Build and install from GOPATH

* Rename 'vendor/src' -> 'vendor'
  * Ignore vendor/ instead of vendor/src/ for lint
* Rename 'cmd/client' -> 'cmd/ocic' to make it 'go install'able
* Rename 'cmd/server' -> 'cmd/ocid' to make it 'go install'able
* Update Makefile to build and install from GOPATH
* Update tests to locate ocid/ocic in GOPATH/bin
* Search for binaries in GOPATH/bin instead of PATH
* Install tools using `go get -u`, so they are updated on each run

Signed-off-by: Jonathan Yu <jawnsy@redhat.com>

vendor/github.com/containers/image/oci/layout/oci_dest.go

@@ -0,0 +1,241 @@
+package layout
+
+import (
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+
+	"github.com/containers/image/manifest"
+	"github.com/containers/image/types"
+	"github.com/docker/distribution/digest"
+	imgspecv1 "github.com/opencontainers/image-spec/specs-go/v1"
+)
+
+type ociImageDestination struct {
+	ref ociReference
+}
+
+// newImageDestination returns an ImageDestination for writing to an existing directory.
+func newImageDestination(ref ociReference) types.ImageDestination {
+	return &ociImageDestination{ref: ref}
+}
+
+// Reference returns the reference used to set up this destination.  Note that this should directly correspond to user's intent,
+// e.g. it should use the public hostname instead of the result of resolving CNAMEs or following redirects.
+func (d *ociImageDestination) Reference() types.ImageReference {
+	return d.ref
+}
+
+// Close removes resources associated with an initialized ImageDestination, if any.
+func (d *ociImageDestination) Close() {
+}
+
+func (d *ociImageDestination) SupportedManifestMIMETypes() []string {
+	return []string{
+		imgspecv1.MediaTypeImageManifest,
+		manifest.DockerV2Schema2MediaType,
+	}
+}
+
+// SupportsSignatures returns an error (to be displayed to the user) if the destination certainly can't store signatures.
+// Note: It is still possible for PutSignatures to fail if SupportsSignatures returns nil.
+func (d *ociImageDestination) SupportsSignatures() error {
+	return fmt.Errorf("Pushing signatures for OCI images is not supported")
+}
+
+// ShouldCompressLayers returns true iff it is desirable to compress layer blobs written to this destination.
+func (d *ociImageDestination) ShouldCompressLayers() bool {
+	return true
+}
+
+// AcceptsForeignLayerURLs returns false iff foreign layers in manifest should be actually
+// uploaded to the image destination, true otherwise.
+func (d *ociImageDestination) AcceptsForeignLayerURLs() bool {
+	return false
+}
+
+// PutBlob writes contents of stream and returns data representing the result (with all data filled in).
+// inputInfo.Digest can be optionally provided if known; it is not mandatory for the implementation to verify it.
+// inputInfo.Size is the expected length of stream, if known.
+// WARNING: The contents of stream are being verified on the fly.  Until stream.Read() returns io.EOF, the contents of the data SHOULD NOT be available
+// to any other readers for download using the supplied digest.
+// If stream.Read() at any time, ESPECIALLY at end of input, returns an error, PutBlob MUST 1) fail, and 2) delete any data stored so far.
