												Stage3 Image Library

This represents the stage3 implementation for the image library.  At this point, we
are moving the image-centric functions to pkg/image including migration of args and
object-oriented references.  This is a not a one-for-one migration of funcs and some
funcs will need to continue to reside in runtime_img as they are overly specific to
libpod and probably not useful to others.

Signed-off-by: baude <bbaude@redhat.com>

Closes: #484
Approved by: baude

											
										
										
											2018-03-08 21:45:52 +00:00
+											}
-												Replace getPullRefName by Runtime.getPullRefPair

This more or less reverts 9c9401a96c0b7d43dcea19c2972ef9612cc0a136
"Replace getPullRefPair with getPullRefName"; now that tests don't require
us to use pullRefName, move creation of storage references deeper into the
calls stack to reduce string use.

ir.getSinglePullRefNameGoal is accordingly updated to ir.getSinglePullRefPairGoal,
and we need to add a ~duplicate singlePullRefPairGoal; that duplication
of singlePullRefNameGoal will soon be resolved by dropping singlePullRefNameGoal.

Should not change behavior.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Closes: #1198
Approved by: mheon

											
										
										
											2018-08-01 22:05:52 +00:00
+											return ir.getSinglePullRefPairGoal(srcRef, digest)
-												Return early in refNamesFromImageReference instead of appending to pullNames

Almost all paths appended to pullNames exactly once; just construct a
single-element array in place and return it.

That way we can add empty lines as separators, and still come out shorter.

Should not change behavior.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Closes: #1176
Approved by: rhatdan

											
										
										
											2018-07-27 01:20:25 +00:00
+										}
-												Use an early exit if a docker-archive: image has no repo tags

This avoids another "append an only item to an empty array"
pattern, and will allow us to get rid of the "dest" variable
entirely.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Closes: #1176
Approved by: rhatdan

											
										
										
											2018-07-27 01:36:25 +00:00
 										// Need to load in all the repo tags from the manifest
-												Replace getPullRefName by Runtime.getPullRefPair

This more or less reverts 9c9401a96c0b7d43dcea19c2972ef9612cc0a136
"Replace getPullRefPair with getPullRefName"; now that tests don't require
us to use pullRefName, move creation of storage references deeper into the
calls stack to reduce string use.

ir.getSinglePullRefNameGoal is accordingly updated to ir.getSinglePullRefPairGoal,
and we need to add a ~duplicate singlePullRefPairGoal; that duplication
of singlePullRefNameGoal will soon be resolved by dropping singlePullRefNameGoal.

Should not change behavior.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Closes: #1198
Approved by: mheon

											
										
										
											2018-08-01 22:05:52 +00:00
+										res := []pullRefPair{}
-												Eliminate the "dest" variable.

Should not change behavior.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Closes: #1176
Approved by: rhatdan

											
										
										
											2018-07-28 00:28:23 +00:00
+										for _, dst := range manifest[0].RepoTags {
-												Replace getPullRefName by Runtime.getPullRefPair

This more or less reverts 9c9401a96c0b7d43dcea19c2972ef9612cc0a136
"Replace getPullRefPair with getPullRefName"; now that tests don't require
us to use pullRefName, move creation of storage references deeper into the
calls stack to reduce string use.

ir.getSinglePullRefNameGoal is accordingly updated to ir.getSinglePullRefPairGoal,
and we need to add a ~duplicate singlePullRefPairGoal; that duplication
of singlePullRefNameGoal will soon be resolved by dropping singlePullRefNameGoal.

Should not change behavior.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Closes: #1198
Approved by: mheon

											
										
										
											2018-08-01 22:05:52 +00:00
+											pullInfo, err := ir.getPullRefPair(srcRef, dst)
 											if err != nil {
 												return nil, err
 											}
-												Return early in refNamesFromImageReference instead of appending to pullNames

Almost all paths appended to pullNames exactly once; just construct a
single-element array in place and return it.

That way we can add empty lines as separators, and still come out shorter.

Should not change behavior.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Closes: #1176
Approved by: rhatdan

											
										
										
											2018-07-27 01:20:25 +00:00
+											res = append(res, pullInfo)
-												Stage3 Image Library

This represents the stage3 implementation for the image library.  At this point, we
are moving the image-centric functions to pkg/image including migration of args and
object-oriented references.  This is a not a one-for-one migration of funcs and some
funcs will need to continue to reside in runtime_img as they are overly specific to
libpod and probably not useful to others.

Signed-off-by: baude <bbaude@redhat.com>

Closes: #484
Approved by: baude

											
										
										
											2018-03-08 21:45:52 +00:00
+										}
-												Replace getPullRefName by Runtime.getPullRefPair

This more or less reverts 9c9401a96c0b7d43dcea19c2972ef9612cc0a136
"Replace getPullRefPair with getPullRefName"; now that tests don't require
us to use pullRefName, move creation of storage references deeper into the
calls stack to reduce string use.

ir.getSinglePullRefNameGoal is accordingly updated to ir.getSinglePullRefPairGoal,
and we need to add a ~duplicate singlePullRefPairGoal; that duplication
of singlePullRefNameGoal will soon be resolved by dropping singlePullRefNameGoal.

Should not change behavior.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Closes: #1198
Approved by: mheon

											
										
										
											2018-08-01 22:05:52 +00:00
+										return &pullGoal{
 											refPairs:             res,
-												Eliminate duplicate determination whether to use search registries

Instead of duplicating the hasRegistry logic, just record whether we
did use search or not.

Should not change behavior (but does not add unit tests for all of it).

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Closes: #1176
Approved by: rhatdan

											
										
										
											2018-07-28 04:33:11 +00:00
+											pullAllPairs:         true,
 											usedSearchRegistries: false,
-												Do not re-parse the list of search registries just for an error message

... when we even only count them.

This eliminates a rare error case, and saves time re-reading and re-parsing
the input.

(We still compute registryPath redundantly, and it may get out of sync.)

Should not change behavior (but does not add unit tests).

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Closes: #1176
Approved by: rhatdan

											
										
										
											2018-07-28 04:42:43 +00:00
+											searchedRegistries:   nil,
-												Replace getPullRefName by Runtime.getPullRefPair

This more or less reverts 9c9401a96c0b7d43dcea19c2972ef9612cc0a136
"Replace getPullRefPair with getPullRefName"; now that tests don't require
us to use pullRefName, move creation of storage references deeper into the
calls stack to reduce string use.

ir.getSinglePullRefNameGoal is accordingly updated to ir.getSinglePullRefPairGoal,
and we need to add a ~duplicate singlePullRefPairGoal; that duplication
of singlePullRefNameGoal will soon be resolved by dropping singlePullRefNameGoal.

Should not change behavior.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Closes: #1198
Approved by: mheon

											
										
										
											2018-08-01 22:05:52 +00:00
+										}, nil
-												Return early in refNamesFromImageReference instead of appending to pullNames

Almost all paths appended to pullNames exactly once; just construct a
single-element array in place and return it.

That way we can add empty lines as separators, and still come out shorter.

Should not change behavior.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Closes: #1176
Approved by: rhatdan

											
										
										
											2018-07-27 01:20:25 +00:00
-												Use a switch instead of if/if else/.../else

Should not change behavior.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Closes: #1176
Approved by: rhatdan

											
										
										
											2018-07-27 00:50:43 +00:00
+									case OCIArchive:
-												Stage3 Image Library

This represents the stage3 implementation for the image library.  At this point, we
are moving the image-centric functions to pkg/image including migration of args and
object-oriented references.  This is a not a one-for-one migration of funcs and some
funcs will need to continue to reside in runtime_img as they are overly specific to
libpod and probably not useful to others.

Signed-off-by: baude <bbaude@redhat.com>

Closes: #484
Approved by: baude

											
										
										
											2018-03-08 21:45:52 +00:00
+										// retrieve the manifest from index.json to access the image name
 										manifest, err := ociarchive.LoadManifestDescriptor(srcRef)
 										if err != nil {
 											return nil, errors.Wrapf(err, "error loading manifest for %q", srcRef)
 										}
-												Allow push/save without image reference

If the user uses the image ID when saving to either docker-archive
or oci-archive, then do not save a reference in the manifest/index.json.
If the user chooses to push without an image reference, i.e <transport>:<path>
it should be valid and succeed.

Signed-off-by: umohnani8 <umohnani@redhat.com>

Closes: #782
Approved by: rhatdan

											
										
										
											2018-05-16 15:41:08 +00:00
+										var dest string
-												Stage3 Image Library

This represents the stage3 implementation for the image library.  At this point, we
are moving the image-centric functions to pkg/image including migration of args and
object-oriented references.  This is a not a one-for-one migration of funcs and some
funcs will need to continue to reside in runtime_img as they are overly specific to
libpod and probably not useful to others.

Signed-off-by: baude <bbaude@redhat.com>

Closes: #484
Approved by: baude

											
										
										
											2018-03-08 21:45:52 +00:00
+										if manifest.Annotations == nil || manifest.Annotations["org.opencontainers.image.ref.name"] == "" {
-												Allow push/save without image reference

If the user uses the image ID when saving to either docker-archive
or oci-archive, then do not save a reference in the manifest/index.json.
If the user chooses to push without an image reference, i.e <transport>:<path>
it should be valid and succeed.

