| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
E713 test for membership should be 'not in'
Signed-off-by: Radostin Stoyanov <rstoyanov1@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
When `skopeo inspect --raw docker://feodra` is used the returned
manifest content contains a list with manifests for specific
platforms [1] rather than a list with layers.
By using `skopeo inpect docker://fedora` the correct manifest
content is retrieved and a list with layers is provided. In addition,
skopeo handles the difference between schemaVersion 1 and 2.
[1] https://docs.docker.com/registry/spec/manifest-v2-2/#manifest-list-field-descriptions
|
| |
|
|
|
|
|
| |
The `skopeo copy` command has changed it's behaviour to keep only a files for
single container image per directory. To get around this and keep cache of
downloaded images is used temporary destination directory for 'skopeo copy'
and image files are then moved in the cache folder.
|
| |
|
|
| |
Show appropriate error message when skopeo is not installed.
|
| |
|
|
|
| |
Show appropriate error message when the python bindings for
libguestfs are not installed.
|
| |
|
|
|
| |
Add utility function to check whether an executable is available in
the PATH env variable.
|
| | |
|
| |
|
|
|
|
| |
Since python3 strings are already Unicode-capable, there have no
decode() function. Libguestfs content strings can be either python 2
or 3 strings, only decode them to utf-8 for python2.
|
| |
|
|
|
|
|
|
|
| |
The current code was trying to save time by adding all drives to the
guestfs handle and launch the instance from it. However, this doesn't
fly since backing chain images would be used more than once.
To bad for performance, but sticking to one layer per guestfs launch
is safer and gets the tests to the pass.
|
| | |
|
| |
|
|
|
|
| |
These documentation can be seen using:
$ pydoc virtBootstrap
|
| |
|
|
|
| |
Show warning message and don't allow ownership mapping for non-root
user when the output format is 'dir'.
|
| |
|
|
|
|
|
|
|
| |
The default source code encoding in Python2.* is ASCII (PEP 263 [1])
and in Python3.* is UTF-8 (PEP 3120 [2]). Define the encoding on top
of each file for consistency.
[1] https://www.python.org/dev/peps/pep-0263/
[2] https://www.python.org/dev/peps/pep-3120/
|
| |
|
|
|
| |
Allow the user to specify path for temporary directory used by
virt-bootstrap using the `VIRTBOOTSTRAP_TMPDIR` environment variable.
|
| |
|
|
| |
Use more general description for source URI.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add implementation for virt-builder source which aims to create
container root file system from VM image build with virt-builder.
Usage examples:
$ virt-bootstrap virt-builder://fedora-25 /tmp/foo
$ virt-bootstrap virt-builder://ubuntu-16.04 /tmp/bar --root-password secret
$ virt-bootstrap virt-builder://fedora-25 /tmp/foo -f qcow2 --idmap 0:1000:10
$ sudo virt-bootstrap virt-builder://fedora-25 /tmp/foo --idmap 0:1000:10
Tests are also introduced along with the implementation. They cover
creation of root file system and UID/GID mapping for 'dir' and 'qcow2'
output format by mocking the build_image() method to avoid the time
consuming call to virt-builder which might also require network
connection with function which creates dummy disk image.
Setting root password is handled by virt-builder and hence the
introduced test only ensures that the password string is passed
correctly.
|
| |
|
|
|
|
|
|
| |
Use the python bindings of libguestfs to create additional qcow2 image
which has as backing file the last layer (layer-0.qcow2 for FileSource)
and insert hashed value of given root password in the /etc/shadow file.
Note: This additional qcow2 image is also used to apply UID/GID map.
|
| |
|
|
|
|
|
|
|
|
|
| |
Apply ownership mapping in qcow2 images using libguestfs python
bindings. To make this solution more general we introduce function
guestfs_walk() which will return the root file system tree of disk
image along with UID/GID values.
These changes are applied in additional qcow2 disk image using the
last layer as backing file. For FileSource this is layer-1.qcow2
with backing file layer-0.qcow2.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Use the python bindings of libguestfs to create qcow2 image with
backing chains to mimic the layers of container image.
This commit also changes the behavior of FileSource when 'qcow2'
output format is used. Now the string layer-0.qcow2 will be used
as name of the output file.
This change is applied in the test suite as an update to the function
get_image_path().
|
| | |
|
| |
|
|
|
| |
Make the code for setting password hash in the content of shadow file
reusable and hence can be used with qcow2 output format.
|
| |
|
|
|
|
|
|
| |
Resolve an issue when only uid_map or only gid_map is specified.
We set the default values to None. However, `len(None)` will raise
an exception. To avoid this we need to set the default values to
[] (empty list).
|
| |
|
|
|
|
| |
Split the function mapping_uid_gid in two parts so that the code which
makes both lists map_uid and map_gid with equal length can be
reused.
|
| |
|
|
|
| |
Move the functions implementing UID/GID mapping in the utils module
and hence they can be reused with qcow2 output format.
|
| |
|
|
|
| |
Take out the code for getting compression type of tarball
in separate function.
|
| |
|
|
|
|
|
| |
Docker registry with Manifest v1 does not require the size of layers to
be included. However, when this information is not provided we can use
os.path.getsize() to get and show the size of tarball. We can also
use this function for FileSource to provide consistent output messages.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The current implementation store in one list:
- checksum
- checksum type
- file path
- file size
However, the information about checksum and checksum type is only used
to verify the content of tarball before it is being extracted. Splitting
these into separate lists would allow us to reuse the function
untar_layers() with FileSource.
|
| |
|
|
|
| |
This aims to fix the warning of Python3:
ResourceWarning: unclosed file <_io.BufferedReader name=3>
|
| |
|
|
|
|
| |
Specify unique name when creating Libvirt domain with virt-sandbox.
