In order to cleanup code and simplify interface, i
move help, info, verify and version to the images subcommand.
Remove man pages for these atomic commands and add info to images subcommand.
Since these have been previously documented we will continue to support
atomic help
atomic info
atomic verify
atomic version
But we will not document them.
Closes: #676
Approved by: rhatdan
Add two classes and several new methods for inspecting
registries and images. These methods are helpful
for:
* taking user input (i.e. image names, partial image names) and determining
the fully qualified names.
* determining the fq name when the registry is omitted by the user.
* obtaining image manifests
* mimicing skopeo inspect
Closes: #687
Approved by: baude
they are part of the class SystemContainers, do not repeat
system_container in the name.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #683
Approved by: rhatdan
Raise an error if there are more images matching the same prefix.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #683
Approved by: rhatdan
Image names are stored differently in ostree, and thus cannot be
directly used as we used to.
Signed-off-by: Yu Qi Zhang <jerzhang@redhat.com>
Closes: #681
Approved by: rhatdan
Colleagues asked for decompose to be improved to where it took
an image name and broke it into registry, repo, image, and tag.
It also should mimic docker's implementation where 'library' is a known
exception
Also added unittests for decompose. Removed a singular glob test
as it is no longer valid
Closes: #677
Approved by: rhatdan
Save labels from docker manifest into ostree, so when a user invokes
'atomic version' on a system image, the metadata info is displayed,
same as docker images.
Signed-off-by: Yu Qi Zhang <jerzhang@redhat.com>
Closes: #679
Approved by: giuseppe
If the image Id is specified, look it up in the available images
metadata.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #680
Approved by: rhatdan
We need to default the gnukeyring to the users login directory. To
make it easier for the user.
Also add bash completions for -g option
Closes: #671
Approved by: rhatdan
Add missing interfaces.
Fix functions to return text, rather then displaying directly.
Change atomic_client.py to take input from command line. These args are translated into function calls in python.
Add tests scripts in tests/integration/dbus directory
Closes: #668
Approved by: rhatdan
Because we only intend atomic sign to create local signatures
of remote images, all input image names must have a registry
or we now fail.
Closes: #673
Approved by: rhatdan
Atomic update and install now use skopeo for pulling images
from registries. This allows us to enforce signature policies
as part of pull and update operations.
Closes: #672
Approved by: rhatdan
older versions of atomic stored OSTree refs without any encoding.
Delete refs with the wrong encoding as they are not usable anyway.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #665
Approved by: rhatdan
libarchive[1] does not handle xattrs found in the PAX extended header.
In such cases, fallback to extract the tarball and after import it
into OSTree.
[1] https://github.com/libarchive/libarchive/pull/691
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #665
Approved by: rhatdan
We need to fully path executables in order for atomic command to
work with any $PATH set.
Basically cron jobs does not include /sbin in PATH.
Closes: #654
Approved by: rhatdan
Wrap atomic run/stop with systemctl start/stop for system
containers. This way the user can directly use the atomic
CLI for the full container cycle. In addition, the equivalent
functionality already exists for docker containers, so it
makes sense to allow system containers to start/stop in a
similar fashion.
Signed-off-by: Yu Qi Zhang <jerzhang@redhat.com>
Closes: #651
Approved by: rhatdan
When a image without a registry is provided as input, i.e.
atomic pull busybox
We are not able to resolve that reference now because we can
no longer depend on docker's algo's for that as we now
use skopeo. Therefore, we now take the input, see if skopeo
inspect can resolve it; and then decompose the fqdn so we
can check if the registry is secure. Had to make a small
change on the return types of util.decompose to ensure
it returns str objects or else it will return unicode in
python2.
Closes: #650
Approved by: rhatdan
store the full image name, registry included, when pulling an image.
Some characters in the url are not usable for the name of an OSTree
ref, so escape them with '_'. This change breaks old images already
pulled.
use "rm -rf /ostree/repo/refs/heads/ociimage" and pull the images
again.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #620
Approved by: cgwalters
Enabling signing and pushing at the same time. At the time of
this writing, we cannot verify that the atomic targets are
working but the code is there. THis is enabled with the
--type atomic switch. Otherwise, signatures are written locally
and the image is pushed.
Closes: #631
Approved by: rhatdan