Signed-off-by: umohnani8 <umohnani@redhat.com>

Closes: #782
Approved by: rhatdan

											
										
										
											2018-05-16 15:41:08 +00:00
+											// If the input image has no image.ref.name, we need to feed it a dest anyways
 											// use the hex of the digest
 											dest, err = getImageDigest(ctx, srcRef, sc)
 											if err != nil {
 												return nil, errors.Wrapf(err, "error getting image digest; image reference not found")
 											}
 										} else {
 											dest = manifest.Annotations["org.opencontainers.image.ref.name"]
-												Stage3 Image Library

This represents the stage3 implementation for the image library.  At this point, we
are moving the image-centric functions to pkg/image including migration of args and
object-oriented references.  This is a not a one-for-one migration of funcs and some
funcs will need to continue to reside in runtime_img as they are overly specific to
libpod and probably not useful to others.

Signed-off-by: baude <bbaude@redhat.com>

Closes: #484
Approved by: baude

											
										
										
											2018-03-08 21:45:52 +00:00
+										}
-												Replace getPullRefName by Runtime.getPullRefPair

This more or less reverts 9c9401a96c0b7d43dcea19c2972ef9612cc0a136
"Replace getPullRefPair with getPullRefName"; now that tests don't require
us to use pullRefName, move creation of storage references deeper into the
calls stack to reduce string use.

ir.getSinglePullRefNameGoal is accordingly updated to ir.getSinglePullRefPairGoal,
and we need to add a ~duplicate singlePullRefPairGoal; that duplication
of singlePullRefNameGoal will soon be resolved by dropping singlePullRefNameGoal.

Should not change behavior.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Closes: #1198
Approved by: mheon

											
										
										
											2018-08-01 22:05:52 +00:00
+										return ir.getSinglePullRefPairGoal(srcRef, dest)
-												Return early in refNamesFromImageReference instead of appending to pullNames

Almost all paths appended to pullNames exactly once; just construct a
single-element array in place and return it.

That way we can add empty lines as separators, and still come out shorter.

Should not change behavior.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Closes: #1176
Approved by: rhatdan

											
										
										
											2018-07-27 01:20:25 +00:00
-												Use a switch instead of if/if else/.../else

Should not change behavior.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Closes: #1176
Approved by: rhatdan

											
										
										
											2018-07-27 00:50:43 +00:00
+									case DirTransport:
-												Use srcRef.StringWithinTransport() instead of parsing imgName again

Because srcRef is created by parsing imgName, both hard-code assumptions
about transport-specific formats of the strings, so that is neither better nor worse;
but we do less explicit parsing.

Should not change behavior for dir:, nor for fully-correct docker-archive:.

docker-archive:, though, also supports docker-archive:path:reference, where
the reference is ignored (with a warning) on read; in such cases the previous
code would use the reference only (not the path), the new code uses both
as the path.  Neither works, we just change the failure mode (but
"error opening path:reference" is now more suggestive of the correct usage).

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Closes: #1176
Approved by: rhatdan

											
										
										
											2018-07-27 00:56:57 +00:00
+										path := srcRef.StringWithinTransport()
 										image := path
-												Stage3 Image Library

This represents the stage3 implementation for the image library.  At this point, we
are moving the image-centric functions to pkg/image including migration of args and
object-oriented references.  This is a not a one-for-one migration of funcs and some
funcs will need to continue to reside in runtime_img as they are overly specific to
libpod and probably not useful to others.

Signed-off-by: baude <bbaude@redhat.com>

Closes: #484
Approved by: baude

											
										
										
											2018-03-08 21:45:52 +00:00
+										if image[:1] == "/" {
-												Fix ambiguity in adding localhost to podman save

...and some naming decisions.

This change ensures podman save doesn't incorrectly prepend localhost when saving an image.

Signed-off-by: haircommander <pehunt@redhat.com>

Closes: #1140
Approved by: rhatdan

											
										
										
											2018-07-23 16:56:24 +00:00
+											// Set localhost as the registry so docker.io isn't prepended, and the path becomes the repository
 											image = DefaultLocalRegistry + image
-												Stage3 Image Library

This represents the stage3 implementation for the image library.  At this point, we
are moving the image-centric functions to pkg/image including migration of args and
object-oriented references.  This is a not a one-for-one migration of funcs and some
funcs will need to continue to reside in runtime_img as they are overly specific to
libpod and probably not useful to others.

Signed-off-by: baude <bbaude@redhat.com>

Closes: #484
Approved by: baude

											
										
										
											2018-03-08 21:45:52 +00:00
+										}
-												Replace getPullRefName by Runtime.getPullRefPair

This more or less reverts 9c9401a96c0b7d43dcea19c2972ef9612cc0a136
"Replace getPullRefPair with getPullRefName"; now that tests don't require
us to use pullRefName, move creation of storage references deeper into the
calls stack to reduce string use.

ir.getSinglePullRefNameGoal is accordingly updated to ir.getSinglePullRefPairGoal,
and we need to add a ~duplicate singlePullRefPairGoal; that duplication
of singlePullRefNameGoal will soon be resolved by dropping singlePullRefNameGoal.

Should not change behavior.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Closes: #1198
Approved by: mheon

											
										
										
											2018-08-01 22:05:52 +00:00
+										return ir.getSinglePullRefPairGoal(srcRef, image)
-												Return early in refNamesFromImageReference instead of appending to pullNames

Almost all paths appended to pullNames exactly once; just construct a
single-element array in place and return it.

That way we can add empty lines as separators, and still come out shorter.

Should not change behavior.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Closes: #1176
Approved by: rhatdan

											
										
										
											2018-07-27 01:20:25 +00:00
-												Use a switch instead of if/if else/.../else

Should not change behavior.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Closes: #1176
Approved by: rhatdan

											
										
										
											2018-07-27 00:50:43 +00:00
+									default:
-												Replace getPullRefName by Runtime.getPullRefPair

This more or less reverts 9c9401a96c0b7d43dcea19c2972ef9612cc0a136
"Replace getPullRefPair with getPullRefName"; now that tests don't require
us to use pullRefName, move creation of storage references deeper into the
calls stack to reduce string use.

ir.getSinglePullRefNameGoal is accordingly updated to ir.getSinglePullRefPairGoal,
and we need to add a ~duplicate singlePullRefPairGoal; that duplication
of singlePullRefNameGoal will soon be resolved by dropping singlePullRefNameGoal.

Should not change behavior.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Closes: #1198
Approved by: mheon

											
										
										
											2018-08-01 22:05:52 +00:00
+										return ir.getSinglePullRefPairGoal(srcRef, imgName)
-												Stage3 Image Library

This represents the stage3 implementation for the image library.  At this point, we
are moving the image-centric functions to pkg/image including migration of args and
object-oriented references.  This is a not a one-for-one migration of funcs and some
funcs will need to continue to reside in runtime_img as they are overly specific to
libpod and probably not useful to others.

Signed-off-by: baude <bbaude@redhat.com>

Closes: #484
Approved by: baude

											
										
										
											2018-03-08 21:45:52 +00:00
+									}
-												Split refNamesFromImageReference from Runtime.getPullListFromRef

Again, that makes the core logic independent from Runtime == containers-storage,
and easier to test independently.

So, this also adds tests.

Should not change behavior.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Closes: #1176
Approved by: rhatdan

											
										
										
											2018-07-26 23:16:00 +00:00
+								}
-												RFC: Rename runtime.pullImage to runtime.pullImageFromHeuristicSource

This is similar to the PushImageToHeuristicDestination RFC.

The goal is to be very explicit about which functions try to heuristically
guess what is the expected format of the string.  Not quite "shaming"
the users, but making sure they stand out.

RFC:
- Is this at all acceptable? Desirable?

Should not change behavior (but does not add unit tests).

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Closes: #1176
Approved by: rhatdan

											
										
										
											2018-07-28 06:45:11 +00:00
+								// pullImageFromHeuristicSource pulls an image based on inputName, which is heuristically parsed and may involve configured registries.
-												Introduce Runtime.pullImageFromReference, call it in Runtime.FromImageReference

FINALLY, (podman load) can pass through an ImageReference directly from
loadCmd all the way to pullGoalNamesFromImageReference, making sure not
to trigger the docker-like reference parsing heuristics.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Closes: #1176
Approved by: rhatdan

											
										
										
											2018-07-28 06:18:57 +00:00
+								// Use pullImageFromReference if the source is known precisely.
-												RFC: Rename runtime.pullImage to runtime.pullImageFromHeuristicSource

This is similar to the PushImageToHeuristicDestination RFC.

The goal is to be very explicit about which functions try to heuristically
guess what is the expected format of the string.  Not quite "shaming"
the users, but making sure they stand out.

RFC:
- Is this at all acceptable? Desirable?

Should not change behavior (but does not add unit tests).

