podman/libpod/diff.go

package libpod

import (
	"fmt"

	"github.com/containers/podman/v4/libpod/define"
	"github.com/containers/podman/v4/libpod/layers"
	"github.com/containers/storage/pkg/archive"
)

var initInodes = map[string]bool{
	"/dev":                   true,
	"/etc/hostname":          true,
	"/etc/hosts":             true,
	"/etc/resolv.conf":       true,
	"/proc":                  true,
	"/run":                   true,
	"/run/notify":            true,
	"/run/.containerenv":     true,
	"/run/secrets":           true,
	define.ContainerInitPath: true,
	"/sys":                   true,
	"/etc/mtab":              true,
}

// GetDiff returns the differences between the two images, layers, or containers
func (r *Runtime) GetDiff(from, to string, diffType define.DiffType) ([]archive.Change, error) {
	toLayer, err := r.getLayerID(to, diffType)
	if err != nil {
		return nil, err
	}
	fromLayer := ""
	if from != "" {
		fromLayer, err = r.getLayerID(from, diffType)
		if err != nil {
			return nil, err
		}
	}
	var rchanges []archive.Change
	changes, err := r.store.Changes(fromLayer, toLayer)
	if err == nil {
		for _, c := range changes {
			if initInodes[c.Path] {
				continue
			}
			rchanges = append(rchanges, c)
		}
	}
	return rchanges, err
}

// GetLayerID gets a full layer id given a full or partial id
// If the id matches a container or image, the id of the top layer is returned
// If the id matches a layer, the top layer id is returned
func (r *Runtime) getLayerID(id string, diffType define.DiffType) (string, error) {
	var lastErr error
	if diffType&define.DiffImage == define.DiffImage {
		toImage, _, err := r.libimageRuntime.LookupImage(id, nil)
		if err == nil {
			return toImage.TopLayer(), nil
		}
		lastErr = err
	}

	if diffType&define.DiffContainer == define.DiffContainer {
		toCtr, err := r.store.Container(id)
		if err == nil {
			return toCtr.LayerID, nil
		}
		lastErr = err
	}

	if diffType == define.DiffAll {
		toLayer, err := layers.FullID(r.store, id)
		if err == nil {
			return toLayer, nil
		}
		lastErr = err
	}
	return "", fmt.Errorf("%s not found: %w", id, lastErr)
}
Initial checkin from CRI-O repo Signed-off-by: Matthew Heon <matthew.heon@gmail.com> 2017-11-01 15:24:59 +00:00			`package libpod`

			`import (`
libpod: switch to golang native error wrapping We now use the golang error wrapping format specifier `%w` instead of the deprecated github.com/pkg/errors package. [NO NEW TESTS NEEDED] Signed-off-by: Sascha Grunert <sgrunert@redhat.com> 2022-07-05 09:42:22 +00:00			`"fmt"`

bump go module to version 4 Automated for .go files via gomove [1]: `gomove github.com/containers/podman/v3 github.com/containers/podman/v4` Remaining files via vgrep [2]: `vgrep github.com/containers/podman/v3` [1] https://github.com/KSubedi/gomove [2] https://github.com/vrothberg/vgrep Signed-off-by: Valentin Rothberg <rothberg@redhat.com> 2022-01-18 09:14:48 +00:00			`"github.com/containers/podman/v4/libpod/define"`
			`"github.com/containers/podman/v4/libpod/layers"`
Initial checkin from CRI-O repo Signed-off-by: Matthew Heon <matthew.heon@gmail.com> 2017-11-01 15:24:59 +00:00			`"github.com/containers/storage/pkg/archive"`
			`)`

Create the /etc/mtab file if does not exists We should create the /etc/mtab->/proc/mountinfo link so that mount command will work within the container. Docker does this by default. Fixes: https://github.com/containers/podman/issues/10263 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> 2021-05-07 19:17:33 +00:00			`var initInodes = map[string]bool{`
fix --init with /dev bind mount The init binary until now has been bind-mounted to /dev/init which breaks when bind-mounting to /dev. Instead mount the init to /run/podman-init. The reasoning for using /run is that it is already used for other runtime data such as secrets. Fixes: #14251 Signed-off-by: Valentin Rothberg <vrothberg@redhat.com> 2022-05-18 09:34:13 +00:00			`"/dev": true,`
			`"/etc/hostname": true,`
			`"/etc/hosts": true,`
			`"/etc/resolv.conf": true,`
			`"/proc": true,`
			`"/run": true,`
			`"/run/notify": true,`
			`"/run/.containerenv": true,`
			`"/run/secrets": true,`
			`define.ContainerInitPath: true,`
			`"/sys": true,`
			`"/etc/mtab": true,`
Don't output inodes created to run a container There is a group of inodes that get created when running a container if they do not exist. containerMounts = map[string]bool{ "/dev": true, "/etc/hostname": true, "/etc/hosts": true, "/etc/resolv.conf": true, "/proc": true, "/run": true, "/run/.containerenv": true, "/run/secrets": true, "/sys": true, } If the destination inode does not exist, libpod/runc will create the inode. This can cause programs like podman diff to see the image as having changed, when actually it has not. This patch ignores changes in these inodes. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1508 Approved by: giuseppe 2018-09-19 13:54:15 +00:00			`}`

