Avoid parsing metadata that the image library keeps in order to find an
image's top layer and creation date; instead, use the values which the
storage library now makes available, which will be correct once we merge
PR #654 or something like it.
Instead of assuming the last blob which was added for the image was the
manifest, read it directly and compute its digest ourselves.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Don't bother trying to find and parse the image's configuration blob
after we've already done it; just reuse the value. This frees us from
making the assumption that the last blob which was committed to local
storage was the image's configuration blob.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Parse the set of image names as tagged references, canonical references,
or repository names to which we add the default tag, and return them in
libkpod.ImageData reports.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Switch from using the lower-level storage APIs (accessing LayerStore,
ImageStore, and ContainerStore types directly) in favor of the
higher-level ones that take care of synchronization and locking for us.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Add notes to README.md about needing to install ostree-devel, or
libostree-dev, or building ostree from source.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Bump containers/image (pulling in its new dependency on ostree-go),
containers/storage, and updated image-spec.
This pulls in the OCI v1.0 specifications and code that allows us to
support 1.0 images.
Signed-off-by: Dan Walsh <dwalsh@redhat.com>
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
update libkpod's New() function to use a config struct, and update
server.New() to call into libkpod.New()
Signed-off-by: Ryan Cole <rcyoalne@gmail.com>
During my testing in OpenShift I've noticed that conmon leaves some
zombies processes. The reason is that we are using
PR_SET_CHILD_SUBREAPER in conmon and runC forks a new process (runc
init) each time we start a container. Using g_child_watch_add only on
the main runc process and on the container process is not enough as we
do not cleanup any other zombie process.
Since glib doesn't allow to catch SIGCHLD and to better integrate in the
existing code, catch it with signal(2) then raise a SIGUSR1 that glib
handles.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
bin2img/checkseccomp/copyimg are file targets and should not be .PHONY.
This prevents to build them if not necessary.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Build all of our binaries with the same build tags and the same LDFLAGS.
This means we add $(LDFLAGS) to bin2img, copyimg, and cri-o,
$(BUILDTAGS) to kpod, and both to crioctl and checkseccomp.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
If sandbox is in the same package as server, there will be a circular dependency when
kpod create is implemented
Signed-off-by: Ryan Cole <rcyoalne@gmail.com>
When the integration test image is run on a system with apparmor
enabled, it needs binaries from the 'apparmor' package, so ensure that
it's always there.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Basically none of the clever storage drivers will work when we're on top
of AUFS, so if we find ourselves in that situation when running tests,
default to storage options of "--storage-driver vfs".
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Move container state data to libkpod, separate from the sandbox
data in server. However, the move was structured such that sandbox
data could easily be moved over into libkpod in the future
Signed-off-by: Ryan Cole <rcyoalne@gmail.com>
go list {{.Imports}} outputs imports as an array, and the leading
and trailing square brackets can get caught in the name of a package.
Add a pipe in the dependency command to remove the brackets
Signed-off-by: Ryan Cole <rcyoalne@gmail.com>