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Closes: #1176
Approved by: rhatdan

											
										
										
											2018-07-28 06:45:11 +00:00
+								func (ir *Runtime) pullImageFromHeuristicSource(ctx context.Context, inputName string, writer io.Writer, authfile, signaturePolicyPath string, signingOptions SigningOptions, dockerOptions *DockerRegistryOptions, forceSecure bool) ([]string, error) {
-												Inline pullGoalNamesFromPossiblyUnqualifiedName into Runtime.pullGoalFromPossibly...

Again, we only needed them split for tests; so, integrate them back.
Then drop all remaining references to pullRefName and pullGoalNames,
which are not used for anything.

Should not change behavior

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Closes: #1198
Approved by: mheon

											
										
										
											2018-08-01 22:20:18 +00:00
+									var goal *pullGoal
-												Stage3 Image Library

This represents the stage3 implementation for the image library.  At this point, we
are moving the image-centric functions to pkg/image including migration of args and
object-oriented references.  This is a not a one-for-one migration of funcs and some
funcs will need to continue to reside in runtime_img as they are overly specific to
libpod and probably not useful to others.

Signed-off-by: baude <bbaude@redhat.com>

Closes: #484
Approved by: baude

											
										
										
											2018-03-08 21:45:52 +00:00
+									sc := GetSystemContext(signaturePolicyPath, authfile, false)
-												Move pullImage from Image to Runtime

pullImage (now) only uses Image.InputName; it is really used to _create_
an Image object, based on the pull results (as is most visible in the
LoadFromArchive caller), so it should not be a method on it.

This also simplifies a bit the number of different kids of uses of
Image.InputName; still apparently not enough to clearly document
the field, though.

Should not change behavior.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Closes: #1176
Approved by: rhatdan

											
										
										
											2018-07-28 04:54:34 +00:00
+									srcRef, err := alltransports.ParseImageName(inputName)
-												Stage3 Image Library

This represents the stage3 implementation for the image library.  At this point, we
are moving the image-centric functions to pkg/image including migration of args and
object-oriented references.  This is a not a one-for-one migration of funcs and some
funcs will need to continue to reside in runtime_img as they are overly specific to
libpod and probably not useful to others.

Signed-off-by: baude <bbaude@redhat.com>

Closes: #484
Approved by: baude

											
										
										
											2018-03-08 21:45:52 +00:00
+									if err != nil {
 										// could be trying to pull from registry with short name
-												Move pullImage from Image to Runtime

pullImage (now) only uses Image.InputName; it is really used to _create_
an Image object, based on the pull results (as is most visible in the
LoadFromArchive caller), so it should not be a method on it.

This also simplifies a bit the number of different kids of uses of
Image.InputName; still apparently not enough to clearly document
the field, though.

Should not change behavior.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Closes: #1176
Approved by: rhatdan

											
										
										
											2018-07-28 04:54:34 +00:00
+										goal, err = ir.pullGoalFromPossiblyUnqualifiedName(inputName)
-												Stage3 Image Library

This represents the stage3 implementation for the image library.  At this point, we
are moving the image-centric functions to pkg/image including migration of args and
object-oriented references.  This is a not a one-for-one migration of funcs and some
funcs will need to continue to reside in runtime_img as they are overly specific to
libpod and probably not useful to others.

Signed-off-by: baude <bbaude@redhat.com>

Closes: #484
Approved by: baude

											
										
										
											2018-03-08 21:45:52 +00:00
+										if err != nil {
-												save and load should support multi-tag for docker-archive

The docker-archive tar files can have multiple tags for the same
image stored in it. Load pulls all the tags found in the archive
when loading a tar file. Save can oush multiple tags of the same
image to a tar archive.

Signed-off-by: umohnani8 <umohnani@redhat.com>

Closes: #819
Approved by: rhatdan

											
										
										
											2018-05-21 17:53:19 +00:00
+											return nil, errors.Wrap(err, "error getting default registries to try")
-												Stage3 Image Library

This represents the stage3 implementation for the image library.  At this point, we
are moving the image-centric functions to pkg/image including migration of args and
object-oriented references.  This is a not a one-for-one migration of funcs and some
funcs will need to continue to reside in runtime_img as they are overly specific to
libpod and probably not useful to others.

Signed-off-by: baude <bbaude@redhat.com>

Closes: #484
Approved by: baude

											
										
										
											2018-03-08 21:45:52 +00:00
+										}
 									} else {
-												Inline pullGoalNamesFromPossiblyUnqualifiedName into Runtime.pullGoalFromPossibly...

Again, we only needed them split for tests; so, integrate them back.
Then drop all remaining references to pullRefName and pullGoalNames,
which are not used for anything.

Should not change behavior

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Closes: #1198
Approved by: mheon

											
										
										
											2018-08-01 22:20:18 +00:00
+										goal, err = ir.pullGoalFromImageReference(ctx, srcRef, inputName, sc)
-												Stage3 Image Library

This represents the stage3 implementation for the image library.  At this point, we
are moving the image-centric functions to pkg/image including migration of args and
object-oriented references.  This is a not a one-for-one migration of funcs and some
funcs will need to continue to reside in runtime_img as they are overly specific to
libpod and probably not useful to others.

Signed-off-by: baude <bbaude@redhat.com>

Closes: #484
Approved by: baude

											
										
										
											2018-03-08 21:45:52 +00:00
+										if err != nil {
-												Move pullImage from Image to Runtime

pullImage (now) only uses Image.InputName; it is really used to _create_
an Image object, based on the pull results (as is most visible in the
LoadFromArchive caller), so it should not be a method on it.

This also simplifies a bit the number of different kids of uses of
Image.InputName; still apparently not enough to clearly document
the field, though.

Should not change behavior.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Closes: #1176
Approved by: rhatdan

											
										
										
											2018-07-28 04:54:34 +00:00
+											return nil, errors.Wrapf(err, "error determining pull goal for image %q", inputName)
-												Stage3 Image Library

This represents the stage3 implementation for the image library.  At this point, we
are moving the image-centric functions to pkg/image including migration of args and
object-oriented references.  This is a not a one-for-one migration of funcs and some
funcs will need to continue to reside in runtime_img as they are overly specific to
libpod and probably not useful to others.

Signed-off-by: baude <bbaude@redhat.com>

Closes: #484
Approved by: baude

											
										
										
											2018-03-08 21:45:52 +00:00
+										}
 									}
-												Inline pullGoalNamesFromPossiblyUnqualifiedName into Runtime.pullGoalFromPossibly...

Again, we only needed them split for tests; so, integrate them back.
Then drop all remaining references to pullRefName and pullGoalNames,
which are not used for anything.

Should not change behavior

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Closes: #1198
Approved by: mheon

											
										
										
											2018-08-01 22:20:18 +00:00
+									return ir.doPullImage(ctx, sc, *goal, writer, signingOptions, dockerOptions, forceSecure)
-												Split doPullImage from pullImage

Now that we have a pullGoal, separate determination of the goal from
performing it; we will then introduce another entry point with
a supplied types.ImageReference.

Also remove or correct some misleading comments.

Should not change behavior (but does not add unit tests).

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Closes: #1176
Approved by: rhatdan

											
										
										
											2018-07-28 05:41:05 +00:00
+								}
-												Introduce Runtime.pullImageFromReference, call it in Runtime.FromImageReference

FINALLY, (podman load) can pass through an ImageReference directly from
loadCmd all the way to pullGoalNamesFromImageReference, making sure not
to trigger the docker-like reference parsing heuristics.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Closes: #1176
Approved by: rhatdan

											
										
										
											2018-07-28 06:18:57 +00:00
+								// pullImageFromReference pulls an image from a types.imageReference.
 								func (ir *Runtime) pullImageFromReference(ctx context.Context, srcRef types.ImageReference, writer io.Writer, authfile, signaturePolicyPath string, signingOptions SigningOptions, dockerOptions *DockerRegistryOptions, forceSecure bool) ([]string, error) {
 									sc := GetSystemContext(signaturePolicyPath, authfile, false)
 									goal, err := ir.pullGoalFromImageReference(ctx, srcRef, transports.ImageName(srcRef), sc)
 									if err != nil {
 										return nil, errors.Wrapf(err, "error determining pull goal for image %q", transports.ImageName(srcRef))
 									}
-												Inline pullGoalNamesFromImageReference back into Runtime.pullGoalFromImageReference

Now that we don't need a separate pullGoalNamesFromImageReference for
running tests, inline it back.

This forces us to add some glue code to getSinglePullRefNameGoal
and to convert between pullGoal and *pullGoal; that is temporary
and will be cleaned up soon.

Should not change behavior.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Closes: #1198
Approved by: mheon

											
										
										
											2018-08-01 21:46:35 +00:00
+									return ir.doPullImage(ctx, sc, *goal, writer, signingOptions, dockerOptions, forceSecure)
-												Introduce Runtime.pullImageFromReference, call it in Runtime.FromImageReference

FINALLY, (podman load) can pass through an ImageReference directly from
loadCmd all the way to pullGoalNamesFromImageReference, making sure not
to trigger the docker-like reference parsing heuristics.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Closes: #1176
Approved by: rhatdan

											
										
										
											2018-07-28 06:18:57 +00:00
+								}
-												Split doPullImage from pullImage

Now that we have a pullGoal, separate determination of the goal from
performing it; we will then introduce another entry point with
a supplied types.ImageReference.

