mirror of
https://github.com/moby/moby.git
synced 2022-11-09 12:21:53 -05:00
7a9cb29fb9
This enables image lookup when creating a container to fail when the reference exists but it is for the wrong platform. This prevents trying to run an image for the wrong platform, as can be the case with, for example binfmt_misc+qemu. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
228 lines
6.2 KiB
Go
228 lines
6.2 KiB
Go
package images // import "github.com/docker/docker/daemon/images"
|
|
|
|
import (
|
|
"context"
|
|
"io"
|
|
"runtime"
|
|
|
|
"github.com/docker/distribution/reference"
|
|
"github.com/docker/docker/api/types"
|
|
"github.com/docker/docker/api/types/backend"
|
|
"github.com/docker/docker/builder"
|
|
"github.com/docker/docker/image"
|
|
"github.com/docker/docker/layer"
|
|
"github.com/docker/docker/pkg/containerfs"
|
|
"github.com/docker/docker/pkg/stringid"
|
|
"github.com/docker/docker/pkg/system"
|
|
"github.com/docker/docker/registry"
|
|
specs "github.com/opencontainers/image-spec/specs-go/v1"
|
|
"github.com/pkg/errors"
|
|
)
|
|
|
|
type roLayer struct {
|
|
released bool
|
|
layerStore layer.Store
|
|
roLayer layer.Layer
|
|
}
|
|
|
|
func (l *roLayer) DiffID() layer.DiffID {
|
|
if l.roLayer == nil {
|
|
return layer.DigestSHA256EmptyTar
|
|
}
|
|
return l.roLayer.DiffID()
|
|
}
|
|
|
|
func (l *roLayer) Release() error {
|
|
if l.released {
|
|
return nil
|
|
}
|
|
if l.roLayer != nil {
|
|
metadata, err := l.layerStore.Release(l.roLayer)
|
|
layer.LogReleaseMetadata(metadata)
|
|
if err != nil {
|
|
return errors.Wrap(err, "failed to release ROLayer")
|
|
}
|
|
}
|
|
l.roLayer = nil
|
|
l.released = true
|
|
return nil
|
|
}
|
|
|
|
func (l *roLayer) NewRWLayer() (builder.RWLayer, error) {
|
|
var chainID layer.ChainID
|
|
if l.roLayer != nil {
|
|
chainID = l.roLayer.ChainID()
|
|
}
|
|
|
|
mountID := stringid.GenerateRandomID()
|
|
newLayer, err := l.layerStore.CreateRWLayer(mountID, chainID, nil)
|
|
if err != nil {
|
|
return nil, errors.Wrap(err, "failed to create rwlayer")
|
|
}
|
|
|
|
rwLayer := &rwLayer{layerStore: l.layerStore, rwLayer: newLayer}
|
|
|
|
fs, err := newLayer.Mount("")
|
|
if err != nil {
|
|
rwLayer.Release()
|
|
return nil, err
|
|
}
|
|
|
|
rwLayer.fs = fs
|
|
|
|
return rwLayer, nil
|
|
}
|
|
|
|
type rwLayer struct {
|
|
released bool
|
|
layerStore layer.Store
|
|
rwLayer layer.RWLayer
|
|
fs containerfs.ContainerFS
|
|
}
|
|
|
|
func (l *rwLayer) Root() containerfs.ContainerFS {
|
|
return l.fs
|
|
}
|
|
|
|
func (l *rwLayer) Commit() (builder.ROLayer, error) {
|
|
stream, err := l.rwLayer.TarStream()
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
defer stream.Close()
|
|
|
|
var chainID layer.ChainID
|
|
if parent := l.rwLayer.Parent(); parent != nil {
|
|
chainID = parent.ChainID()
|
|
}
|
|
|
|
newLayer, err := l.layerStore.Register(stream, chainID)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
// TODO: An optimization would be to handle empty layers before returning
|
|
return &roLayer{layerStore: l.layerStore, roLayer: newLayer}, nil
|
|
}
|
|
|
|
func (l *rwLayer) Release() error {
|
|
if l.released {
|
|
return nil
|
|
}
|
|
|
|
if l.fs != nil {
|
|
if err := l.rwLayer.Unmount(); err != nil {
|
|
return errors.Wrap(err, "failed to unmount RWLayer")
|
|
}
|
|
l.fs = nil
|
|
}
|
|
|
|
metadata, err := l.layerStore.ReleaseRWLayer(l.rwLayer)
|
|
layer.LogReleaseMetadata(metadata)
|
|
if err != nil {
|
|
return errors.Wrap(err, "failed to release RWLayer")
|
|
}
|
|
l.released = true
|
|
return nil
|
|
}
|
|
|
|
func newROLayerForImage(img *image.Image, layerStore layer.Store) (builder.ROLayer, error) {
|
|
if img == nil || img.RootFS.ChainID() == "" {
|
|
return &roLayer{layerStore: layerStore}, nil
|
|
}
|
|
// Hold a reference to the image layer so that it can't be removed before
|
|
// it is released
|
|
layer, err := layerStore.Get(img.RootFS.ChainID())
|
|
if err != nil {
|
|
return nil, errors.Wrapf(err, "failed to get layer for image %s", img.ImageID())
|
|
}
|
|
return &roLayer{layerStore: layerStore, roLayer: layer}, nil
|
|
}
|
|
|
|
// TODO: could this use the regular daemon PullImage ?