+func (d *ociImageDestination) PutBlob(stream io.Reader, inputInfo types.BlobInfo) (types.BlobInfo, error) {
+	if err := ensureDirectoryExists(d.ref.dir); err != nil {
+		return types.BlobInfo{}, err
+	}
+	blobFile, err := ioutil.TempFile(d.ref.dir, "oci-put-blob")
+	if err != nil {
+		return types.BlobInfo{}, err
+	}
+	succeeded := false
+	defer func() {
+		blobFile.Close()
+		if !succeeded {
+			os.Remove(blobFile.Name())
+		}
+	}()
+
+	digester := digest.Canonical.New()
+	tee := io.TeeReader(stream, digester.Hash())
+
+	size, err := io.Copy(blobFile, tee)
+	if err != nil {
+		return types.BlobInfo{}, err
+	}
+	computedDigest := digester.Digest()
+	if inputInfo.Size != -1 && size != inputInfo.Size {
+		return types.BlobInfo{}, fmt.Errorf("Size mismatch when copying %s, expected %d, got %d", computedDigest, inputInfo.Size, size)
+	}
+	if err := blobFile.Sync(); err != nil {
+		return types.BlobInfo{}, err
+	}
+	if err := blobFile.Chmod(0644); err != nil {
+		return types.BlobInfo{}, err
+	}
+
+	blobPath, err := d.ref.blobPath(computedDigest)
+	if err != nil {
+		return types.BlobInfo{}, err
+	}
+	if err := ensureParentDirectoryExists(blobPath); err != nil {
+		return types.BlobInfo{}, err
+	}
+	if err := os.Rename(blobFile.Name(), blobPath); err != nil {
+		return types.BlobInfo{}, err
+	}
+	succeeded = true
+	return types.BlobInfo{Digest: computedDigest, Size: size}, nil
+}
+
+func (d *ociImageDestination) HasBlob(info types.BlobInfo) (bool, int64, error) {
+	if info.Digest == "" {
+		return false, -1, fmt.Errorf(`"Can not check for a blob with unknown digest`)
+	}
+	blobPath, err := d.ref.blobPath(info.Digest)
+	if err != nil {
+		return false, -1, err
+	}
+	finfo, err := os.Stat(blobPath)
+	if err != nil && os.IsNotExist(err) {
+		return false, -1, types.ErrBlobNotFound
+	}
+	if err != nil {
+		return false, -1, err
+	}
+	return true, finfo.Size(), nil
+}
+
+func (d *ociImageDestination) ReapplyBlob(info types.BlobInfo) (types.BlobInfo, error) {
+	return info, nil
+}
+
+func createManifest(m []byte) ([]byte, string, error) {
+	om := imgspecv1.Manifest{}
+	mt := manifest.GuessMIMEType(m)
+	switch mt {
+	case manifest.DockerV2Schema1MediaType, manifest.DockerV2Schema1SignedMediaType:
+		// There a simple reason about not yet implementing this.
+		// OCI image-spec assure about backward compatibility with docker v2s2 but not v2s1
+		// generating a v2s2 is a migration docker does when upgrading to 1.10.3
+		// and I don't think we should bother about this now (I don't want to have migration code here in skopeo)
+		return nil, "", errors.New("can't create an OCI manifest from Docker V2 schema 1 manifest")
+	case manifest.DockerV2Schema2MediaType:
+		if err := json.Unmarshal(m, &om); err != nil {
+			return nil, "", err
+		}
+		om.MediaType = imgspecv1.MediaTypeImageManifest
+		for i, l := range om.Layers {
+			if l.MediaType == manifest.DockerV2Schema2ForeignLayerMediaType {
+				om.Layers[i].MediaType = imgspecv1.MediaTypeImageLayerNonDistributable
+			} else {
+				om.Layers[i].MediaType = imgspecv1.MediaTypeImageLayer
+			}
+		}
+		om.Config.MediaType = imgspecv1.MediaTypeImageConfig
+		b, err := json.Marshal(om)
+		if err != nil {
+			return nil, "", err
+		}
+		return b, om.MediaType, nil
+	case manifest.DockerV2ListMediaType:
+		return nil, "", errors.New("can't create an OCI manifest from Docker V2 schema 2 manifest list")
+	case imgspecv1.MediaTypeImageManifestList:
+		return nil, "", errors.New("can't create an OCI manifest from OCI manifest list")
+	case imgspecv1.MediaTypeImageManifest:
+		return m, mt, nil
+	}
+	return nil, "", fmt.Errorf("unrecognized manifest media type %q", mt)
+}
+
+func (d *ociImageDestination) PutManifest(m []byte) error {
+	// TODO(mitr, runcom): this breaks signatures entirely since at this point we're creating a new manifest
+	// and signatures don't apply anymore. Will fix.