Also remove or correct some misleading comments.

Should not change behavior (but does not add unit tests).

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Closes: #1176
Approved by: rhatdan

											
										
										
											2018-07-28 05:41:05 +00:00
+								// doPullImage is an internal helper interpreting pullGoal. Almost everyone should call one of the callers of doPullImage instead.
 								func (ir *Runtime) doPullImage(ctx context.Context, sc *types.SystemContext, goal pullGoal, writer io.Writer, signingOptions SigningOptions, dockerOptions *DockerRegistryOptions, forceSecure bool) ([]string, error) {
-												Stage3 Image Library

This represents the stage3 implementation for the image library.  At this point, we
are moving the image-centric functions to pkg/image including migration of args and
object-oriented references.  This is a not a one-for-one migration of funcs and some
funcs will need to continue to reside in runtime_img as they are overly specific to
libpod and probably not useful to others.

Signed-off-by: baude <bbaude@redhat.com>

Closes: #484
Approved by: baude

											
										
										
											2018-03-08 21:45:52 +00:00
+									policyContext, err := getPolicyContext(sc)
 									if err != nil {
-												save and load should support multi-tag for docker-archive

The docker-archive tar files can have multiple tags for the same
image stored in it. Load pulls all the tags found in the archive
when loading a tar file. Save can oush multiple tags of the same
image to a tar archive.

Signed-off-by: umohnani8 <umohnani@redhat.com>

Closes: #819
Approved by: rhatdan

											
										
										
											2018-05-21 17:53:19 +00:00
+										return nil, err
-												Stage3 Image Library

This represents the stage3 implementation for the image library.  At this point, we
are moving the image-centric functions to pkg/image including migration of args and
object-oriented references.  This is a not a one-for-one migration of funcs and some
funcs will need to continue to reside in runtime_img as they are overly specific to
libpod and probably not useful to others.

Signed-off-by: baude <bbaude@redhat.com>

Closes: #484
Approved by: baude

											
										
										
											2018-03-08 21:45:52 +00:00
+									}
 									defer policyContext.Destroy()
-												regression: tls verify should be set on registries.conf if insecure

In the case where podman needs to pull an image, if that registry that the image
resides on is known to be insesure (as defined in /etc/containers/registries.conf),
tls-verify should be altered on the fly.

Signed-off-by: baude <bbaude@redhat.com>

Closes: #626
Approved by: mheon

											
										
										
											2018-04-16 18:39:00 +00:00
+									insecureRegistries, err := registries.GetInsecureRegistries()
 									if err != nil {
-												save and load should support multi-tag for docker-archive

The docker-archive tar files can have multiple tags for the same
image stored in it. Load pulls all the tags found in the archive
when loading a tar file. Save can oush multiple tags of the same
image to a tar archive.

Signed-off-by: umohnani8 <umohnani@redhat.com>

Closes: #819
Approved by: rhatdan

											
										
										
											2018-05-21 17:53:19 +00:00
+										return nil, err
-												regression: tls verify should be set on registries.conf if insecure

In the case where podman needs to pull an image, if that registry that the image
resides on is known to be insesure (as defined in /etc/containers/registries.conf),
tls-verify should be altered on the fly.

Signed-off-by: baude <bbaude@redhat.com>

Closes: #626
Approved by: mheon

											
										
										
											2018-04-16 18:39:00 +00:00
+									}
-												save and load should support multi-tag for docker-archive

The docker-archive tar files can have multiple tags for the same
image stored in it. Load pulls all the tags found in the archive
when loading a tar file. Save can oush multiple tags of the same
image to a tar archive.

Signed-off-by: umohnani8 <umohnani@redhat.com>

Closes: #819
Approved by: rhatdan

											
										
										
											2018-05-21 17:53:19 +00:00
+									var images []string
-												libpod/image/pull: Return image-pulling errors from doPullImage

We were already writing these to our debug logs.  But collecting them
and including them in the error message will make it easier for
callers who don't have debugging enabled to figure out what's going
wrong.

Using multierror gives us both pretty formatting (when we print this
for the user) and programmatic access (for any callers that need to
inspect the constituent errors).  With this commit and a config like:

  $ cat /etc/containers/registries.conf
  [registries.search]
  registries = ['registry.access.redhat.com', 'quay.io', 'docker.io']

pulling an unqualified missing image looks like:

  $ podman pull does-not/exist
  Trying to pull registry.access.redhat.com/does-not/exist:latest...Failed
  Trying to pull quay.io/does-not/exist:latest...Failed
  Trying to pull docker.io/does-not/exist:latest...Failed
  error pulling image "does-not/exist": unable to pull does-not/exist: 3 errors occurred:

  * Error determining manifest MIME type for docker://registry.access.redhat.com/does-not/exist:latest: Error reading manifest latest in registry.access.redhat.com/does-not/exist: unknown: Not Found
  * Error determining manifest MIME type for docker://quay.io/does-not/exist:latest: Error reading manifest latest in quay.io/does-not/exist: unauthorized: access to the requested resource is not authorized
  * Error determining manifest MIME type for docker://does-not/exist:latest: Error reading manifest latest in docker.io/does-not/exist: errors:
  denied: requested access to the resource is denied
  unauthorized: authentication required

A qualified image looks like:

  $ podman pull quay.io/does-not/exist
  Trying to pull quay.io/does-not/exist...Failed
  error pulling image "quay.io/does-not/exist": unable to pull quay.io/does-not/exist: unable to pull image: Error determining manifest MIME type for docker://quay.io/does-not/exist:latest: Error reading manifest latest in quay.io/does-not/exist: unauthorized: access to the requested resource is not authorized

If one of the searched repositories was offline, you'd get a more
useful routing error for that specific registry.  For example:

  $ cat /etc/hosts
  127.0.0.1   quay.io
  $ podman pull does-not/exist
  Trying to pull registry.access.redhat.com/does-not/exist:latest...Failed
  Trying to pull quay.io/does-not/exist:latest...Failed
  Trying to pull docker.io/does-not/exist:latest...Failed
  error pulling image "does-not/exist": unable to pull does-not/exist: 3 errors occurred:

  * Error determining manifest MIME type for docker://registry.access.redhat.com/does-not/exist:latest: Error reading manifest latest in registry.access.redhat.com/does-not/exist: unknown: Not Found
  * Error determining manifest MIME type for docker://quay.io/does-not/exist:latest: pinging docker registry returned: Get https://quay.io/v2/: dial tcp 127.0.0.1:443: connect: connection refused
  * Error determining manifest MIME type for docker://does-not/exist:latest: Error reading manifest latest in docker.io/does-not/exist: errors:
  denied: requested access to the resource is denied
  unauthorized: authentication required

This is our first direct dependency on multierror, but we've been
vendoring it for a while now because opencontainers/runtime-tools uses
it for config validation.

Signed-off-by: W. Trevor King <wking@tremily.us>

Closes: #1456
Approved by: rhatdan

											
										
										
											2018-09-12 23:44:58 +00:00
+									var pullErrors *multierror.Error
-												Introduce struct pullGoal

The eventual goal is to cleanly capture semantics like "pull all images
for DockerArchive" and "did a search through $registries" without
hard-coding it through; and to allow a pullImage variant where
the caller can pass an imageReference directly.

For now, this just wraps []pullRefPair and should not change behavior.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Closes: #1176
Approved by: rhatdan

											
										
										
											2018-07-28 03:36:47 +00:00
+									for _, imageInfo := range goal.refPairs {
-												Remove the forceCompress parameter from getCopyOptions and DRO.GetSystemContext

Use the parent types.SystemContext data instead.

Should not change behavior.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Closes: #1176
Approved by: rhatdan

											
										
										
											2018-07-28 05:34:46 +00:00
+										copyOptions := getCopyOptions(sc, writer, dockerOptions, nil, signingOptions, "", nil)
-												Remove the :// end from DockerTransport

(... but keep it in DefaultTransport, which remains irregular.)

This makes DockerTransport consistent with the others, and much more importantly,
allows several instances to do
> imgRef.Transport().Name() == DockerTransport
instead of the current
> strings.HasPrefix(DockerTransport, imgRef.Transport().Name())
, which currently works but is pretty nonsensical (it does not check
the "docker://" prefix against the _full reference_, but it checks
the _transport name_ as a prefix of "docker://", i.e.  a transport named
"d" would be accepted.

Should not change behavior, because the only currently existing transport
which has a name that is a prefix of "docker://" is c/image/docker.Transport
(but does not add unit tests).

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Closes: #1176
Approved by: rhatdan

											
										
										
											2018-07-28 00:58:56 +00:00
+										if imageInfo.srcRef.Transport().Name() == DockerTransport {
-												Don't format to string and re-parse a DockerReference()

We already have a c/image/docker/reference.Named; no need to
round-trip it through a string.  This also eliminates the theoretical
parsing failure, and the unchecked .(reference.Named) cast.

Also add a check for DockerReference() == nil to be extra paranoid,
although that should never happen.

Should not change behavior (but does not add unit tests).

