-
Notifications
You must be signed in to change notification settings - Fork 762
/
pull.go
110 lines (93 loc) · 3.01 KB
/
pull.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
package source
import (
"context"
"fmt"
"os"
"github.com/containers/buildah/pkg/parse"
"github.com/containers/image/v5/copy"
"github.com/containers/image/v5/oci/layout"
"github.com/containers/image/v5/pkg/shortnames"
"github.com/containers/image/v5/signature"
"github.com/containers/image/v5/transports/alltransports"
"github.com/containers/image/v5/types"
)
// PullOptions includes data to alter certain knobs when pulling a source
// image.
type PullOptions struct {
// Require HTTPS and verify certificates when accessing the registry.
TLSVerify bool
// [username[:password] to use when connecting to the registry.
Credentials string
// Quiet the progress bars when pushing.
Quiet bool
}
// Pull `imageInput` from a container registry to `sourcePath`.
func Pull(ctx context.Context, imageInput string, sourcePath string, options PullOptions) error {
if _, err := os.Stat(sourcePath); err == nil {
return fmt.Errorf("%q already exists", sourcePath)
}
srcRef, err := stringToImageReference(imageInput)
if err != nil {
return err
}
destRef, err := layout.ParseReference(sourcePath)
if err != nil {
return err
}
sysCtx := &types.SystemContext{
DockerInsecureSkipTLSVerify: types.NewOptionalBool(!options.TLSVerify),
}
if options.Credentials != "" {
authConf, err := parse.AuthConfig(options.Credentials)
if err != nil {
return err
}
sysCtx.DockerAuthConfig = authConf
}
if err := validateSourceImageReference(ctx, srcRef, sysCtx); err != nil {
return err
}
policy, err := signature.DefaultPolicy(sysCtx)
if err != nil {
return fmt.Errorf("obtaining default signature policy: %w", err)
}
policyContext, err := signature.NewPolicyContext(policy)
if err != nil {
return fmt.Errorf("creating new signature policy context: %w", err)
}
copyOpts := copy.Options{
SourceCtx: sysCtx,
}
if !options.Quiet {
copyOpts.ReportWriter = os.Stderr
}
if _, err := copy.Image(ctx, policyContext, destRef, srcRef, ©Opts); err != nil {
return fmt.Errorf("pulling source image: %w", err)
}
return nil
}
func stringToImageReference(imageInput string) (types.ImageReference, error) {
if shortnames.IsShortName(imageInput) {
return nil, fmt.Errorf("pulling source images by short name (%q) is not supported, please use a fully-qualified name", imageInput)
}
ref, err := alltransports.ParseImageName("docker://" + imageInput)
if err != nil {
return nil, fmt.Errorf("parsing image name: %w", err)
}
return ref, nil
}
func validateSourceImageReference(ctx context.Context, ref types.ImageReference, sysCtx *types.SystemContext) error {
src, err := ref.NewImageSource(ctx, sysCtx)
if err != nil {
return fmt.Errorf("creating image source from reference: %w", err)
}
defer src.Close()
ociManifest, _, _, err := readManifestFromImageSource(ctx, src)
if err != nil {
return err
}
if ociManifest.Config.MediaType != MediaTypeSourceImageConfig {
return fmt.Errorf("invalid media type of image config %q (expected: %q)", ociManifest.Config.MediaType, MediaTypeSourceImageConfig)
}
return nil
}