Commit graph

82 commits

Author SHA1 Message Date
Paweł Gronowski
ed2f5d1d85
c8d/builder: Don't drop fields from created image
Previous image created a new partially filled image.
This caused child images to lose their parent's layers.

Instead of creating a new object and trying to replace its fields, just
clone the original passed image and change its ID to the manifest
digest.

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
(cherry picked from commit 01214bafd2)
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2023-08-24 12:47:56 +02:00
Sebastiaan van Stijn
937491288e
Merge pull request #43818 from thaJeztah/image_inspect
add support for image inspect with containerd-integration
2023-01-06 17:40:15 +01:00
Nicolas De Loof
1616a09b61 add support for image inspect with containerd-integration
This is a squashed version of various PRs (or related code-changes)
to implement image inspect with the containerd-integration;

- add support for image inspect
- introduce GetImageOpts to manage image inspect data in backend
- GetImage to return image tags with details
- list images matching digest to discover all tags
- Add ExposedPorts and Volumes to the image returned
- Refactor resolving/getting images
- Return the image ID on inspect
- consider digest and ignore tag when both are set
- docker run --platform

Signed-off-by: Djordje Lukic <djordje.lukic@docker.com>
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-01-05 16:20:41 +01:00
Sebastiaan van Stijn
456ea1bb1d
image: deprecate IDFromDigest()
Having this function hides what it's doing, which is just to type-cast
to an image.ID (which is a digest). Using a cast is more transparent,
so deprecating this function in favor of a regular typecast.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-01-01 12:33:00 +01:00
Nicolas De Loof
8fb71ce208
manage image inspect data in backend
This allows differentiating how the detailed data is collected between
the containerd-integration code and the existing implementation.

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-09 19:02:12 +01:00
Sebastiaan van Stijn
3c6c9fa180
Merge pull request #43300 from thaJeztah/api_update_imageinspect_docs
API: improve swagger and go-doc for ImageInspect structs
2022-03-05 17:54:37 +01:00
Sebastiaan van Stijn
a0230f3d9a
remove unneeded "digest" alias for "go-digest"
I think this was there for historic reasons (may have been goimports expected
this, and we used to have a linter that wanted it), but it's not needed, so
let's remove it (to make my IDE less complaining about unneeded aliases).

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-04 14:49:42 +01:00
Sebastiaan van Stijn
06df530b6d
image: improve godoc for V1Image
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-03 22:57:03 +01:00
Rob Cowsill
42dba8c3f9
Fix spurious error from "docker load"
"docker load" validates parent links by comparing image histories, and the
History struct has a time.Time member "Created". Time.UnmarshalJSON can read
RFC3339 timestamps with offset "+00:00", but t.MarshalJSON writes them with
offset "Z". Equivalent times in these two formats are not equal when compared
with the == operator.

This causes checkValidParent to incorrectly return false when the parent image
history contains times using offset "+00:00". In that case the history copied
to the child image will have been converted into "Z" form when marshaled out.

This patch adds an "Equal" method to History, which compares "Created" times
with t.Equal. This is used instead of reflect.DeepEqual in checkValidParent.

Signed-off-by: Rob Cowsill <42620235+rcowsill@users.noreply.github.com>
2021-01-21 22:04:23 +00:00
Chris Price
c21a3cf432 Add variant to image.Image and legacy builder
This commit adds the image variant to the image.(Image) type and
updates related functionality. Images built from another will
inherit the OS, architecture and variant.

Note that if a base image does not specify an architecture, the
local machine's architecture is used for inherited images. On the
other hand, the variant is set equal to the parent image's variant,
even when the parent image's variant is unset.

The legacy builder is also updated to allow the user to specify
a '--platform' argument on the command line when creating an image
FROM scratch. A complete platform specification, including variant,
is supported. The built image will include the variant, as will any
derived images.

Signed-off-by: Chris Price <chris.price@docker.com>
2019-09-24 22:18:16 +00:00
Sebastiaan van Stijn
d78b667af6
govet: suppress warning about Parent field that repeated json tag "parent"
```
image/image.go:65:2: structtag: struct field Parent repeats json tag "parent" also at image.go:39 (govet)
	Parent     ID        `json:"parent,omitempty"`
```

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-09-18 12:57:40 +02:00
Sebastiaan van Stijn
07ff4f1de8
goimports: fix imports
Format the source according to latest goimports.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-09-18 12:56:54 +02:00
John Howard
20833b06a0 Windows: (WCOW) Generate OCI spec that remote runtime can escape
Signed-off-by: John Howard <jhoward@microsoft.com>

Also fixes https://github.com/moby/moby/issues/22874

This commit is a pre-requisite to moving moby/moby on Windows to using
Containerd for its runtime.

