podman
100 строк · 3.8 Кб
1package buildah
2
3import (
4"context"
5"fmt"
6"io"
7"time"
8
9"github.com/containers/buildah/define"
10"github.com/containers/common/libimage"
11"github.com/containers/common/pkg/config"
12"github.com/containers/image/v5/types"
13encconfig "github.com/containers/ocicrypt/config"
14"github.com/containers/storage"
15)
16
17// PullOptions can be used to alter how an image is copied in from somewhere.
18type PullOptions struct {
19// SignaturePolicyPath specifies an override location for the signature
20// policy which should be used for verifying the new image as it is
21// being written. Except in specific circumstances, no value should be
22// specified, indicating that the shared, system-wide default policy
23// should be used.
24SignaturePolicyPath string
25// ReportWriter is an io.Writer which will be used to log the writing
26// of the new image.
27ReportWriter io.Writer
28// Store is the local storage store which holds the source image.
29Store storage.Store
30// github.com/containers/image/types SystemContext to hold credentials
31// and other authentication/authorization information.
32SystemContext *types.SystemContext
33// BlobDirectory is the name of a directory in which we'll attempt to
34// store copies of layer blobs that we pull down, if any. It should
35// already exist.
36BlobDirectory string
37// AllTags is a boolean value that determines if all tagged images
38// will be downloaded from the repository. The default is false.
39AllTags bool
40// RemoveSignatures causes any existing signatures for the image to be
41// discarded when pulling it.
42RemoveSignatures bool
43// MaxRetries is the maximum number of attempts we'll make to pull any
44// one image from the external registry if the first attempt fails.
45MaxRetries int
46// RetryDelay is how long to wait before retrying a pull attempt.
47RetryDelay time.Duration
48// OciDecryptConfig contains the config that can be used to decrypt an image if it is
49// encrypted if non-nil. If nil, it does not attempt to decrypt an image.
50OciDecryptConfig *encconfig.DecryptConfig
51// PullPolicy takes the value PullIfMissing, PullAlways, PullIfNewer, or PullNever.
52PullPolicy define.PullPolicy
53}
54
55// Pull copies the contents of the image from somewhere else to local storage. Returns the
56// ID of the local image or an error.
57func Pull(ctx context.Context, imageName string, options PullOptions) (imageID string, err error) {
58libimageOptions := &libimage.PullOptions{}
59libimageOptions.SignaturePolicyPath = options.SignaturePolicyPath
60libimageOptions.Writer = options.ReportWriter
61libimageOptions.RemoveSignatures = options.RemoveSignatures
62libimageOptions.OciDecryptConfig = options.OciDecryptConfig
63libimageOptions.AllTags = options.AllTags
64libimageOptions.RetryDelay = &options.RetryDelay
65libimageOptions.DestinationLookupReferenceFunc = cacheLookupReferenceFunc(options.BlobDirectory, types.PreserveOriginal)
66
67if options.MaxRetries > 0 {
68retries := uint(options.MaxRetries)
69libimageOptions.MaxRetries = &retries
70}
71
72pullPolicy, err := config.ParsePullPolicy(options.PullPolicy.String())
73if err != nil {
74return "", err
75}
76
77// Note: It is important to do this before we pull any images/create containers.
78// The default backend detection logic needs an empty store to correctly detect
79// that we can use netavark, if the store was not empty it will use CNI to not break existing installs.
80_, err = getNetworkInterface(options.Store, "", "")
81if err != nil {
82return "", err
83}
84
85runtime, err := libimage.RuntimeFromStore(options.Store, &libimage.RuntimeOptions{SystemContext: options.SystemContext})
86if err != nil {
87return "", err
88}
89
90pulledImages, err := runtime.Pull(context.Background(), imageName, pullPolicy, libimageOptions)
91if err != nil {
92return "", err
93}
94
95if len(pulledImages) == 0 {
96return "", fmt.Errorf("internal error pulling %s: no image pulled and no error", imageName)
97}
98
99return pulledImages[0].ID(), nil
100}
101