+	ociMan, mt, err := createManifest(m)
+	if err != nil {
+		return err
+	}
+	digest, err := manifest.Digest(ociMan)
+	if err != nil {
+		return err
+	}
+	desc := imgspecv1.Descriptor{}
+	desc.Digest = digest.String()
+	// TODO(runcom): beaware and add support for OCI manifest list
+	desc.MediaType = mt
+	desc.Size = int64(len(ociMan))
+	data, err := json.Marshal(desc)
+	if err != nil {
+		return err
+	}
+
+	blobPath, err := d.ref.blobPath(digest)
+	if err != nil {
+		return err
+	}
+	if err := ioutil.WriteFile(blobPath, ociMan, 0644); err != nil {
+		return err
+	}
+	// TODO(runcom): ugly here?
+	if err := ioutil.WriteFile(d.ref.ociLayoutPath(), []byte(`{"imageLayoutVersion": "1.0.0"}`), 0644); err != nil {
+		return err
+	}
+	descriptorPath := d.ref.descriptorPath(d.ref.tag)
+	if err := ensureParentDirectoryExists(descriptorPath); err != nil {
+		return err
+	}
+	return ioutil.WriteFile(descriptorPath, data, 0644)
+}
+
+func ensureDirectoryExists(path string) error {
+	if _, err := os.Stat(path); err != nil && os.IsNotExist(err) {
+		if err := os.MkdirAll(path, 0755); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+// ensureParentDirectoryExists ensures the parent of the supplied path exists.
+func ensureParentDirectoryExists(path string) error {
+	return ensureDirectoryExists(filepath.Dir(path))
+}
+
+func (d *ociImageDestination) PutSignatures(signatures [][]byte) error {
+	if len(signatures) != 0 {
+		return fmt.Errorf("Pushing signatures for OCI images is not supported")
+	}
+	return nil
+}
+
+// Commit marks the process of storing the image as successful and asks for the image to be persisted.
+// WARNING: This does not have any transactional semantics:
+// - Uploaded data MAY be visible to others before Commit() is called
+// - Uploaded data MAY be removed or MAY remain around if Close() is called without Commit() (i.e. rollback is allowed but not guaranteed)
+func (d *ociImageDestination) Commit() error {
+	return nil
+}

vendor/github.com/containers/image/oci/layout/oci_src.go

@@ -0,0 +1,94 @@
+package layout
+
+import (
+	"encoding/json"
+	"io"
+	"io/ioutil"
+	"os"
+
+	"github.com/containers/image/manifest"
+	"github.com/containers/image/types"
+	"github.com/docker/distribution/digest"
+	imgspecv1 "github.com/opencontainers/image-spec/specs-go/v1"
+)
+
+type ociImageSource struct {
+	ref ociReference
+}
+
+// newImageSource returns an ImageSource for reading from an existing directory.
+func newImageSource(ref ociReference) types.ImageSource {
+	return &ociImageSource{ref: ref}
+}
+
+// Reference returns the reference used to set up this source.
+func (s *ociImageSource) Reference() types.ImageReference {
+	return s.ref
+}
+
+// Close removes resources associated with an initialized ImageSource, if any.
+func (s *ociImageSource) Close() {
+}
+
+// GetManifest returns the image's manifest along with its MIME type (which may be empty when it can't be determined but the manifest is available).
+// It may use a remote (= slow) service.