Initial checkin from CRI-O repo Signed-off-by: Matthew Heon <matthew.heon@gmail.com> 2017-11-01 15:24:59 +00:00			`// GetDiff returns the differences between the two images, layers, or containers`
podman diff accept two images or containers First, make podman diff accept optionally a second argument. This allows the user to specify a second image/container to compare the first with. If it is not set the parent layer will be used as before. Second, podman container diff should only use containers and podman image diff should only use images. Previously, podman container diff would use the image when both an image and container with this name exists. To make this work two new parameters have been added to the api. If they are not used the previous behaviour is used. The same applies to the bindings. Fixes #10649 Signed-off-by: Paul Holzinger <pholzing@redhat.com> 2021-07-01 13:24:20 +00:00			`func (r *Runtime) GetDiff(from, to string, diffType define.DiffType) ([]archive.Change, error) {`
			`toLayer, err := r.getLayerID(to, diffType)`
Initial checkin from CRI-O repo Signed-off-by: Matthew Heon <matthew.heon@gmail.com> 2017-11-01 15:24:59 +00:00			`if err != nil {`
			`return nil, err`
			`}`
			`fromLayer := ""`
			`if from != "" {`
podman diff accept two images or containers First, make podman diff accept optionally a second argument. This allows the user to specify a second image/container to compare the first with. If it is not set the parent layer will be used as before. Second, podman container diff should only use containers and podman image diff should only use images. Previously, podman container diff would use the image when both an image and container with this name exists. To make this work two new parameters have been added to the api. If they are not used the previous behaviour is used. The same applies to the bindings. Fixes #10649 Signed-off-by: Paul Holzinger <pholzing@redhat.com> 2021-07-01 13:24:20 +00:00			`fromLayer, err = r.getLayerID(from, diffType)`
Initial checkin from CRI-O repo Signed-off-by: Matthew Heon <matthew.heon@gmail.com> 2017-11-01 15:24:59 +00:00			`if err != nil {`
			`return nil, err`
			`}`
			`}`
Don't output inodes created to run a container There is a group of inodes that get created when running a container if they do not exist. containerMounts = map[string]bool{ "/dev": true, "/etc/hostname": true, "/etc/hosts": true, "/etc/resolv.conf": true, "/proc": true, "/run": true, "/run/.containerenv": true, "/run/secrets": true, "/sys": true, } If the destination inode does not exist, libpod/runc will create the inode. This can cause programs like podman diff to see the image as having changed, when actually it has not. This patch ignores changes in these inodes. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1508 Approved by: giuseppe 2018-09-19 13:54:15 +00:00			`var rchanges []archive.Change`
			`changes, err := r.store.Changes(fromLayer, toLayer)`
			`if err == nil {`
			`for _, c := range changes {`
Create the /etc/mtab file if does not exists We should create the /etc/mtab->/proc/mountinfo link so that mount command will work within the container. Docker does this by default. Fixes: https://github.com/containers/podman/issues/10263 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> 2021-05-07 19:17:33 +00:00			`if initInodes[c.Path] {`
Don't output inodes created to run a container There is a group of inodes that get created when running a container if they do not exist. containerMounts = map[string]bool{ "/dev": true, "/etc/hostname": true, "/etc/hosts": true, "/etc/resolv.conf": true, "/proc": true, "/run": true, "/run/.containerenv": true, "/run/secrets": true, "/sys": true, } If the destination inode does not exist, libpod/runc will create the inode. This can cause programs like podman diff to see the image as having changed, when actually it has not. This patch ignores changes in these inodes. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1508 Approved by: giuseppe 2018-09-19 13:54:15 +00:00			`continue`
			`}`
			`rchanges = append(rchanges, c)`
			`}`
			`}`
			`return rchanges, err`
Initial checkin from CRI-O repo Signed-off-by: Matthew Heon <matthew.heon@gmail.com> 2017-11-01 15:24:59 +00:00			`}`

