From 29a617c0b609e01d15efd3600464493df2fde001 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Wed, 30 Oct 2024 16:11:05 +0100 Subject: [PATCH] Revert "Use the config digest to compare images loaded/pulled using different methods" MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This reverts commit 1d7ec1ef5fc778cf0a188f2605524f0169678fed. Signed-off-by: Miloslav Trmač --- test/system/010-images.bats | 6 +---- test/system/120-load.bats | 48 +++++++++++++------------------------ test/system/150-login.bats | 18 +++++++------- test/system/helpers.bash | 11 --------- 4 files changed, 27 insertions(+), 56 deletions(-) diff --git a/test/system/010-images.bats b/test/system/010-images.bats index a0beda41f6..8db19bf3a9 100644 --- a/test/system/010-images.bats +++ b/test/system/010-images.bats @@ -383,13 +383,9 @@ EOF assert "${lines[-2]}" =~ ".*$IMAGE false" "image from readwrite store" assert "${lines[-1]}" =~ ".*$IMAGE true" "image from readonly store" id=${lines[-2]%% *} - local config_digest; config_digest=$(image_config_digest "@$id") # Without $sconf, i.e. from the read-write store. CONTAINERS_STORAGE_CONF=$sconf run_podman pull -q $IMAGE - # This is originally a regression test, (podman pull) used to output multiple image IDs. Ensure it only prints one. - assert "${#lines[*]}" -le 1 "Number of output lines from podman pull" - local config_digest2; config_digest2=$(image_config_digest "@$output") - assert "$config_digest2" = "$config_digest" "pull -q $IMAGE, using storage.conf" + is "$output" "$id" "pull -q $IMAGE, using storage.conf" # $IMAGE might now be reusing layers from the additional store; # Removing the additional store underneath can result in dangling layer references. diff --git a/test/system/120-load.bats b/test/system/120-load.bats index 09ef6c907b..77accaa522 100644 --- a/test/system/120-load.bats +++ b/test/system/120-load.bats @@ -23,24 +23,22 @@ function teardown() { # Custom helpers for this test only. These just save us having to duplicate # the same thing four times (two tests, each with -i and stdin). # -# initialize, read image ID, image config digest, and name -get_img_ids_and_name() { +# initialize, read image ID and name +get_iid_and_name() { run_podman images -a --format '{{.ID}} {{.Repository}}:{{.Tag}}' read iid img_name <<<"$output" - img_config_digest=$(image_config_digest "@$iid") archive=$PODMAN_TMPDIR/myimage-$(random_string 8).tar } -# Simple verification of image config digest and name -verify_img_config_digest_and_name() { +# Simple verification of image ID and name +verify_iid_and_name() { run_podman images -a --format '{{.ID}} {{.Repository}}:{{.Tag}}' read new_iid new_img_name < <(echo "$output") - new_img_config_digest=$(image_config_digest "@$new_iid") # Verify - is "$new_img_config_digest" "$img_config_digest" "Image config digest of loaded image == original" - is "$new_img_name" "$1" "Name & tag of restored image" + is "$new_iid" "$iid" "Image ID of loaded image == original" + is "$new_img_name" "$1" "Name & tag of restored image" } @test "podman load invalid file" { @@ -180,7 +178,7 @@ verify_img_config_digest_and_name() { @test "podman load - by image ID" { # FIXME: how to build a simple archive instead? - get_img_ids_and_name + get_iid_and_name # Save image by ID, and remove it. run_podman save $iid -o $archive @@ -188,41 +186,41 @@ verify_img_config_digest_and_name() { # Load using -i; IID should be preserved, but name is not. run_podman load -i $archive - verify_img_config_digest_and_name ":" + verify_iid_and_name ":" # Same as above, using stdin run_podman rmi $iid run_podman load < $archive - verify_img_config_digest_and_name ":" + verify_iid_and_name ":" # Same as above, using stdin but with `podman image load` run_podman rmi $iid run_podman image load < $archive - verify_img_config_digest_and_name ":" + verify_iid_and_name ":" } @test "podman load - by image name" { - get_img_ids_and_name + get_iid_and_name run_podman save $img_name -o $archive run_podman rmi $iid # Load using -i; this time the image should be tagged. run_podman load -i $archive - verify_img_config_digest_and_name $img_name + verify_iid_and_name $img_name run_podman rmi $iid # Also make sure that `image load` behaves the same. run_podman image load -i $archive - verify_img_config_digest_and_name $img_name + verify_iid_and_name $img_name run_podman rmi $iid # Same as above, using stdin run_podman load < $archive - verify_img_config_digest_and_name $img_name + verify_iid_and_name $img_name } @test "podman