+func (s *ociImageSource) GetManifest() ([]byte, string, error) {
+	descriptorPath := s.ref.descriptorPath(s.ref.tag)
+	data, err := ioutil.ReadFile(descriptorPath)
+	if err != nil {
+		return nil, "", err
+	}
+
+	desc := imgspecv1.Descriptor{}
+	err = json.Unmarshal(data, &desc)
+	if err != nil {
+		return nil, "", err
+	}
+
+	manifestPath, err := s.ref.blobPath(digest.Digest(desc.Digest))
+	if err != nil {
+		return nil, "", err
+	}
+	m, err := ioutil.ReadFile(manifestPath)
+	if err != nil {
+		return nil, "", err
+	}
+
+	return m, manifest.GuessMIMEType(m), nil
+}
+
+func (s *ociImageSource) GetTargetManifest(digest digest.Digest) ([]byte, string, error) {
+	manifestPath, err := s.ref.blobPath(digest)
+	if err != nil {
+		return nil, "", err
+	}
+
+	m, err := ioutil.ReadFile(manifestPath)
+	if err != nil {
+		return nil, "", err
+	}
+
+	return m, manifest.GuessMIMEType(m), nil
+}
+
+// GetBlob returns a stream for the specified blob, and the blob's size.
+func (s *ociImageSource) GetBlob(info types.BlobInfo) (io.ReadCloser, int64, error) {
+	path, err := s.ref.blobPath(info.Digest)
+	if err != nil {
+		return nil, 0, err
+	}
+
+	r, err := os.Open(path)
+	if err != nil {
+		return nil, 0, err
+	}
+	fi, err := r.Stat()
+	if err != nil {
+		return nil, 0, err
+	}
+	return r, fi.Size(), nil
+}
+
+func (s *ociImageSource) GetSignatures() ([][]byte, error) {
+	return [][]byte{}, nil
+}

vendor/github.com/containers/image/oci/layout/oci_transport.go

@@ -0,0 +1,213 @@
+package layout
+
+import (
+	"errors"
+	"fmt"
+	"path/filepath"
+	"regexp"
+	"strings"
+
+	"github.com/containers/image/directory/explicitfilepath"
+	"github.com/containers/image/docker/reference"
+	"github.com/containers/image/image"
+	"github.com/containers/image/types"
+	"github.com/docker/distribution/digest"
+)
+
+// Transport is an ImageTransport for OCI directories.
+var Transport = ociTransport{}
+
+type ociTransport struct{}
+
+func (t ociTransport) Name() string {
+	return "oci"
+}
+
+// ParseReference converts a string, which should not start with the ImageTransport.Name prefix, into an ImageReference.
+func (t ociTransport) ParseReference(reference string) (types.ImageReference, error) {
+	return ParseReference(reference)
+}
+
+var refRegexp = regexp.MustCompile(`^([A-Za-z0-9._-]+)+$`)
+
+// ValidatePolicyConfigurationScope checks that scope is a valid name for a signature.PolicyTransportScopes keys
+// (i.e. a valid PolicyConfigurationIdentity() or PolicyConfigurationNamespaces() return value).
+// It is acceptable to allow an invalid value which will never be matched, it can "only" cause user confusion.
+// scope passed to this function will not be "", that value is always allowed.
+func (t ociTransport) ValidatePolicyConfigurationScope(scope string) error {
+	var dir string
+	sep := strings.LastIndex(scope, ":")
+	if sep == -1 {
+		dir = scope
+	} else {
+		dir = scope[:sep]
+		tag := scope[sep+1:]
+		if !refRegexp.MatchString(tag) {
+			return fmt.Errorf("Invalid tag %s", tag)
+		}
+	}
+
+	if strings.Contains(dir, ":") {
+		return fmt.Errorf("Invalid OCI reference %s: path contains a colon", scope)
+	}
+
+	if !strings.HasPrefix(dir, "/") {
+		return fmt.Errorf("Invalid scope %s: must be an absolute path", scope)
+	}
+	// Refuse also "/", otherwise "/" and "" would have the same semantics,
+	// and "" could be unexpectedly shadowed by the "/" entry.