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Closes: #1176
Approved by: rhatdan

											
										
										
											2018-07-28 00:36:12 +00:00
+											imgRef := imageInfo.srcRef.DockerReference()
 											if imgRef == nil { // This should never happen; such references can’t be created.
 												return nil, fmt.Errorf("internal error: DockerTransport reference %s does not have a DockerReference",
 													transports.ImageName(imageInfo.srcRef))
-												regression: tls verify should be set on registries.conf if insecure

In the case where podman needs to pull an image, if that registry that the image
resides on is known to be insesure (as defined in /etc/containers/registries.conf),
tls-verify should be altered on the fly.

Signed-off-by: baude <bbaude@redhat.com>

Closes: #626
Approved by: mheon

											
										
										
											2018-04-16 18:39:00 +00:00
+											}
-												Don't format to string and re-parse a DockerReference()

We already have a c/image/docker/reference.Named; no need to
round-trip it through a string.  This also eliminates the theoretical
parsing failure, and the unchecked .(reference.Named) cast.

Also add a check for DockerReference() == nil to be extra paranoid,
although that should never happen.

Should not change behavior (but does not add unit tests).

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Closes: #1176
Approved by: rhatdan

											
										
										
											2018-07-28 00:36:12 +00:00
+											registry := reference.Domain(imgRef)
-												regression: tls verify should be set on registries.conf if insecure

In the case where podman needs to pull an image, if that registry that the image
resides on is known to be insesure (as defined in /etc/containers/registries.conf),
tls-verify should be altered on the fly.

Signed-off-by: baude <bbaude@redhat.com>

Closes: #626
Approved by: mheon

											
										
										
											2018-04-16 18:39:00 +00:00
 											if util.StringInSlice(registry, insecureRegistries) && !forceSecure {
 												copyOptions.SourceCtx.DockerInsecureSkipTLSVerify = true
 												logrus.Info(fmt.Sprintf("%s is an insecure registry; pulling with tls-verify=false", registry))
 											}
 										}
-												Stage3 Image Library

This represents the stage3 implementation for the image library.  At this point, we
are moving the image-centric functions to pkg/image including migration of args and
object-oriented references.  This is a not a one-for-one migration of funcs and some
funcs will need to continue to reside in runtime_img as they are overly specific to
libpod and probably not useful to others.

Signed-off-by: baude <bbaude@redhat.com>

Closes: #484
Approved by: baude

											
										
										
											2018-03-08 21:45:52 +00:00
+										// Print the following statement only when pulling from a docker or atomic registry
-												Remove the :// end from DockerTransport

(... but keep it in DefaultTransport, which remains irregular.)

This makes DockerTransport consistent with the others, and much more importantly,
allows several instances to do
> imgRef.Transport().Name() == DockerTransport
instead of the current
> strings.HasPrefix(DockerTransport, imgRef.Transport().Name())
, which currently works but is pretty nonsensical (it does not check
the "docker://" prefix against the _full reference_, but it checks
the _transport name_ as a prefix of "docker://", i.e.  a transport named
"d" would be accepted.

Should not change behavior, because the only currently existing transport
which has a name that is a prefix of "docker://" is c/image/docker.Transport
(but does not add unit tests).

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Closes: #1176
Approved by: rhatdan

											
										
										
											2018-07-28 00:58:56 +00:00
+										if writer != nil && (imageInfo.srcRef.Transport().Name() == DockerTransport || imageInfo.srcRef.Transport().Name() == AtomicTransport) {
-												Image library stage 4 - create and commit

Migrate the podman create and commit subcommandis to leverage the images library.  I also had
to migrate the cmd/ portions of run and rmi.

Signed-off-by: baude <bbaude@redhat.com>

Closes: #498
Approved by: mheon

											
										
										
											2018-03-15 15:06:49 +00:00
+											io.WriteString(writer, fmt.Sprintf("Trying to pull %s...", imageInfo.image))
-												Stage3 Image Library

This represents the stage3 implementation for the image library.  At this point, we
are moving the image-centric functions to pkg/image including migration of args and
object-oriented references.  This is a not a one-for-one migration of funcs and some
funcs will need to continue to reside in runtime_img as they are overly specific to
libpod and probably not useful to others.

Signed-off-by: baude <bbaude@redhat.com>

Closes: #484
Approved by: baude

											
										
										
											2018-03-08 21:45:52 +00:00
+										}
-												Vendor in new new buildah/ci

libpod requires new buildah and container image versions to resolve
bug #1640298

Signed-off-by: baude <bbaude@redhat.com>

											
										
										
											2018-10-17 21:42:05 +00:00
+										_, err = cp.Image(ctx, policyContext, imageInfo.dstRef, imageInfo.srcRef, copyOptions)
 										if err != nil {
-												libpod/image/pull: Return image-pulling errors from doPullImage

We were already writing these to our debug logs.  But collecting them
and including them in the error message will make it easier for
callers who don't have debugging enabled to figure out what's going
wrong.

Using multierror gives us both pretty formatting (when we print this
for the user) and programmatic access (for any callers that need to
inspect the constituent errors).  With this commit and a config like:

  $ cat /etc/containers/registries.conf
  [registries.search]
  registries = ['registry.access.redhat.com', 'quay.io', 'docker.io']

pulling an unqualified missing image looks like:

  $ podman pull does-not/exist
  Trying to pull registry.access.redhat.com/does-not/exist:latest...Failed
  Trying to pull quay.io/does-not/exist:latest...Failed
  Trying to pull docker.io/does-not/exist:latest...Failed
  error pulling image "does-not/exist": unable to pull does-not/exist: 3 errors occurred:

  * Error determining manifest MIME type for docker://registry.access.redhat.com/does-not/exist:latest: Error reading manifest latest in registry.access.redhat.com/does-not/exist: unknown: Not Found
  * Error determining manifest MIME type for docker://quay.io/does-not/exist:latest: Error reading manifest latest in quay.io/does-not/exist: unauthorized: access to the requested resource is not authorized
  * Error determining manifest MIME type for docker://does-not/exist:latest: Error reading manifest latest in docker.io/does-not/exist: errors:
  denied: requested access to the resource is denied
  unauthorized: authentication required

A qualified image looks like:

  $ podman pull quay.io/does-not/exist
  Trying to pull quay.io/does-not/exist...Failed
  error pulling image "quay.io/does-not/exist": unable to pull quay.io/does-not/exist: unable to pull image: Error determining manifest MIME type for docker://quay.io/does-not/exist:latest: Error reading manifest latest in quay.io/does-not/exist: unauthorized: access to the requested resource is not authorized

If one of the searched repositories was offline, you'd get a more
useful routing error for that specific registry.  For example:

  $ cat /etc/hosts
  127.0.0.1   quay.io
  $ podman pull does-not/exist
  Trying to pull registry.access.redhat.com/does-not/exist:latest...Failed
  Trying to pull quay.io/does-not/exist:latest...Failed
  Trying to pull docker.io/does-not/exist:latest...Failed
  error pulling image "does-not/exist": unable to pull does-not/exist: 3 errors occurred:

  * Error determining manifest MIME type for docker://registry.access.redhat.com/does-not/exist:latest: Error reading manifest latest in registry.access.redhat.com/does-not/exist: unknown: Not Found
  * Error determining manifest MIME type for docker://quay.io/does-not/exist:latest: pinging docker registry returned: Get https://quay.io/v2/: dial tcp 127.0.0.1:443: connect: connection refused
  * Error determining manifest MIME type for docker://does-not/exist:latest: Error reading manifest latest in docker.io/does-not/exist: errors:
  denied: requested access to the resource is denied
  unauthorized: authentication required

This is our first direct dependency on multierror, but we've been
vendoring it for a while now because opencontainers/runtime-tools uses
it for config validation.

Signed-off-by: W. Trevor King <wking@tremily.us>

Closes: #1456
Approved by: rhatdan

											
										
										
											2018-09-12 23:44:58 +00:00
+											pullErrors = multierror.Append(pullErrors, err)
-												Print errors from individual pull attempts

Right now, we don't print errors from c/image while trying to
pull images. This prints the errors when log-level=debug is set
so we can debug errors while pulling.

Signed-off-by: Matthew Heon <mheon@redhat.com>

Closes: #1409
Approved by: baude

											
										
										
											2018-09-05 15:01:24 +00:00
+											logrus.Debugf("Error pulling image ref %s: %v", imageInfo.srcRef.StringWithinTransport(), err)
-												Stage3 Image Library

This represents the stage3 implementation for the image library.  At this point, we
are moving the image-centric functions to pkg/image including migration of args and
object-oriented references.  This is a not a one-for-one migration of funcs and some
funcs will need to continue to reside in runtime_img as they are overly specific to
libpod and probably not useful to others.

Signed-off-by: baude <bbaude@redhat.com>

Closes: #484
Approved by: baude

											
										
										
											2018-03-08 21:45:52 +00:00
+											if writer != nil {
 												io.WriteString(writer, "Failed\n")
 											}
 										} else {
-												Eliminate the "DockerArchive means pull all refPairs" special case

Instead, encode it explicitly in pullGoal.pullAllPairs.

Should not change behavior (but does not add unit tests for
all of it).