load - from URL" { - get_img_ids_and_name + get_iid_and_name run_podman save $img_name -o $archive run_podman rmi $iid @@ -234,21 +232,9 @@ verify_img_config_digest_and_name() { -v $archive:/var/www/image.tar:Z \ -w /var/www \ $IMAGE /bin/busybox-extras httpd -f -p 80 - # We now have $IMAGE pointing at the image, possibly using a zstd:chunked (TOC-based) pull - run_podman load -i $SERVER/image.tar + verify_iid_and_name $img_name - # This should move the $img_name tag ( = $IMAGE) to the result of loading the image; - # this is a non-TOC-based load, so it might or might not deduplicate the loaded image with - # the one for myweb. - # So, if we have an untagged image, it’s probably the one for myweb, and try to remove it. - run_podman rm -f -t0 myweb - run_podman images -a --format '{{.ID}} {{.Repository}}:{{.Tag}}' - local myweb_iid=$(echo "$output" | sed -n '/:/s/ .*$//p') - if [[ -n "$myweb_iid" ]]; then - run_podman rmi $myweb_iid - fi - - verify_img_config_digest_and_name $img_name + run_podman load -i $SERVER/image.tar } @test "podman load - redirect corrupt payload" { diff --git a/test/system/150-login.bats b/test/system/150-login.bats index 49f24632b5..b05d4e7cdb 100644 --- a/test/system/150-login.bats +++ b/test/system/150-login.bats @@ -149,8 +149,9 @@ EOF } function _push_search_test() { - # Look up image config digest for later comparison against push/pulled image - local img_config_digest; img_config_digest=$(image_config_digest $IMAGE) + # Preserve image ID for later comparison against push/pulled image + run_podman inspect --format '{{.Id}}' $IMAGE + iid=$output destname=ok-$(random_string 10 | tr A-Z a-z)-ok # Use command-line credentials @@ -187,8 +188,8 @@ function _push_search_test() { localhost:${PODMAN_LOGIN_REGISTRY_PORT}/$destname # Compare to original image - local img_config_digest2; img_config_digest2=$(image_config_digest localhost:${PODMAN_LOGIN_REGISTRY_PORT}/$destname) - assert "$img_config_digest2" = "$img_config_digest" "config digest of pulled image == original digest" + run_podman inspect --format '{{.Id}}' $destname + is "$output" "$iid" "Image ID of pulled image == original IID" run_podman rmi $destname } @@ -344,12 +345,12 @@ function _test_skopeo_credential_sharing() { $image1 run_podman rmi $image1 - local podman_image_config_digest=$(image_config_digest $IMAGE) + run_podman images $IMAGE --format {{.ID}} + local podman_image_id=$output run_podman pull -q --retry 4 --retry-delay "0s" --authfile=$authfile \ --tls-verify=false $image1 - local pulled_image_config_digest; pulled_image_config_digest=$(image_config_digest @$output) - assert "$pulled_image_config_digest" = "$podman_image_config_digest" "First pull (before stopping registry)" + assert "${output:0:12}" = "$podman_image_id" "First pull (before stopping registry)" run_podman rmi $image1 # This actually STOPs the registry, so the port is unbound... @@ -359,8 +360,7 @@ function _test_skopeo_credential_sharing() { run_podman 0+w pull -q --retry 4 --retry-delay "5s" --authfile=$authfile \ --tls-verify=false $image1 assert "$output" =~ "Failed, retrying in 5s.*Error: initializing.* connection refused" - local pulled_image_config_digest2; pulled_image_config_digest2=$(image_config_digest "@${lines[-1]}") - assert "$pulled_image_config_digest2" = "$podman_image_config_digest" "push should succeed via retry" + assert "${lines[-1]:0:12}" = "$podman_image_id" "push should succeed via retry" unpause_registry run_podman rmi $image1 diff --git a/test/system/helpers.bash b/test/system/helpers.bash index f4d57eda70..bda7ea82c8 100644 --- a/test/system/helpers.bash +++ b/test/system/helpers.bash @@ -847,17 +847,6 @@ function _ensure_container_running() { die "Timed out waiting for container $1 to enter state running=$2" } -# Return the config digest of an image in containers-storage. -# The input can be a named reference, or an @imageID (including shorter imageID prefixes) -# Historically, the image ID was a good indicator of “the same” image; -# with zstd:chunked, the same image might have different IDs depending on whether -# creating layers happened based on the TOC (and per-file operations) or the full layer tarball -function image_config_digest() { - local sha_output; sha_output=$(skopeo inspect --raw --config "containers-storage:$1" | sha256sum) - # strip filename ("-") from sha output - echo "${sha_output%% *}" -} - ########################### # _add_label_if_missing # make sure skip messages include rootless/remote ###########################