The reason for this is that the interface between moby and containerd
for the runtime is an OCI spec which must be unambigious.

It is the responsibility of the runtime (runhcs in the case of
containerd on Windows) to ensure that arguments are escaped prior
to calling into HCS and onwards to the Win32 CreateProcess call.

Previously, the builder was always escaping arguments which has
led to several bugs in moby. Because the local runtime in
libcontainerd had context of whether or not arguments were escaped,
it was possible to hack around in daemon/oci_windows.go with
knowledge of the context of the call (from builder or not).

With a remote runtime, this is not possible as there's rightly
no context of the caller passed across in the OCI spec. Put another
way, as I put above, the OCI spec must be unambigious.

The other previous limitation (which leads to various subtle bugs)
is that moby is coded entirely from a Linux-centric point of view.

Unfortunately, Windows != Linux. Windows CreateProcess uses a
command line, not an array of arguments. And it has very specific
rules about how to escape a command line. Some interesting reading
links about this are:

https://blogs.msdn.microsoft.com/twistylittlepassagesallalike/2011/04/23/everyone-quotes-command-line-arguments-the-wrong-way/
https://stackoverflow.com/questions/31838469/how-do-i-convert-argv-to-lpcommandline-parameter-of-createprocess
https://docs.microsoft.com/en-us/cpp/cpp/parsing-cpp-command-line-arguments?view=vs-2017

For this reason, the OCI spec has recently been updated to cater
for more natural syntax by including a CommandLine option in
Process.

What does this commit do?

Primary objective is to ensure that the built OCI spec is unambigious.

It changes the builder so that `ArgsEscaped` as commited in a
layer is only controlled by the use of CMD or ENTRYPOINT.

Subsequently, when calling in to create a container from the builder,
if follows a different path to both `docker run` and `docker create`
using the added `ContainerCreateIgnoreImagesArgsEscaped`. This allows
a RUN from the builder to control how to escape in the OCI spec.

It changes the builder so that when shell form is used for RUN,
CMD or ENTRYPOINT, it builds (for WCOW) a more natural command line
using the original as put by the user in the dockerfile, not
the parsed version as a set of args which loses fidelity.
This command line is put into args[0] and `ArgsEscaped` is set
to true for CMD or ENTRYPOINT. A RUN statement does not commit
`ArgsEscaped` to the commited layer regardless or whether shell
or exec form were used.
2019-03-12 18:41:55 -07:00
Dennis Chen
92b17b10ba Dockerbuilder: use the arch info from base image
Currently we hardcode the architecture to the `runtime.GOARCH` when
building a docker image, this will result in a confusing info if the
arch in the base image is different from the one on the host.

This PR takes use of the arch data from the base image during the build
process, thus we can get consistent arch info between the base image
and the finally built image.

Signed-off-by: Dennis Chen <dennis.chen@arm.com>
2018-04-09 10:40:21 +00:00
Daniel Nephin
4f0d95fa6e Add canonical import comment
Signed-off-by: Daniel Nephin <dnephin@docker.com>
2018-02-05 16:51:57 -05:00
John Howard
0380fbff37 LCOW: API: Add platform to /images/create and /build
Signed-off-by: John Howard <jhoward@microsoft.com>

This PR has the API changes described in https://github.com/moby/moby/issues/34617.
Specifically, it adds an HTTP header "X-Requested-Platform" which is a JSON-encoded
OCI Image-spec `Platform` structure.