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Closes: #1176
Approved by: rhatdan

											
										
										
											2018-07-28 04:25:23 +00:00
+											if !goal.pullAllPairs {
-												save and load should support multi-tag for docker-archive

The docker-archive tar files can have multiple tags for the same
image stored in it. Load pulls all the tags found in the archive
when loading a tar file. Save can oush multiple tags of the same
image to a tar archive.

Signed-off-by: umohnani8 <umohnani@redhat.com>

Closes: #819
Approved by: rhatdan

											
										
										
											2018-05-21 17:53:19 +00:00
+												return []string{imageInfo.image}, nil
 											}
 											images = append(images, imageInfo.image)
-												Stage3 Image Library

This represents the stage3 implementation for the image library.  At this point, we
are moving the image-centric functions to pkg/image including migration of args and
object-oriented references.  This is a not a one-for-one migration of funcs and some
funcs will need to continue to reside in runtime_img as they are overly specific to
libpod and probably not useful to others.

Signed-off-by: baude <bbaude@redhat.com>

Closes: #484
Approved by: baude

											
										
										
											2018-03-08 21:45:52 +00:00
+										}
 									}
-												fix panic with podman pull

when there are no registries configured for the system and the user provided
a short image name, we panic'd due a logic bug in recent image pull changes.

Signed-off-by: baude <bbaude@redhat.com>

Closes: #841
Approved by: rhatdan

											
										
										
											2018-05-29 16:32:41 +00:00
+									// If no image was found, we should handle.  Lets be nicer to the user and see if we can figure out why.
 									if len(images) == 0 {
 										registryPath := sysregistries.RegistriesConfPath(&types.SystemContext{})
-												Do not re-parse the list of search registries just for an error message

... when we even only count them.

This eliminates a rare error case, and saves time re-reading and re-parsing
the input.

(We still compute registryPath redundantly, and it may get out of sync.)

Should not change behavior (but does not add unit tests).

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Closes: #1176
Approved by: rhatdan

											
										
										
											2018-07-28 04:42:43 +00:00
+										if goal.usedSearchRegistries && len(goal.searchedRegistries) == 0 {
-												fix panic with podman pull

when there are no registries configured for the system and the user provided
a short image name, we panic'd due a logic bug in recent image pull changes.

Signed-off-by: baude <bbaude@redhat.com>

Closes: #841
Approved by: rhatdan

											
										
										
											2018-05-29 16:32:41 +00:00
+											return nil, errors.Errorf("image name provided is a short name and no search registries are defined in %s.", registryPath)
 										}
-												Better pull error for fully-qualified images

When pulling a fully-qualified image that fails, we should not be talking about
registries/search registries in the the error message as it is not applicable.  If
a image that is fq'd and fails to pull, the error should be simplified.

```
$ sudo podman pull this-does-not-exist.example.com/foo
Trying to pull this-does-not-exist.example.com/foo...Failed
error pulling image "this-does-not-exist.example.com/foo": unable to pull this-does-not-exist.example.com/foo: unable to pull image, or you do not have pull access
$
```

Resolves: #1212
Signed-off-by: baude <bbaude@redhat.com>

Closes: #1216
Approved by: mheon

											
										
										
											2018-08-04 15:30:16 +00:00
+										// If the image passed in was fully-qualified, we will have 1 refpair.  Bc the image is fq'd, we dont need to yap about registries.
 										if !goal.usedSearchRegistries {
-												libpod/image/pull: Return image-pulling errors from doPullImage

We were already writing these to our debug logs.  But collecting them
and including them in the error message will make it easier for
callers who don't have debugging enabled to figure out what's going
wrong.

Using multierror gives us both pretty formatting (when we print this
for the user) and programmatic access (for any callers that need to
inspect the constituent errors).  With this commit and a config like:

  $ cat /etc/containers/registries.conf
  [registries.search]
  registries = ['registry.access.redhat.com', 'quay.io', 'docker.io']

pulling an unqualified missing image looks like:

  $ podman pull does-not/exist
  Trying to pull registry.access.redhat.com/does-not/exist:latest...Failed
  Trying to pull quay.io/does-not/exist:latest...Failed
  Trying to pull docker.io/does-not/exist:latest...Failed
  error pulling image "does-not/exist": unable to pull does-not/exist: 3 errors occurred:

  * Error determining manifest MIME type for docker://registry.access.redhat.com/does-not/exist:latest: Error reading manifest latest in registry.access.redhat.com/does-not/exist: unknown: Not Found
  * Error determining manifest MIME type for docker://quay.io/does-not/exist:latest: Error reading manifest latest in quay.io/does-not/exist: unauthorized: access to the requested resource is not authorized
  * Error determining manifest MIME type for docker://does-not/exist:latest: Error reading manifest latest in docker.io/does-not/exist: errors:
  denied: requested access to the resource is denied
  unauthorized: authentication required

A qualified image looks like:

  $ podman pull quay.io/does-not/exist
  Trying to pull quay.io/does-not/exist...Failed
  error pulling image "quay.io/does-not/exist": unable to pull quay.io/does-not/exist: unable to pull image: Error determining manifest MIME type for docker://quay.io/does-not/exist:latest: Error reading manifest latest in quay.io/does-not/exist: unauthorized: access to the requested resource is not authorized

If one of the searched repositories was offline, you'd get a more
useful routing error for that specific registry.  For example:

  $ cat /etc/hosts
  127.0.0.1   quay.io
  $ podman pull does-not/exist
  Trying to pull registry.access.redhat.com/does-not/exist:latest...Failed
  Trying to pull quay.io/does-not/exist:latest...Failed
  Trying to pull docker.io/does-not/exist:latest...Failed
  error pulling image "does-not/exist": unable to pull does-not/exist: 3 errors occurred:

  * Error determining manifest MIME type for docker://registry.access.redhat.com/does-not/exist:latest: Error reading manifest latest in registry.access.redhat.com/does-not/exist: unknown: Not Found
  * Error determining manifest MIME type for docker://quay.io/does-not/exist:latest: pinging docker registry returned: Get https://quay.io/v2/: dial tcp 127.0.0.1:443: connect: connection refused
  * Error determining manifest MIME type for docker://does-not/exist:latest: Error reading manifest latest in docker.io/does-not/exist: errors:
  denied: requested access to the resource is denied
  unauthorized: authentication required

This is our first direct dependency on multierror, but we've been
vendoring it for a while now because opencontainers/runtime-tools uses
it for config validation.

Signed-off-by: W. Trevor King <wking@tremily.us>

Closes: #1456
Approved by: rhatdan

											
										
										
											2018-09-12 23:44:58 +00:00
+											if pullErrors != nil && len(pullErrors.Errors) > 0 { // this should always be true
 												return nil, errors.Wrap(pullErrors.Errors[0], "unable to pull image")
 											}
-												Better pull error for fully-qualified images

When pulling a fully-qualified image that fails, we should not be talking about
registries/search registries in the the error message as it is not applicable.  If
a image that is fq'd and fails to pull, the error should be simplified.

```
$ sudo podman pull this-does-not-exist.example.com/foo
Trying to pull this-does-not-exist.example.com/foo...Failed
error pulling image "this-does-not-exist.example.com/foo": unable to pull this-does-not-exist.example.com/foo: unable to pull image, or you do not have pull access
$
```

Resolves: #1212
Signed-off-by: baude <bbaude@redhat.com>

Closes: #1216
Approved by: mheon

											
										
										
											2018-08-04 15:30:16 +00:00
+											return nil, errors.Errorf("unable to pull image, or you do not have pull access")
 										}
-												libpod/image/pull: Return image-pulling errors from doPullImage

We were already writing these to our debug logs.  But collecting them
and including them in the error message will make it easier for
callers who don't have debugging enabled to figure out what's going
wrong.

Using multierror gives us both pretty formatting (when we print this
for the user) and programmatic access (for any callers that need to
inspect the constituent errors).  With this commit and a config like:

  $ cat /etc/containers/registries.conf
  [registries.search]
  registries = ['registry.access.redhat.com', 'quay.io', 'docker.io']

pulling an unqualified missing image looks like:

  $ podman pull does-not/exist
  Trying to pull registry.access.redhat.com/does-not/exist:latest...Failed
  Trying to pull quay.io/does-not/exist:latest...Failed
  Trying to pull docker.io/does-not/exist:latest...Failed
  error pulling image "does-not/exist": unable to pull does-not/exist: 3 errors occurred:

  * Error determining manifest MIME type for docker://registry.access.redhat.com/does-not/exist:latest: Error reading manifest latest in registry.access.redhat.com/does-not/exist: unknown: Not Found
  * Error determining manifest MIME type for docker://quay.io/does-not/exist:latest: Error reading manifest latest in quay.io/does-not/exist: unauthorized: access to the requested resource is not authorized
  * Error determining manifest MIME type for docker://does-not/exist:latest: Error reading manifest latest in docker.io/does-not/exist: errors:
  denied: requested access to the resource is denied
  unauthorized: authentication required

A qualified image looks like:

  $ podman pull quay.io/does-not/exist
  Trying to pull quay.io/does-not/exist...Failed
  error pulling image "quay.io/does-not/exist": unable to pull quay.io/does-not/exist: unable to pull image: Error determining manifest MIME type for docker://quay.io/does-not/exist:latest: Error reading manifest latest in quay.io/does-not/exist: unauthorized: access to the requested resource is not authorized