			`// GetLayerID gets a full layer id given a full or partial id`
			`// If the id matches a container or image, the id of the top layer is returned`
			`// If the id matches a layer, the top layer id is returned`
podman diff accept two images or containers First, make podman diff accept optionally a second argument. This allows the user to specify a second image/container to compare the first with. If it is not set the parent layer will be used as before. Second, podman container diff should only use containers and podman image diff should only use images. Previously, podman container diff would use the image when both an image and container with this name exists. To make this work two new parameters have been added to the api. If they are not used the previous behaviour is used. The same applies to the bindings. Fixes #10649 Signed-off-by: Paul Holzinger <pholzing@redhat.com> 2021-07-01 13:24:20 +00:00			`func (r *Runtime) getLayerID(id string, diffType define.DiffType) (string, error) {`
			`var lastErr error`
			`if diffType&define.DiffImage == define.DiffImage {`
vendor containers/common@main The `IgnorePlatform` options has been removed from the `LookupImageOptions` in libimage to properly support multi-arch images. Skip one buildah-bud test which requires updated CI images. This is currently being done in github.com/containers/podman/pull/10829 but we need to unblock merging common and buildah into podman. [NO TESTS NEEDED] Signed-off-by: Valentin Rothberg <rothberg@redhat.com> 2021-07-02 12:37:30 +00:00			`toImage, _, err := r.libimageRuntime.LookupImage(id, nil)`
podman diff accept two images or containers First, make podman diff accept optionally a second argument. This allows the user to specify a second image/container to compare the first with. If it is not set the parent layer will be used as before. Second, podman container diff should only use containers and podman image diff should only use images. Previously, podman container diff would use the image when both an image and container with this name exists. To make this work two new parameters have been added to the api. If they are not used the previous behaviour is used. The same applies to the bindings. Fixes #10649 Signed-off-by: Paul Holzinger <pholzing@redhat.com> 2021-07-01 13:24:20 +00:00			`if err == nil {`
			`return toImage.TopLayer(), nil`
			`}`
			`lastErr = err`
fix podman container exists and diff for storage containers Current these commands only check if a container exists in libpod. With this fix, the commands will also check if they are in containers/storage. This allows users to look at differences within a buildah or CRI-O container. Currently buildah diff does not exists, so this helps out in that situation as well as in CRI-O since the cri does not implement a diff command. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> 2020-10-03 10:56:42 +00:00			`}`

podman diff accept two images or containers First, make podman diff accept optionally a second argument. This allows the user to specify a second image/container to compare the first with. If it is not set the parent layer will be used as before. Second, podman container diff should only use containers and podman image diff should only use images. Previously, podman container diff would use the image when both an image and container with this name exists. To make this work two new parameters have been added to the api. If they are not used the previous behaviour is used. The same applies to the bindings. Fixes #10649 Signed-off-by: Paul Holzinger <pholzing@redhat.com> 2021-07-01 13:24:20 +00:00			`if diffType&define.DiffContainer == define.DiffContainer {`
			`toCtr, err := r.store.Container(id)`
			`if err == nil {`
			`return toCtr.LayerID, nil`
			`}`
			`lastErr = err`
fix podman container exists and diff for storage containers Current these commands only check if a container exists in libpod. With this fix, the commands will also check if they are in containers/storage. This allows users to look at differences within a buildah or CRI-O container. Currently buildah diff does not exists, so this helps out in that situation as well as in CRI-O since the cri does not implement a diff command. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> 2020-10-03 10:56:42 +00:00			`}`
podman diff accept two images or containers First, make podman diff accept optionally a second argument. This allows the user to specify a second image/container to compare the first with. If it is not set the parent layer will be used as before. Second, podman container diff should only use containers and podman image diff should only use images. Previously, podman container diff would use the image when both an image and container with this name exists. To make this work two new parameters have been added to the api. If they are not used the previous behaviour is used. The same applies to the bindings. Fixes #10649 Signed-off-by: Paul Holzinger <pholzing@redhat.com> 2021-07-01 13:24:20 +00:00
			`if diffType == define.DiffAll {`
			`toLayer, err := layers.FullID(r.store, id)`
			`if err == nil {`
			`return toLayer, nil`
Initial checkin from CRI-O repo Signed-off-by: Matthew Heon <matthew.heon@gmail.com> 2017-11-01 15:24:59 +00:00			`}`
podman diff accept two images or containers First, make podman diff accept optionally a second argument. This allows the user to specify a second image/container to compare the first with. If it is not set the parent layer will be used as before. Second, podman container diff should only use containers and podman image diff should only use images. Previously, podman container diff would use the image when both an image and container with this name exists. To make this work two new parameters have been added to the api. If they are not used the previous behaviour is used. The same applies to the bindings. Fixes #10649 Signed-off-by: Paul Holzinger <pholzing@redhat.com> 2021-07-01 13:24:20 +00:00			`lastErr = err`
Initial checkin from CRI-O repo Signed-off-by: Matthew Heon <matthew.heon@gmail.com> 2017-11-01 15:24:59 +00:00			`}`
libpod: switch to golang native error wrapping We now use the golang error wrapping format specifier `%w` instead of the deprecated github.com/pkg/errors package. [NO NEW TESTS NEEDED] Signed-off-by: Sascha Grunert <sgrunert@redhat.com> 2022-07-05 09:42:22 +00:00			`return "", fmt.Errorf("%s not found: %w", id, lastErr)`
Initial checkin from CRI-O repo Signed-off-by: Matthew Heon <matthew.heon@gmail.com> 2017-11-01 15:24:59 +00:00			`}`