In addition, it renames (almost all) uses of a string variable platform (and associated)
methods/functions to os. This makes it much clearer to disambiguate with the swarm
"platform" which is really os/arch. This is a stepping stone to getting the daemon towards
fully multi-platform/arch-aware, and makes it clear when "operating system" is being
referred to rather than "platform" which is misleadingly used - sometimes in the swarm
meaning, but more often as just the operating system.
2017-10-06 11:44:18 -07:00
Daniel Nephin
b50ade0bfb Fix multiple copy from
Signed-off-by: Daniel Nephin <dnephin@docker.com>
2017-07-12 12:36:03 -04:00
John Howard
8f53780694 LCOW: commit to use image platform, not host
Signed-off-by: John Howard <jhoward@microsoft.com>
2017-06-20 19:49:52 -07:00
John Howard
6c33684987 LCOW: Add platform to image store
Signed-off-by: John Howard <jhoward@microsoft.com>
2017-06-20 19:49:51 -07:00
Daniel Nephin
5136096520 Fix copy when used with scratch and images with empty RootFS
Commit the rwLayer to get the correct DiffID
Refacator copy in thebuilder
move more code into exportImage
cleanup some windows tests
Release the newly commited layer.
Set the imageID on the buildStage after exporting a new image.
Move archiver to BuildManager.
Have ReleaseableLayer.Commit return a layer
and store the Image from exportImage in the local imageSources cache
Remove NewChild from image interface.

Signed-off-by: Daniel Nephin <dnephin@docker.com>
2017-06-08 15:07:16 -04:00
Daniel Nephin
bd5f92d263 Remove CopyOnBuild from the daemon.
Add CreateImage() to the daemon
Refactor daemon.Comit() and expose a Image.NewChild()
Update copy to use IDMappings.

Signed-off-by: Daniel Nephin <dnephin@docker.com>
2017-06-08 15:06:54 -04:00
harche
5e1349e083 Fixing a typo in spelling
Wrong tense used in a sentence

Signed-off-by: Harshal Patil <harshal.patil@in.ibm.com>
2017-03-30 14:31:45 +05:30
Stephen J Day
7a85579917
*: use opencontainers/go-digest package
The `digest` data type, used throughout docker for image verification
and identity, has been broken out into `opencontainers/go-digest`. This
PR updates the dependencies and moves uses over to the new type.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2017-01-06 18:48:41 -08:00
yuexiao-wang
b2ec509a3f Fix incorrect info and format of error in image
Signed-off-by: yuexiao-wang <wang.yuexiao@zte.com.cn>
2016-12-20 18:20:15 +08:00
Tonis Tiigi
805223982c Generalize content addressable and reference storage
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2016-09-15 18:08:19 -07:00
Michael Crosby
91e197d614 Add engine-api types to docker
This moves the types for the `engine-api` repo to the existing types
package.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-09-07 11:05:58 -07:00
John Starks
194eaa5c0f Add os_version and os_features to Image
These fields are needed to specify the exact version of Windows that an
image can run on. They may be useful for other platforms in the future.

This also changes image.store.Create to validate that the loaded image is
supported on the current machine. This change affects Linux as well, since
it now validates the architecture and OS fields.

Signed-off-by: John Starks <jostarks@microsoft.com>
2016-04-04 13:14:57 -07:00
allencloud
bbeb859b64 fix typos
Signed-off-by: allencloud <allen.sun@daocloud.io>
2016-03-11 23:22:16 +08:00
Lei Jitang
fae09e2569 Add progress bar to docker load
Signed-off-by: Lei Jitang <leijitang@huawei.com>
2016-02-05 02:24:23 -05:00
Anusha Ragunathan
9c332b164f Remove package daemonbuilder.
Currently, daemonbuilder package (part of daemon) implemented the
builder backend. However, it was a very thin wrapper around daemon
methods and caused an implementation dependency for api/server build
endpoint. api/server buildrouter should only know about the backend
implementing the /build API endpoint.

Removing daemonbuilder involved moving build specific methods to
respective files in the daemon, where they fit naturally.

Signed-off-by: Anusha Ragunathan <anusha@docker.com>
2016-02-01 09:57:38 -08:00
David Calavera
907407d0b2 Modify import paths to point to the new engine-api package.
Signed-off-by: David Calavera <david.calavera@gmail.com>
2016-01-06 19:48:59 -05:00
David Calavera
7ac4232e70 Move Config and HostConfig from runconfig to types/container.
- Make the API client library completely standalone.
- Move windows partition isolation detection to the client, so the
  driver doesn't use external types.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2015-12-22 13:34:30 -05:00
Justas Brazauskas
927b334ebf Fix typos found across repository
Signed-off-by: Justas Brazauskas <brazauskasjustas@gmail.com>
2015-12-13 18:04:12 +02:00
Tonis Tiigi
01ba0a935b Add image store
The image store abstracts image handling. It keeps track of the
available images, and makes it possible to delete existing images or
register new ones. The image store holds references to the underlying
layers for each image.