|
|
func (i *ImageService) pullForBuilder(ctx context.Context, name string, authConfigs map[string]types.AuthConfig, output io.Writer, platform *specs.Platform) (*image.Image, error) {
|
|
ref, err := reference.ParseNormalizedNamed(name)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
ref = reference.TagNameOnly(ref)
|
|
|
|
pullRegistryAuth := &types.AuthConfig{}
|
|
if len(authConfigs) > 0 {
|
|
// The request came with a full auth config, use it
|
|
repoInfo, err := i.registryService.ResolveRepository(ref)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
resolvedConfig := registry.ResolveAuthConfig(authConfigs, repoInfo.Index)
|
|
pullRegistryAuth = &resolvedConfig
|
|
}
|
|
|
|
if err := i.pullImageWithReference(ctx, ref, platform, nil, pullRegistryAuth, output); err != nil {
|
|
return nil, err
|
|
}
|
|
return i.GetImage(name, platform)
|
|
}
|
|
|
|
// GetImageAndReleasableLayer returns an image and releaseable layer for a reference or ID.
|
|
// Every call to GetImageAndReleasableLayer MUST call releasableLayer.Release() to prevent
|
|
// leaking of layers.
|
|
func (i *ImageService) GetImageAndReleasableLayer(ctx context.Context, refOrID string, opts backend.GetImageAndLayerOptions) (builder.Image, builder.ROLayer, error) {
|
|
if refOrID == "" { // ie FROM scratch
|
|
os := runtime.GOOS
|
|
if runtime.GOOS == "windows" {
|
|
os = "linux"
|
|
}
|
|
if opts.Platform != nil {
|
|
os = opts.Platform.OS
|
|
}
|
|
if !system.IsOSSupported(os) {
|
|
return nil, nil, system.ErrNotSupportedOperatingSystem
|
|
}
|
|
layer, err := newROLayerForImage(nil, i.layerStores[os])
|
|
return nil, layer, err
|
|
}
|
|
|
|
if opts.PullOption != backend.PullOptionForcePull {
|
|
image, err := i.GetImage(refOrID, opts.Platform)
|
|
if err != nil && opts.PullOption == backend.PullOptionNoPull {
|
|
return nil, nil, err
|
|
}
|
|
// TODO: shouldn't we error out if error is different from "not found" ?
|
|
if image != nil {
|
|
if !system.IsOSSupported(image.OperatingSystem()) {
|
|
return nil, nil, system.ErrNotSupportedOperatingSystem
|
|
}
|
|
layer, err := newROLayerForImage(image, i.layerStores[image.OperatingSystem()])
|
|
return image, layer, err
|
|
}
|
|
}
|
|
|
|
image, err := i.pullForBuilder(ctx, refOrID, opts.AuthConfig, opts.Output, opts.Platform)
|
|
if err != nil {
|
|
return nil, nil, err
|
|
}
|
|
if !system.IsOSSupported(image.OperatingSystem()) {
|
|
return nil, nil, system.ErrNotSupportedOperatingSystem
|
|
}
|
|
layer, err := newROLayerForImage(image, i.layerStores[image.OperatingSystem()])
|
|
return image, layer, err
|
|
}
|
|
|
|
// CreateImage creates a new image by adding a config and ID to the image store.
|
|
// This is similar to LoadImage() except that it receives JSON encoded bytes of
|
|
// an image instead of a tar archive.
|
|
func (i *ImageService) CreateImage(config []byte, parent string) (builder.Image, error) {
|
|
id, err := i.imageStore.Create(config)
|
|
if err != nil {
|
|
return nil, errors.Wrapf(err, "failed to create image")
|
|
}
|
|
|
|
if parent != "" {
|
|
if err := i.imageStore.SetParent(id, image.ID(parent)); err != nil {
|
|
return nil, errors.Wrapf(err, "failed to set parent %s", parent)
|
|
}
|
|
}
|
|
|
|
return i.imageStore.Get(id)
|
|
}
|