+	// (Note: we do allow "/:sometag", a bit ridiculous but why refuse it?)
+	if scope == "/" {
+		return errors.New(`Invalid scope "/": Use the generic default scope ""`)
+	}
+	cleaned := filepath.Clean(dir)
+	if cleaned != dir {
+		return fmt.Errorf(`Invalid scope %s: Uses non-canonical path format, perhaps try with path %s`, scope, cleaned)
+	}
+	return nil
+}
+
+// ociReference is an ImageReference for OCI directory paths.
+type ociReference struct {
+	// Note that the interpretation of paths below depends on the underlying filesystem state, which may change under us at any time!
+	// Either of the paths may point to a different, or no, inode over time.  resolvedDir may contain symbolic links, and so on.
+
+	// Generally we follow the intent of the user, and use the "dir" member for filesystem operations (e.g. the user can use a relative path to avoid
+	// being exposed to symlinks and renames in the parent directories to the working directory).
+	// (But in general, we make no attempt to be completely safe against concurrent hostile filesystem modifications.)
+	dir         string // As specified by the user. May be relative, contain symlinks, etc.
+	resolvedDir string // Absolute path with no symlinks, at least at the time of its creation. Primarily used for policy namespaces.
+	tag         string
+}
+
+// ParseReference converts a string, which should not start with the ImageTransport.Name prefix, into an OCI ImageReference.
+func ParseReference(reference string) (types.ImageReference, error) {
+	var dir, tag string
+	sep := strings.LastIndex(reference, ":")
+	if sep == -1 {
+		dir = reference
+		tag = "latest"
+	} else {
+		dir = reference[:sep]
+		tag = reference[sep+1:]
+	}
+	return NewReference(dir, tag)
+}
+
+// NewReference returns an OCI reference for a directory and a tag.
+//
+// We do not expose an API supplying the resolvedDir; we could, but recomputing it
+// is generally cheap enough that we prefer being confident about the properties of resolvedDir.
+func NewReference(dir, tag string) (types.ImageReference, error) {
+	resolved, err := explicitfilepath.ResolvePathToFullyExplicit(dir)
+	if err != nil {
+		return nil, err
+	}
+	// This is necessary to prevent directory paths returned by PolicyConfigurationNamespaces
+	// from being ambiguous with values of PolicyConfigurationIdentity.
+	if strings.Contains(resolved, ":") {
+		return nil, fmt.Errorf("Invalid OCI reference %s:%s: path %s contains a colon", dir, tag, resolved)
+	}
+	if !refRegexp.MatchString(tag) {
+		return nil, fmt.Errorf("Invalid tag %s", tag)
+	}
+	return ociReference{dir: dir, resolvedDir: resolved, tag: tag}, nil
+}
+
+func (ref ociReference) Transport() types.ImageTransport {
+	return Transport
+}
+
+// StringWithinTransport returns a string representation of the reference, which MUST be such that
+// reference.Transport().ParseReference(reference.StringWithinTransport()) returns an equivalent reference.
+// NOTE: The returned string is not promised to be equal to the original input to ParseReference;
+// e.g. default attribute values omitted by the user may be filled in in the return value, or vice versa.
+// WARNING: Do not use the return value in the UI to describe an image, it does not contain the Transport().Name() prefix.
+func (ref ociReference) StringWithinTransport() string {
+	return fmt.Sprintf("%s:%s", ref.dir, ref.tag)
+}
+
+// DockerReference returns a Docker reference associated with this reference
+// (fully explicit, i.e. !reference.IsNameOnly, but reflecting user intent,
+// not e.g. after redirect or alias processing), or nil if unknown/not applicable.
+func (ref ociReference) DockerReference() reference.Named {
+	return nil
+}
+
+// PolicyConfigurationIdentity returns a string representation of the reference, suitable for policy lookup.
