Revert "Use the config digest to compare images loaded/pulled using d…

…ifferent methods" This reverts commit 1d7ec1e. Signed-off-by: Miloslav Trmač <[email protected]>
mtrmac · Nov 26, 2024 · 6eb0254 · 6eb0254
1 parent 7d7a607
commit 6eb0254
Show file tree

Hide file tree

Showing 4 changed files with 27 additions and 54 deletions.
diff --git a/test/system/010-images.bats b/test/system/010-images.bats
@@ -396,13 +396,9 @@ EOF
     assert "${lines[-2]}" =~ ".*$IMAGE false" "image from readwrite store"
     assert "${lines[-1]}" =~ ".*$IMAGE true" "image from readonly store"
     id=${lines[-2]%% *}
-    local config_digest; config_digest=$(image_config_digest "@$id") # Without $sconf, i.e. from the read-write store.
 
     CONTAINERS_STORAGE_CONF=$sconf run_podman pull -q $IMAGE
-    # This is originally a regression test, (podman pull) used to output multiple image IDs. Ensure it only prints one.
-    assert "${#lines[*]}" -le 1 "Number of output lines from podman pull"
-    local config_digest2; config_digest2=$(image_config_digest "@$output")
-    assert "$config_digest2" = "$config_digest" "pull -q $IMAGE, using storage.conf"
+    is "$output" "$id" "pull -q $IMAGE, using storage.conf"
 
     # $IMAGE might now be reusing layers from the additional store;
     # Removing the additional store underneath can result in dangling layer references.

diff --git a/test/system/120-load.bats b/test/system/120-load.bats
@@ -23,24 +23,22 @@ function teardown() {
 # Custom helpers for this test only. These just save us having to duplicate
 # the same thing four times (two tests, each with -i and stdin).
 #
-# initialize, read image ID, image config digest, and name
-get_img_ids_and_name() {
+# initialize, read image ID and name
+get_iid_and_name() {
     run_podman images -a --format '{{.ID}} {{.Repository}}:{{.Tag}}'
     read iid img_name <<<"$output"
-    img_config_digest=$(image_config_digest "@$iid")
 
     archive=$PODMAN_TMPDIR/myimage-$(random_string 8).tar
 }
 
-# Simple verification of image config digest and name
-verify_img_config_digest_and_name() {
+# Simple verification of image ID and name
+verify_iid_and_name() {
     run_podman images -a --format '{{.ID}} {{.Repository}}:{{.Tag}}'
     read new_iid new_img_name < <(echo "$output")
-    new_img_config_digest=$(image_config_digest "@$new_iid")
 
     # Verify
-    is "$new_img_config_digest" "$img_config_digest" "Image config digest of loaded image == original"
-    is "$new_img_name"          "$1"                 "Name & tag of restored image"
+    is "$new_iid"      "$iid" "Image ID of loaded image == original"
+    is "$new_img_name" "$1"   "Name & tag of restored image"
 }
 
 @test "podman load invalid file" {
@@ -180,49 +178,49 @@ verify_img_config_digest_and_name() {
 
 @test "podman load - by image ID" {
     # FIXME: how to build a simple archive instead?
-    get_img_ids_and_name
+    get_iid_and_name
 
     # Save image by ID, and remove it.
     run_podman save $iid -o $archive
     run_podman rmi $iid
 
     # Load using -i; IID should be preserved, but name is not.
     run_podman load -i $archive
-    verify_img_config_digest_and_name "<none>:<none>"
+    verify_iid_and_name "<none>:<none>"
 
     # Same as above, using stdin
     run_podman rmi $iid
     run_podman load < $archive
-    verify_img_config_digest_and_name "<none>:<none>"
+    verify_iid_and_name "<none>:<none>"
 
     # Same as above, using stdin but with `podman image load`
     run_podman rmi $iid
     run_podman image load < $archive
-    verify_img_config_digest_and_name "<none>:<none>"
+    verify_iid_and_name "<none>:<none>"
 }
 
 @test "podman load - by image name" {
-    get_img_ids_and_name
+    get_iid_and_name
     run_podman save $img_name -o $archive
     run_podman rmi $iid
 
     # Load using -i; this time the image should be tagged.
     run_podman load -i $archive
-    verify_img_config_digest_and_name $img_name
+    verify_iid_and_name $img_name
     run_podman rmi $iid
 
     # Also make sure that `image load` behaves the same.
     run_podman image load -i $archive
-    verify_img_config_digest_and_name $img_name
+    verify_iid_and_name $img_name
     run_podman rmi $iid
 
     # Same as above, using stdin
     run_podman load < $archive
-    verify_img_config_digest_and_name $img_name
+    verify_iid_and_name $img_name
 }
 
 @test "podman load - from URL" {
-    get_img_ids_and_name
+    get_iid_and_name
     run_podman save $img_name -o $archive
     run_podman rmi $iid
 