Otherwise the default name "sandbox" will be used and this might result
in collision with another instance of virt-bootstrap.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add "--overwrite" to enforce the overwrite of existing files.
Add the flag "--absolute-names" to disable the strip of leading '/'s
This is used to get around the error "Cannot open:Permission denied"
which occurs when the qemu driver is used by virt-sandbox. It is used
for unprivileged users to create isolated environment in which tar is
executed to extract the content from container image layers.
In particular this error occurs when the tar archive contains symbolic
link which has target path starting with '/'.
Steps to reproduce:
$ mkdir /tmp/foo
$ cd /tmp/foo
$ touch file
$ ln -s /tmp/foo/file link
$ tar -cf archive.tar link
$ mkdir /tmp/foo/dest
$ virt-sandbox -c qemu:///session \
-m host-bind:/mnt=/tmp/foo/dest \
-- /bin/tar xf /tmp/foo/archive.tar -C /mnt
Error message:
tar: link: Cannot open: Permission denied
tar: Exiting with failure status due to previous errors
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Improve readability by spliting the 'sources' module into separate
files. Each file contains only one class.
In addition update the mock statements in the unit tests to match these
changes.
Add recursive-include in MANIFEST.in to include virtBootstrap.sources
module.
Update the unit tests to match these changes.
|
| |
|
|
|
| |
Reduce the number of import statements and improve readability.
Update the unit tests to match these changes.
|
| | |
|
| | |
|
| |
|
|
|
| |
For containers bootstrapped in qcow2 format use the tool 'virt-edit'
to insert the hashed root password in the shadow file of the last layer
|
| |
|
|
|
| |
The first argument of CalledProcessError() must be the returncode not
the command.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When downloading image with multiple layers, the download progress
value of every following layer should not start from 0.
If we have 10 layers, downloading each of them should increase the
total download progress by 10%.
Assuming that the download and extraction are 50/50 of the total work.
Then, downloading each of 10 layers will increase the progress value
with 5% of the total work.
When all layers are downloaded the progress value should be 50%.
However, with the current formula the progress value of each layer
starts from 0%.
(E.g. when downloading 2nd layer of 10 the download progress starts
from 0% instead of 5%.)
This bug can be seen when downloading images with multiple layers of
large size.
Example:
virt-bootstrap docker://rails /tmp/foo --status-only
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When Libvirt creates LXC container with enabled user namespace the
ownership of files in the container should be mapped to the specified
target UID/GID.
The implementation of the mapping is inspired by the tool uidmapshift:
http://bazaar.launchpad.net/%7Eserge-hallyn/+junk/nsexec/view/head:/uidmapshift.c
Mapping values can be specified with the flags:
--idmap Map both UIDs/GIDs
--uidmap Map UIDs
--gidmap Map GIDs
Each of these flags can be specified multiple times.
Example:
virt-bootstrap docker://fedora /tmp/foo --uidmap 0:1000:10 --gidmap 0:1000:10
Will map the ownership of files with UIDs/GIDs: 0-9 to 1000-1009
The same result can be achived with:
virt-bootstrap docker://fedora /tmp/foo --idmap 0:1000:10
Multiple mapping values can be specified as follows:
virt_bootstrap.py docker://ubuntu /tmp/foo --idmap 0:1000:10 --idmap 500:1500:10
This will map the UID/GIDs: 0-9 to 1000-1009 and 500-509 to 1500-1509
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
These changes aim to avoid the requirement for root privileges when
setting the password of root user on root file system.
The "-R, --root" flag of chpasswd is using chroot to apply changes in
root file system and this requires root privileges. [1]
Instead compute hash of the root password using passlib [2] and insert
the value in the /etc/shadow file in the rootfs.
[1] https://en.wikipedia.org/wiki/Chroot#Limitations
[2] http://passlib.readthedocs.io/en/stable/lib/passlib.hosts.html
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Handle differences between version 1 and 2 of the Manifest file for
Docker registry.
Layers' blob sums in v1 are stored in a list "fsLayers" and the digest
is stored in following filed with name "blobSum". [1]
In v2 the layer list is stored in field with name "layers" and
ordered starting from the base image (opposite order of v1). The digest
is stored under a following field with name "digest". The size in bytes
is included in a field with name "size". [2]
[1] https://docs.docker.com/registry/spec/manifest-v2-1/#manifest-field-descriptions
[2] https://docs.docker.com/registry/spec/manifest-v2-2/#image-manifest-field-descriptions
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Encoded Unicode in Python 3 is represented as binary data. The
difference with Python2 is that any attempt to mix text and data in
Python 3.0 raises TypeError, whereas if you were to mix Unicode and
8-bit strings in Python 2.x, it would work if the 8-bit string happened
to contain only 7-bit (ASCII) bytes, but you would get
UnicodeDecodeError if it contained non-ASCII values.
Reference:
https://docs.python.org/release/3.0.1/whatsnew/3.0.html#text-vs-data-instead-of-unicode-vs-8-bit
Example:
Python 2:
>>> b'foo.bar'.split('.')
['foo', 'bar']
Python 3:
>>> b'foo.bar'.split('.')
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
TypeError: a bytes-like object is required, not 'str'
>>> b'foo.bar'.split(b'.')
[b'foo', b'bar']
|
| |
|
|
|
| |
Perform additional check of the input to avoid unexpected behaviour
when string is passed instead of list or a list with short length.
|
| |
|
|
|
|
|
|
|
| |
This change aims to convert URI:
docker:///repository/my_image/
to:
docker://repository/my_image
|
| |
|
|
| |
This change makes it easier to test the code.
|
| |
|
|
| |
This change makes it easier to test the code.
|
| | |
|
