Move to containers/image v5, support manifest lists #4310
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
openshift-ci-robot
added
the
do-not-merge/work-in-progress
openshift-ci-robot
added
the
size/XXL
nalind
force-pushed
the
manifest-lists
branch
3 times, most recently
from
e2fdd6c
to
e324fb6
Compare
|
Do you foresee issues with containers and/or images on the system that were created before these changes go into play? i.e. will each pre-existing containers and images need to be migrated/updated? |
nalind
force-pushed
the
manifest-lists
branch
from
81ce933
to
30014f3
Compare
|
No, the contents on disk stay the same when we pull an image down using a tag or a digest that doesn't point to a list. For such images, the only visible differences should be in the |
nalind
force-pushed
the
manifest-lists
branch
20 times, most recently
from
23e1c4e
to
7cd5e67
Compare
nalind
force-pushed
the
manifest-lists
branch
3 times, most recently
from
4d36fe4
to
b5ab257
Compare
Move to containers/image v5 and containers/buildah to v1.11.4. Replace an equality check with a type assertion when checking for a docker.ErrUnauthorizedForCredentials in `podman login`. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Test that when we pull using tag or digest references from locations that are manifest lists, that we can inspect using the references that we used for pulling, that the tags show up in the RepoTag list when we inspect an image that was pulled using a tag, and that the list and instance digests always both show up in the RepoDigest list. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
When an image can be opened as an ImageSource but not an Image, handle the case where it's an image list all by itself, the case where it's an image for a different architecture/OS combination, or the case where it's both. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Add --override-arch and --override-os as hidden flags, in line with the global flag names that skopeo uses, so that we can test behavior around manifest lists without having to conditionalize more of it by arch. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Be prepared to report multiple image digests for images which contain multiple manifests but, because they continue to have the same set of layers and the same configuration, are considered to be the same image. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Generate an image's RepoDigests list using all applicable digests, and refrain from outputting a digest in the tag column of the "images" output. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
nalind
force-pushed
the
manifest-lists
branch
from
b5ab257
to
4e19376
Compare
Currently podman play kube is not using the system default seccomp.json file. This PR will use the default or override location for podman play. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
nalind
force-pushed
the
manifest-lists
branch
from
4e19376
to
66c126d
Compare
|
/lgtm |
openshift-ci-robot
added
do-not-merge/hold
|
/hold cancel |
openshift-ci-robot
removed
the
do-not-merge/hold
This was referenced Oct 29, 2019
github-actions
bot
added
the
locked - please file new issue/PR
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Since containers/storage#283, the storage library's Image type has been able to track multiple digests for an image in storage, so we should support that, as proposed changes in containers/image#400 will start storing manifest lists alongside runnable images. This also extends the exported API and inspection types to provide that information.
When we encounter an image in local storage that we can read as an image library
ImageSourcebut not as anImage, we should handle it gracefully, since it might be an image list with no corresponding runnable image, as containers/buildah#1902 will start creating.Add some tests to exercise pulling using tags that point to manifest lists, using digests of manifest lists, and digests of images that aren't manifest lists, that we're able to successfully inspect the result, and that when we create an image using the result of one of the pulls, that we get back the name we specified when creating the image. The tests require
--override-osand--override-archflags topull, which we add but leave hidden, for now at least.