this code was added for pulling directly from an OSTree repository. It
wasn't never really used and it expects the image to be fully exploded
in an ostree commit without supporting OCI layers.
Dropping this part also avoid confusion with what we do with Skopeo
where "ostree:" is supported both as source and destination.
Closes: https://github.com/projectatomic/atomic/issues/1193
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1197
Approved by: rhatdan
it allows to select a different OCI runtime to use with atomic run.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1196
Approved by: rhatdan
which is now available as 'docker' in PyPI and as a `python{2,3}-docker`
in Fedora.
Signed-off-by: Tomas Tomecek <ttomecek@redhat.com>
Closes: #902
Approved by: rhatdan
we use hard links now by default when copying files to /usr, allow a
way to override this behavior through the manifest file.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1163
Approved by: peterbaouoft
If specified, pull the latest version for all the images in a
storage.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1136
Approved by: baude
atomic run has some more features compared to a raw "$RUNTIME exec",
like the possibility to run a command for a service which is not started
yet. Expose $ATOMIC as well during the installation so that a container
can more easily build a wrapper script for files inside the container.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1141
Approved by: baude
Not fully qualified images are ambiguous in the ostree reference as
internally e.g. docker.io/busybox and busybox are stored as two
separate references. Suggest the user to use a fully qualified name
to avoid the ambiguosity.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1124
Approved by: peterbaouoft
This might not be the best place to add this information, but it is a
starting point to get it documented.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1121
Approved by: baude
In the case of some scanners, they generate a script to remediate the
images|containers they have scanned. We needed to provide a hook
for this ability. We now read the scanner's configuration file looking
for a "remediation_script" key, whose value should be a fq path to the
remediation script. The remediation script should be delivered via
the scanning image via atomic install.
As of now, we pass the id of the scanned object and its results directory
as named arguments to the remediation script.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #1090
Approved by: baude
Commissaire project has halted development. Remove the integration
points so as not to accumulate cruft in the "atomic" subcommands.
Closes: #1046
Approved by: rhatdan
This commit enables scanning images and containers
for configuration compliance with security profiles
provided by SCAP Security Guide.
Note: This feature requires latest OpenSCAP Daemon from upstream
installed in the underlying "rhel7/openscap" container.
Closes: #1027
Approved by: baude
There were two primary cases where a secondary atomic run with a command
would trigger an exception. The first was reported in
https://github.com/projectatomic/atomic/issues/1006. Basically it can
be summarized as:
```
atomic run registry.fedoraproject.org/fedora:25 date # works fine
atomic run registry.fedoraproject.org/fedora:26 date # tries to run in the existing f25 container
```
The second case is as simple as:
```
atomic run registry.fedoraproject.org/fedora:25 date # works fine
atomic run registry.fedoraproject.org/fedora:25 date # fails
```
This fails because atomic starts the stopped f25 container and then attempts a docker exec. The
exec fails because the 'date' command is short-lived and the container exits prior to the exec
being run.
We now catch those exceptions and notify the user. We added a `--replace` option to run where
atomic will now delete the container in question and re-run it from the correct image.
Closes: #1019
Approved by: baude
Added an --anonymous switch to the push command to allow users
to push anonymously without having to be prompted for a username
and password.
Closes: #964
Approved by: rhatdan
If HTTP[S]_PROXY is defined, honor it in python requests usage
as well as pass it on to skopeo.
If http[s]_proxy is defined in atomic.conf, use it; however, environment
variables will override these if defined.
Added --insecure to Atomic push so the user can override the logic
(or lack thereof) around deducing if a registry is insecure. Also
needed for integration tests.
Closes: #964
Approved by: rhatdan
Drop the hidden option ---generate-rpm in favor of --system-package.
The new option controls how a system container is installed to the host:
--generate-rpm=build build the rpm file without installing it.
--generate-rpm=yes build the rpm and install it, the rpm is deleted.
--generate-rpm=no do not attempt to build and install an rpm file.
--generate-rpm=auto install the rpm only if a .spec file is defined in
the image. This is the default.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #767
Approved by: rhatdan
Change the format of "Created" for images to match containers,
fix filtering for partial keywords, and update auto-complete
and man pages.
Signed-off-by: Yu Qi Zhang <jerzhang@redhat.com>
Closes: #923
Approved by: giuseppe
BZ #1422448 actually points out one regression and one
bug related to atomic stop. The BZ itself points out
a TypeError exception in the code when trying to glue
together a python list and str.
Then the atomic stop command was failling in the case where a
STOP label was defined and it uses the variable $NAME resulting
in a subprocess exception.
The self.name variable was not being set by set_args after
refactoring occured. Ideally, this should all be moved
into the image|container object handling but for now we
just handle it in set_args.
Also added a test in test_display to catch any future
regressions.
Closes: #899
Approved by: rhatdan
Refactor the uninstall class to use the backends, container and image
objects.
Add --display so one can run atomic uninstall --display <image>
and see what the outcome would be. This will be helpful in integration
testing and was discussed in BZ https://bugzilla.redhat.com/show_bug.cgi?id=1248038.
Add --storage option so users can dictate priority when uninstalling
an image. This also mimics the newest install class as well.
Closes: #888
Approved by: giuseppe
To have parity function with pull, we need to add --storage
to install and run. This allows for overriding when atomic.type
is defined. For example, if you pull an image that has
atomic.type=system but you really want to store it
on the docker backend.
Closes: #861
Approved by: baude
Refactor:
`atomic update`
`atomic update --container`
`atomic update --container --rollback`
To:
`atomic images update`
`atomic containers update`
`atomic containers rollback`
And update corresponding tests, docs and auto-complete. Much like
other image commands (info, verify), the base verb is hidden but
still available for use.
Move update functionality from atomic.py to update.py, and use
new backendutils to abstract.
Signed-off-by: Yu Qi Zhang <jerzhang@redhat.com>
Closes: #773
Approved by: rhatdan
This patch will allow user to specify the graphdriver on atomic reset
If /var/lib/docker or /var/lib/docker-latest is the only thing installed
it will reset the correct path. If both exists or the user as chosen
a different location, the --graph option must be specified.
Closes: #745
Approved by: rhatdan
Using our refactoring model, verify is now streamlined. We no longer
compare base images as that is not currently possible for both
V1 and V2 schemas.
Verify will now always look at the release and version labels for
comparison. Should those labels not exist, it will use the
manifest digest for ostree; and it will use the image IDs for
docker.
Closes: #785
Approved by: rhatdan