If one of the searched repositories was offline, you'd get a more
useful routing error for that specific registry.  For example:

  $ cat /etc/hosts
  127.0.0.1   quay.io
  $ podman pull does-not/exist
  Trying to pull registry.access.redhat.com/does-not/exist:latest...Failed
  Trying to pull quay.io/does-not/exist:latest...Failed
  Trying to pull docker.io/does-not/exist:latest...Failed
  error pulling image "does-not/exist": unable to pull does-not/exist: 3 errors occurred:

  * Error determining manifest MIME type for docker://registry.access.redhat.com/does-not/exist:latest: Error reading manifest latest in registry.access.redhat.com/does-not/exist: unknown: Not Found
  * Error determining manifest MIME type for docker://quay.io/does-not/exist:latest: pinging docker registry returned: Get https://quay.io/v2/: dial tcp 127.0.0.1:443: connect: connection refused
  * Error determining manifest MIME type for docker://does-not/exist:latest: Error reading manifest latest in docker.io/does-not/exist: errors:
  denied: requested access to the resource is denied
  unauthorized: authentication required

This is our first direct dependency on multierror, but we've been
vendoring it for a while now because opencontainers/runtime-tools uses
it for config validation.

Signed-off-by: W. Trevor King <wking@tremily.us>

Closes: #1456
Approved by: rhatdan

											
										
										
											2018-09-12 23:44:58 +00:00
+										return nil, pullErrors
-												fix panic with podman pull

when there are no registries configured for the system and the user provided
a short image name, we panic'd due a logic bug in recent image pull changes.

Signed-off-by: baude <bbaude@redhat.com>

Closes: #841
Approved by: rhatdan

											
										
										
											2018-05-29 16:32:41 +00:00
+									}
 									return images, nil
-												Stage3 Image Library

This represents the stage3 implementation for the image library.  At this point, we
are moving the image-centric functions to pkg/image including migration of args and
object-oriented references.  This is a not a one-for-one migration of funcs and some
funcs will need to continue to reside in runtime_img as they are overly specific to
libpod and probably not useful to others.

Signed-off-by: baude <bbaude@redhat.com>

Closes: #484
Approved by: baude

											
										
										
											2018-03-08 21:45:52 +00:00
+								}
-												Make Image.HasShaInInputName to an independent local function

The functionality only depends on Image.InputName, and we will want
to make the only user of this independent of the fairly complex Image type.

Should not change behavior.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Closes: #1112
Approved by: rhatdan

											
										
										
											2018-07-18 22:11:15 +00:00
+								// hasShaInInputName returns a bool as to whether the user provided an image name that includes
 								// a reference to a specific sha
 								func hasShaInInputName(inputName string) bool {
 									return strings.Contains(inputName, "@sha256:")
 								}
-												Inline pullGoalNamesFromPossiblyUnqualifiedName into Runtime.pullGoalFromPossibly...

Again, we only needed them split for tests; so, integrate them back.
Then drop all remaining references to pullRefName and pullGoalNames,
which are not used for anything.

Should not change behavior

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Closes: #1198
Approved by: mheon

											
										
										
											2018-08-01 22:20:18 +00:00
+								// pullGoalFromPossiblyUnqualifiedName looks at inputName and determines the possible
 								// image references to try pulling in combination with the registries.conf file as well
 								func (ir *Runtime) pullGoalFromPossiblyUnqualifiedName(inputName string) (*pullGoal, error) {
-												Make refNamesFromPossiblyUnqualifiedName independent from Image

... which finally makes it very easy to add comprehensive tests; so do that.

Should not change behavior.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Closes: #1112
Approved by: rhatdan

											
										
										
											2018-07-18 22:58:26 +00:00
+									decomposedImage, err := decompose(inputName)
-												Stage3 Image Library

This represents the stage3 implementation for the image library.  At this point, we
are moving the image-centric functions to pkg/image including migration of args and
object-oriented references.  This is a not a one-for-one migration of funcs and some
funcs will need to continue to reside in runtime_img as they are overly specific to
libpod and probably not useful to others.

Signed-off-by: baude <bbaude@redhat.com>

Closes: #484
Approved by: baude

											
										
										
											2018-03-08 21:45:52 +00:00
+									if err != nil {
 										return nil, err
 									}
 									if decomposedImage.hasRegistry {
-												Inline pullGoalNamesFromPossiblyUnqualifiedName into Runtime.pullGoalFromPossibly...

Again, we only needed them split for tests; so, integrate them back.
Then drop all remaining references to pullRefName and pullGoalNames,
which are not used for anything.

Should not change behavior

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Closes: #1198
Approved by: mheon

											
										
										
											2018-08-01 22:20:18 +00:00
+										var imageName, destName string
-												Make refNamesFromPossiblyUnqualifiedName independent from Image

... which finally makes it very easy to add comprehensive tests; so do that.

Should not change behavior.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Closes: #1112
Approved by: rhatdan

											
										
										
											2018-07-18 22:58:26 +00:00
+										if hasShaInInputName(inputName) {
 											imageName = fmt.Sprintf("%s%s", decomposedImage.transport, inputName)
-												fix pull image that includes a sha

when pulling an image that includes a sha such as:

centos/nginx-112-centos7@sha256:42330f7f29ba1ad67819f4ff3ae2472f62de13a827a74736a5098728462212e7

the final image name in libpod should not contain portions of the sha itself nor the sha
identifier.  and like docker, we provide a 'none' tag as well.

this should fix #877

Signed-off-by: baude <bbaude@redhat.com>

Closes: #1085
Approved by: mheon

											
										
										
											2018-07-12 18:44:26 +00:00
+										} else {
 											imageName = decomposedImage.assembleWithTransport()
 										}
 										srcRef, err := alltransports.ParseImageName(imageName)
-												Stage3 Image Library

This represents the stage3 implementation for the image library.  At this point, we
are moving the image-centric functions to pkg/image including migration of args and
object-oriented references.  This is a not a one-for-one migration of funcs and some
funcs will need to continue to reside in runtime_img as they are overly specific to
libpod and probably not useful to others.

Signed-off-by: baude <bbaude@redhat.com>

Closes: #484
Approved by: baude

											
										
										
											2018-03-08 21:45:52 +00:00
+										if err != nil {
-												Make refNamesFromPossiblyUnqualifiedName independent from Image

... which finally makes it very easy to add comprehensive tests; so do that.

Should not change behavior.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Closes: #1112
Approved by: rhatdan

											
										
										
											2018-07-18 22:58:26 +00:00
+											return nil, errors.Wrapf(err, "unable to parse '%s'", inputName)
-												Stage3 Image Library

This represents the stage3 implementation for the image library.  At this point, we
are moving the image-centric functions to pkg/image including migration of args and
object-oriented references.  This is a not a one-for-one migration of funcs and some
funcs will need to continue to reside in runtime_img as they are overly specific to
libpod and probably not useful to others.

Signed-off-by: baude <bbaude@redhat.com>

Closes: #484
Approved by: baude

											
										
										
											2018-03-08 21:45:52 +00:00
+										}
-												Make refNamesFromPossiblyUnqualifiedName independent from Image

... which finally makes it very easy to add comprehensive tests; so do that.

Should not change behavior.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Closes: #1112
Approved by: rhatdan

											
										
										
											2018-07-18 22:58:26 +00:00
+										if hasShaInInputName(inputName) {
-												Inline pullGoalNamesFromPossiblyUnqualifiedName into Runtime.pullGoalFromPossibly...

Again, we only needed them split for tests; so, integrate them back.
Then drop all remaining references to pullRefName and pullGoalNames,
which are not used for anything.

Should not change behavior

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Closes: #1198
Approved by: mheon

											
										
										
											2018-08-01 22:20:18 +00:00
+											destName = decomposedImage.assemble()
-												Replace optional nameToPull.shaPullName with mandatory dstName

This consolidates the shaPullName logic into a single place,
(and eliminates the unclear shaPullName member name completely).
The resulting nameToPull will shortly be more generally useful.

Should not change behavior.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Closes: #1112
Approved by: rhatdan

											
										
										
											2018-07-18 21:27:48 +00:00
+										} else {
-												Inline pullGoalNamesFromPossiblyUnqualifiedName into Runtime.pullGoalFromPossibly...

Again, we only needed them split for tests; so, integrate them back.
Then drop all remaining references to pullRefName and pullGoalNames,
which are not used for anything.

Should not change behavior

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Closes: #1198
Approved by: mheon

											
										
										
											2018-08-01 22:20:18 +00:00
+											destName = inputName
 										}
 										destRef, err := is.Transport.ParseStoreReference(ir.store, destName)
 										if err != nil {
 											return nil, errors.Wrapf(err, "error parsing dest reference name %#v", destName)
 										}
 										ps := pullRefPair{
 											image:  inputName,
 											srcRef: srcRef,
 											dstRef: destRef,
-												fix pull image that includes a sha

when pulling an image that includes a sha such as:

centos/nginx-112-centos7@sha256:42330f7f29ba1ad67819f4ff3ae2472f62de13a827a74736a5098728462212e7

the final image name in libpod should not contain portions of the sha itself nor the sha
identifier.  and like docker, we provide a 'none' tag as well.

this should fix #877

Signed-off-by: baude <bbaude@redhat.com>

Closes: #1085
Approved by: mheon

											
										
										
											2018-07-12 18:44:26 +00:00
+										}
-												Inline pullGoalNamesFromPossiblyUnqualifiedName into Runtime.pullGoalFromPossibly...