+// This MUST reflect user intent, not e.g. after processing of third-party redirects or aliases;
+// The value SHOULD be fully explicit about its semantics, with no hidden defaults, AND canonical
+// (i.e. various references with exactly the same semantics should return the same configuration identity)
+// It is fine for the return value to be equal to StringWithinTransport(), and it is desirable but
+// not required/guaranteed that it will be a valid input to Transport().ParseReference().
+// Returns "" if configuration identities for these references are not supported.
+func (ref ociReference) PolicyConfigurationIdentity() string {
+	return fmt.Sprintf("%s:%s", ref.resolvedDir, ref.tag)
+}
+
+// PolicyConfigurationNamespaces returns a list of other policy configuration namespaces to search
+// for if explicit configuration for PolicyConfigurationIdentity() is not set.  The list will be processed
+// in order, terminating on first match, and an implicit "" is always checked at the end.
+// It is STRONGLY recommended for the first element, if any, to be a prefix of PolicyConfigurationIdentity(),
+// and each following element to be a prefix of the element preceding it.
+func (ref ociReference) PolicyConfigurationNamespaces() []string {
+	res := []string{}
+	path := ref.resolvedDir
+	for {
+		lastSlash := strings.LastIndex(path, "/")
+		// Note that we do not include "/"; it is redundant with the default "" global default,
+		// and rejected by ociTransport.ValidatePolicyConfigurationScope above.
+		if lastSlash == -1 || path == "/" {
+			break
+		}
+		res = append(res, path)
+		path = path[:lastSlash]
+	}
+	return res
+}
+
+// NewImage returns a types.Image for this reference, possibly specialized for this ImageTransport.
+// The caller must call .Close() on the returned Image.
+// NOTE: If any kind of signature verification should happen, build an UnparsedImage from the value returned by NewImageSource,
+// verify that UnparsedImage, and convert it into a real Image via image.FromUnparsedImage.
+func (ref ociReference) NewImage(ctx *types.SystemContext) (types.Image, error) {
+	src := newImageSource(ref)
+	return image.FromSource(src)
+}
+
+// NewImageSource returns a types.ImageSource for this reference,
+// asking the backend to use a manifest from requestedManifestMIMETypes if possible.
+// nil requestedManifestMIMETypes means manifest.DefaultRequestedManifestMIMETypes.
+// The caller must call .Close() on the returned ImageSource.
+func (ref ociReference) NewImageSource(ctx *types.SystemContext, requestedManifestMIMETypes []string) (types.ImageSource, error) {
+	return newImageSource(ref), nil
+}
+
+// NewImageDestination returns a types.ImageDestination for this reference.
+// The caller must call .Close() on the returned ImageDestination.
+func (ref ociReference) NewImageDestination(ctx *types.SystemContext) (types.ImageDestination, error) {
+	return newImageDestination(ref), nil
+}
+
+// DeleteImage deletes the named image from the registry, if supported.
+func (ref ociReference) DeleteImage(ctx *types.SystemContext) error {
+	return fmt.Errorf("Deleting images not implemented for oci: images")
+}
+
+// ociLayoutPathPath returns a path for the oci-layout within a directory using OCI conventions.
+func (ref ociReference) ociLayoutPath() string {
+	return filepath.Join(ref.dir, "oci-layout")
+}
+
+// blobPath returns a path for a blob within a directory using OCI image-layout conventions.
+func (ref ociReference) blobPath(digest digest.Digest) (string, error) {
+	if err := digest.Validate(); err != nil {
+		return "", fmt.Errorf("unexpected digest reference %s: %v", digest, err)
+	}
+	return filepath.Join(ref.dir, "blobs", digest.Algorithm().String(), digest.Hex()), nil
+}
+
+// descriptorPath returns a path for the manifest within a directory using OCI conventions.
+func (ref ociReference) descriptorPath(digest string) string {
+	return filepath.Join(ref.dir, "refs", digest)
+}