In code paths with Python 3, when dealing with remote registries,
we find that under certain conditions values are set as bytes which
need to be encoded/decoded to work properly with things like json
and ord().
Closes: #747
Approved by: rhatdan
When walking the layers of an image in atomic verify, we need to be sure
we use a fq image name when probing. In cases where the tagging includes
a non-fq image name, we were not. This resolves Bugzilla 1377952.
Closes: #744
Approved by: baude
When using the dbus interface to perform a scan, self.options
was being set to None. This tripped a condition with the
setting of args where it could not be iterated. We now ensure
self.options is not None prior to the iteration.
Closes: #743
Approved by: rhatdan
The previous change where we removed the tag from the write
file location impacted the signing because the tag was also
being omitted. This ensures the tag is omitted from the file
path but included in the call skopeo standalone-sign.
Closes: #741
Approved by: rhatdan
The manifests produced by Atomic were incorrect resulting in
an incorrect hash being used to sign. This also resulted in
the signature path being incorrect. Contributing to the failure
was the json serialization which is now not used.
Closes: #737
Approved by: rhatdan
Rename atomic_client to atomic_dbus_client, so it is easier to understand.
Cleanup a couple of errors causin dbus to break.
Closes: #732
Approved by: rhatdan
1. Decode gpg2 output as UTF-8.
2. Use startswith() and require ':' to be more strict.
3. Handle older gpg2 outputs in which the User-ID is part of the 'pub'
line.
Closes: #724
Approved by: rhatdan
older gobject-introspection versions convert these objects to an array
instead of a dictionary. Add a workaround for both versions of it.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #724
Approved by: rhatdan
When determining if a registry name is a registry name, you have to strip
the port or it will fail. For example:
```
python -c 'from Atomic.util import Decompose; print(Decompose("localhost:5000/somethingibuilt:latest").all)'
('', 'localhost:5000', 'somethingibuilt', 'latest', '')
```
Note how the localhost:5000 ends up in the repo "field". With this fix:
```
python -c 'from Atomic.util import Decompose; print(Decompose("localhost:5000/somethingibuilt:latest").all)'
('localhost:5000', '', 'somethingibuilt', 'latest', '')
```
Now ends up in the registry field.
Closes: #729
Approved by: baude
In cases where the input name is not fully-qualified and
the local image is tagged more than once, we iterate repotags
in an attempt to figure out the fq name. If this fails, we
raise a ValueError like before.
Closes: #718
Approved by: rhatdan
Add an optional --storage flag to the following commands:
- images delete
- info
- mount
- verify
- version
If specified, the command will only look at the specified storage
(ostree/docker) for the image to perform the action. If not
specified, the command will look through both ostree/docker for
the image (as it was before). However, if the storage is not
specified and the image exists in both ostree and docker, the
command will error and prompt the user to specify. Image inspection
also no longer forces the user to delete/rename one or the other.
This is meant to address the duplicate naming issue (where a user
can have an image in both ostree and docker with the same name).
Signed-off-by: Yu Qi Zhang <jerzhang@redhat.com>
Closes: #720
Approved by: giuseppe
Several long-term issues existed for verify including some
munging of information between layers under certain
conditions. This PR addresses these issues by simplifying
the way things are to be inspected.
Example output as follows:
```
$ atomic verify docker.io/library/busybox
$ atomic verify docker.io/ubuntu
docker.io/ubuntu:latest contains the following images:
NAME LOCAL VERSION REMOTE VERSION DIFFERS
docker.io/ubuntu:latest 44776f55294a30e89d6a f753707788c5c100f194 Yes
registry.access.redhat.com/rhel7/rsyslog:latest contains the following images:
NAME LOCAL VERSION REMOTE VERSION DIFFERS
rhel7/rsyslog rhel7/rsyslog-7.2-21 rhel7/rsyslog-7.2-29 Yes
rhel7/rhel rhel7/rhel-7.2-56 rhel7/rhel-7.2-104 Yes
$
```
Closes: #714
Approved by: baude
also now "version" returns None instead of raising an exception when
the Docker daemon cannot be reached. This is needed so that atomic
can work without a docker daemon as well.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #711
Approved by: rhatdan
The atomic image version subcommand was broken. Among the issues
was it called the wrong method, attempted to obtain the image
if not locally present, and outputted incorrect information. Some
of the problems were described in:
https://github.com/projectatomic/atomic/issues/708
The version method has been redone to obtain the correct information. It
no longer attempts to obtain the image if not present. It raises an
error.
Also, moved the version method into info and performed a pep8 clean up.
Example output now appears like:
```
atomic --debug version -r docker.io/busybox
IMAGE NAME VERSION IMAGE ID
10.3.11.254:5000/baude/busybox:latest None e02e811dd08f
Tag: docker.io/busybox:latest
Tag: localhost:5000/busybox:latest
atomic --debug version -r registry.access.redhat.com/rhel7/rsyslog
IMAGE NAME VERSION IMAGE ID
registry.access.redhat.com/rhel7/rsyslog:latest rhel7/rsyslog-7.2-21 53f20e902da7
registry.access.redhat.com/rhel7.2:7.2-56 rhel7/rhel-7.2-56 1a9b3357bac5
```
Closes: #710
Approved by: baude