@@ -234,21 +232,11 @@ verify_img_config_digest_and_name() {
             -v $archive:/var/www/image.tar:Z \
             -w /var/www \
             $IMAGE /bin/busybox-extras httpd -f -p 80
-    # We now have $IMAGE pointing at the image, possibly using a zstd:chunked (TOC-based) pull
+
     run_podman load -i $SERVER/image.tar
+    verify_iid_and_name $img_name
 
-    # This should move the $img_name tag ( = $IMAGE) to the result of loading the image;
-    # this is a non-TOC-based load, so it might or might not deduplicate the loaded image with
-    # the one for myweb.
-    # So, if we have an untagged image, it’s probably the one for myweb, and try to remove it.
     run_podman rm -f -t0 myweb
-    run_podman images -a --format '{{.ID}} {{.Repository}}:{{.Tag}}'
-    local myweb_iid=$(echo "$output" | sed -n '/<none>:<none>/s/ .*$//p')
-    if [[ -n "$myweb_iid" ]]; then
-        run_podman rmi $myweb_iid
-    fi
-
-    verify_img_config_digest_and_name $img_name
 }
 
 @test "podman load - redirect corrupt payload" {

diff --git a/test/system/150-login.bats b/test/system/150-login.bats
@@ -149,8 +149,9 @@ EOF
 }
 
 function _push_search_test() {
-    # Look up image config digest for later comparison against push/pulled image
-    local img_config_digest; img_config_digest=$(image_config_digest $IMAGE)
+    # Preserve image ID for later comparison against push/pulled image
+    run_podman inspect --format '{{.Id}}' $IMAGE
+    iid=$output
 
     destname=ok-$(random_string 10 | tr A-Z a-z)-ok
     # Use command-line credentials
@@ -187,8 +188,8 @@ function _push_search_test() {
                localhost:${PODMAN_LOGIN_REGISTRY_PORT}/$destname
 
     # Compare to original image
-    local img_config_digest2; img_config_digest2=$(image_config_digest localhost:${PODMAN_LOGIN_REGISTRY_PORT}/$destname)
-    assert "$img_config_digest2" = "$img_config_digest" "config digest of pulled image == original digest"
+    run_podman inspect --format '{{.Id}}' $destname
+    is "$output" "$iid" "Image ID of pulled image == original IID"
 
     run_podman rmi $destname
 }
@@ -344,12 +345,12 @@ function _test_skopeo_credential_sharing() {
         $image1
     run_podman rmi $image1
 
-    local podman_image_config_digest=$(image_config_digest $IMAGE)
+    run_podman images $IMAGE --format {{.ID}}
+    local podman_image_id=$output
 
     run_podman pull -q --retry 4 --retry-delay "0s" --authfile=$authfile \
         --tls-verify=false $image1
-    local pulled_image_config_digest; pulled_image_config_digest=$(image_config_digest @$output)
-    assert "$pulled_image_config_digest" = "$podman_image_config_digest" "First pull (before stopping registry)"
+    assert "${output:0:12}" = "$podman_image_id" "First pull (before stopping registry)"
     run_podman rmi $image1
 
     # This actually STOPs the registry, so the port is unbound...
@@ -359,8 +360,7 @@ function _test_skopeo_credential_sharing() {
     run_podman 0+w pull -q --retry 4 --retry-delay "5s" --authfile=$authfile \
             --tls-verify=false $image1
     assert "$output" =~ "Failed, retrying in 5s.*Error: initializing.* connection refused"
-    local pulled_image_config_digest2; pulled_image_config_digest2=$(image_config_digest "@${lines[-1]}")
-    assert "$pulled_image_config_digest2" = "$podman_image_config_digest" "push should succeed via retry"
+    assert "${lines[-1]:0:12}" = "$podman_image_id" "push should succeed via retry"
     unpause_registry
 
     run_podman rmi $image1

diff --git a/test/system/helpers.bash b/test/system/helpers.bash
@@ -847,17 +847,6 @@ function _ensure_container_running() {
     die "Timed out waiting for container $1 to enter state running=$2"
 }
 
-# Return the config digest of an image in containers-storage.
-# The input can be a named reference, or an @imageID (including shorter imageID prefixes)
-# Historically, the image ID was a good indicator of “the same” image;
-# with zstd:chunked, the same image might have different IDs depending on whether
-# creating layers happened based on the TOC (and per-file operations) or the full layer tarball
-function image_config_digest() {
-    local sha_output; sha_output=$(skopeo inspect --raw --config "containers-storage:$1" | sha256sum)
-    # strip filename ("-") from sha output
-    echo "${sha_output%% *}"
-}
-
 ###########################
 #  _add_label_if_missing  #  make sure skip messages include rootless/remote
 ###########################