Again, we only needed them split for tests; so, integrate them back.
Then drop all remaining references to pullRefName and pullGoalNames,
which are not used for anything.

Should not change behavior

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Closes: #1198
Approved by: mheon

											
										
										
											2018-08-01 22:20:18 +00:00
+										return singlePullRefPairGoal(ps), nil
-												Use an early return from refNamesFromPossiblyUnqualifiedName

We will introduce helpers for the "single image" case, and having a separate
return statement will make them applicable here.

(Also allows us to reduce the scope of some variables a bit.)

Should not change behavior.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Closes: #1176
Approved by: rhatdan

											
										
										
											2018-07-28 04:05:53 +00:00
+									}
-												Stage3 Image Library

This represents the stage3 implementation for the image library.  At this point, we
are moving the image-centric functions to pkg/image including migration of args and
object-oriented references.  This is a not a one-for-one migration of funcs and some
funcs will need to continue to reside in runtime_img as they are overly specific to
libpod and probably not useful to others.

Signed-off-by: baude <bbaude@redhat.com>

Closes: #484
Approved by: baude

											
										
										
											2018-03-08 21:45:52 +00:00
-												Use an early return from refNamesFromPossiblyUnqualifiedName

We will introduce helpers for the "single image" case, and having a separate
return statement will make them applicable here.

(Also allows us to reduce the scope of some variables a bit.)

Should not change behavior.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Closes: #1176
Approved by: rhatdan

											
										
										
											2018-07-28 04:05:53 +00:00
+									searchRegistries, err := registries.GetRegistries()
 									if err != nil {
 										return nil, err
 									}
-												Inline pullGoalNamesFromPossiblyUnqualifiedName into Runtime.pullGoalFromPossibly...

Again, we only needed them split for tests; so, integrate them back.
Then drop all remaining references to pullRefName and pullGoalNames,
which are not used for anything.

Should not change behavior

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Closes: #1198
Approved by: mheon

											
										
										
											2018-08-01 22:20:18 +00:00
+									var refPairs []pullRefPair
-												Use an early return from refNamesFromPossiblyUnqualifiedName

We will introduce helpers for the "single image" case, and having a separate
return statement will make them applicable here.

(Also allows us to reduce the scope of some variables a bit.)

Should not change behavior.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Closes: #1176
Approved by: rhatdan

											
										
										
											2018-07-28 04:05:53 +00:00
+									for _, registry := range searchRegistries {
 										decomposedImage.registry = registry
 										imageName := decomposedImage.assembleWithTransport()
 										if hasShaInInputName(inputName) {
 											imageName = fmt.Sprintf("%s%s/%s", decomposedImage.transport, registry, inputName)
 										}
 										srcRef, err := alltransports.ParseImageName(imageName)
-												Stage3 Image Library

This represents the stage3 implementation for the image library.  At this point, we
are moving the image-centric functions to pkg/image including migration of args and
object-oriented references.  This is a not a one-for-one migration of funcs and some
funcs will need to continue to reside in runtime_img as they are overly specific to
libpod and probably not useful to others.

Signed-off-by: baude <bbaude@redhat.com>

Closes: #484
Approved by: baude

											
										
										
											2018-03-08 21:45:52 +00:00
+										if err != nil {
-												Use an early return from refNamesFromPossiblyUnqualifiedName

We will introduce helpers for the "single image" case, and having a separate
return statement will make them applicable here.

(Also allows us to reduce the scope of some variables a bit.)

Should not change behavior.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Closes: #1176
Approved by: rhatdan

											
										
										
											2018-07-28 04:05:53 +00:00
+											return nil, errors.Wrapf(err, "unable to parse '%s'", inputName)
-												Stage3 Image Library

This represents the stage3 implementation for the image library.  At this point, we
are moving the image-centric functions to pkg/image including migration of args and
object-oriented references.  This is a not a one-for-one migration of funcs and some
funcs will need to continue to reside in runtime_img as they are overly specific to
libpod and probably not useful to others.

Signed-off-by: baude <bbaude@redhat.com>

Closes: #484
Approved by: baude

											
										
										
											2018-03-08 21:45:52 +00:00
+										}
-												Inline pullGoalNamesFromPossiblyUnqualifiedName into Runtime.pullGoalFromPossibly...

Again, we only needed them split for tests; so, integrate them back.
Then drop all remaining references to pullRefName and pullGoalNames,
which are not used for anything.

Should not change behavior

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Closes: #1198
Approved by: mheon

											
										
										
											2018-08-01 22:20:18 +00:00
+										ps := pullRefPair{
-												Use an early return from refNamesFromPossiblyUnqualifiedName

We will introduce helpers for the "single image" case, and having a separate
return statement will make them applicable here.

(Also allows us to reduce the scope of some variables a bit.)

Should not change behavior.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Closes: #1176
Approved by: rhatdan

											
										
										
											2018-07-28 04:05:53 +00:00
+											image:  decomposedImage.assemble(),
 											srcRef: srcRef,
-												Stage3 Image Library

This represents the stage3 implementation for the image library.  At this point, we
are moving the image-centric functions to pkg/image including migration of args and
object-oriented references.  This is a not a one-for-one migration of funcs and some
funcs will need to continue to reside in runtime_img as they are overly specific to
libpod and probably not useful to others.

Signed-off-by: baude <bbaude@redhat.com>

Closes: #484
Approved by: baude

											
										
										
											2018-03-08 21:45:52 +00:00
+										}
-												Inline pullGoalNamesFromPossiblyUnqualifiedName into Runtime.pullGoalFromPossibly...

Again, we only needed them split for tests; so, integrate them back.
Then drop all remaining references to pullRefName and pullGoalNames,
which are not used for anything.

Should not change behavior

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Closes: #1198
Approved by: mheon

											
										
										
											2018-08-01 22:20:18 +00:00
+										ps.dstRef, err = is.Transport.ParseStoreReference(ir.store, ps.image)
 										if err != nil {
 											return nil, errors.Wrapf(err, "error parsing dest reference name %#v", ps.image)
 										}
 										refPairs = append(refPairs, ps)
-												Stage3 Image Library

This represents the stage3 implementation for the image library.  At this point, we
are moving the image-centric functions to pkg/image including migration of args and
object-oriented references.  This is a not a one-for-one migration of funcs and some
funcs will need to continue to reside in runtime_img as they are overly specific to
libpod and probably not useful to others.

Signed-off-by: baude <bbaude@redhat.com>

Closes: #484
Approved by: baude

											
										
										
											2018-03-08 21:45:52 +00:00
+									}
-												Inline pullGoalNamesFromPossiblyUnqualifiedName into Runtime.pullGoalFromPossibly...

Again, we only needed them split for tests; so, integrate them back.
Then drop all remaining references to pullRefName and pullGoalNames,
which are not used for anything.

Should not change behavior

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Closes: #1198
Approved by: mheon

											
										
										
											2018-08-01 22:20:18 +00:00
+									return &pullGoal{
 										refPairs:             refPairs,
-												Eliminate duplicate determination whether to use search registries

Instead of duplicating the hasRegistry logic, just record whether we
did use search or not.

Should not change behavior (but does not add unit tests for all of it).

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Closes: #1176
Approved by: rhatdan

											
										
										
											2018-07-28 04:33:11 +00:00
+										pullAllPairs:         false,
 										usedSearchRegistries: true,
-												Do not re-parse the list of search registries just for an error message

... when we even only count them.

This eliminates a rare error case, and saves time re-reading and re-parsing
the input.

(We still compute registryPath redundantly, and it may get out of sync.)

Should not change behavior (but does not add unit tests).

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Closes: #1176
Approved by: rhatdan

											
										
										
											2018-07-28 04:42:43 +00:00
+										searchedRegistries:   searchRegistries,
-												Introduce struct pullGoalNames

This is an intermediate version of pullGoal, which exists basically
only for easier testing without containers-storage: (i.e. root access)
in unit tests.

Like pullGoal, we will add more members to make it useful in the future.

RFC: Unlike pullGoal, the return value is *pullGoalNames, because there are
quite a few (return nil, err) cases which would be more difficult to read
when returning a value.

Should not change behavior.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Closes: #1176
Approved by: rhatdan

											
										
										
											2018-07-28 04:02:49 +00:00
+									}, nil
-												Split createNamesToPull into ref{Names,Pairs}FromPossiblyUnqualifiedName

One part creates []*pullRefName; the other just trivially converts it
into []*pullRefPair.

Also use much more explicit names to explain the functionality.

Should not change behavior.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Closes: #1112
Approved by: rhatdan

											
										
										
											2018-07-18 22:07:15 +00:00
+								}