The image/v1 package provides compatibility functions for interoperating
with older (non-content-addressable) image structures.

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2015-11-24 09:40:24 -08:00
Tonis Tiigi
504e67b867 Calculate hash based image IDs on pull
Generate a hash chain involving the image configuration, layer digests,
and parent image hashes. Use the digests to compute IDs for each image
in a manifest, instead of using the remotely specified IDs.

To avoid breaking users' caches, check for images already in the graph
under old IDs, and avoid repulling an image if the version on disk under
the legacy ID ends up with the same digest that was computed from the
manifest for that image.

When a calculated ID already exists in the graph but can't be verified,
continue trying SHA256(digest) until a suitable ID is found.

"save" and "load" are not changed to use a similar scheme. "load" will
preserve the IDs present in the tar file.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-10-12 10:51:28 -07:00
Srini Brahmaroutu
da0ca83377 Adding error codes to image package
Signed-off-by: Srini Brahmaroutu <srbrahma@us.ibm.com>
2015-09-23 17:03:37 +00:00
root
b061572916 /image - fix lint errors/warnings
Addresses #14756
Signed-off-by: Srini Brahmaroutu <srbrahma@us.ibm.com>
2015-07-27 05:40:57 +00:00
John Howard
9001ea26e7 Fixing Image struct to no longer use Graph.
Signed-off-by:  John Howard <jhoward@microsoft.com>
2015-07-20 13:59:53 -07:00
John Howard
52f4d09ffb Windows: Graph driver implementation
Signed-off-by: John Howard <jhoward@microsoft.com>
2015-07-10 14:33:11 -07:00
Derek McGowan
2b58b677a5 Separate graph from image
Move graph related functions in image to graph package.
Consolidating graph functionality is the first step in refactoring graph into an image store model.
Subsequent refactors will involve breaking up graph into multiple types with a strongly defined interface.

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2015-06-05 18:06:09 -07:00
unclejack
8f57e7d2ef image: precompile regexp
Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com>
2015-05-13 21:47:43 +03:00
John Howard
1c3b697d60 Windows: Fix filepath vs path in image.go
Signed-off-by: John Howard <jhoward@microsoft.com>
2015-05-04 16:23:17 -07:00
Antonio Murdaca
844538142d Small if err cleaning
Signed-off-by: Antonio Murdaca <me@runcom.ninja>
2015-04-27 21:50:33 +02:00
Antonio Murdaca
c30a55f14d Refactor utils/utils, fixes #11923
Signed-off-by: Antonio Murdaca <me@runcom.ninja>
2015-04-14 01:37:36 +02:00
Mabin
d5ea4bae4a when the file that was opened has been read into buffer, the file should be close.
Signed-off-by: Mabin <bin.ma@huawei.com>
2015-02-27 19:09:17 +08:00
Josh Hawn
3414307306 Remove Checksum field from image.Image struct
The checksum is now being stored in a separate file beside the image
JSON file.

Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
2015-01-30 09:37:50 -08:00
Derek McGowan
e9f6f1a930 Store tar checksum in separate file
Fixes #10432

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2015-01-29 21:28:20 -08:00
Josh Hawn
e636df8d96 No longer compute checksum when installing images.
While checksums are verified when a layer is pulled from v2 registries,
there are known issues where the checksum may change when the layer diff
is computed again. To avoid these issues, the checksum should no longer
be computed and stored until after it has been extracted to the docker
storage driver. The checksums are instead computed lazily before they
are pushed to a v2 registry.

Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
2015-01-29 13:52:59 -08:00
Arnaud Porterie
bfa0dc47da Merge pull request #10305 from jlhawn/use_tarsum_v1
Always store images with tarsum.v1 checksum added
2015-01-26 14:42:07 -08:00
Jessica Frazelle
c49cd3d2a5 Make debugs logs suck less.
Docker-DCO-1.1-Signed-off-by: Jessica Frazelle <jess@docker.com> (github: jfrazelle)
2015-01-23 13:20:29 -08:00