podman
100 строк · 3.8 Кб
1package buildah2import (4"context"5"fmt"6"io"7"time"8"github.com/containers/buildah/define"10"github.com/containers/common/libimage"11"github.com/containers/common/pkg/config"12"github.com/containers/image/v5/types"13encconfig "github.com/containers/ocicrypt/config"14"github.com/containers/storage"15)16// PullOptions can be used to alter how an image is copied in from somewhere.18type PullOptions struct {19// SignaturePolicyPath specifies an override location for the signature20// policy which should be used for verifying the new image as it is21// being written. Except in specific circumstances, no value should be22// specified, indicating that the shared, system-wide default policy23// should be used.24SignaturePolicyPath string25// ReportWriter is an io.Writer which will be used to log the writing26// of the new image.27ReportWriter io.Writer28// Store is the local storage store which holds the source image.29Store storage.Store30// github.com/containers/image/types SystemContext to hold credentials31// and other authentication/authorization information.32SystemContext *types.SystemContext33// BlobDirectory is the name of a directory in which we'll attempt to34// store copies of layer blobs that we pull down, if any. It should35// already exist.36BlobDirectory string37// AllTags is a boolean value that determines if all tagged images38// will be downloaded from the repository. The default is false.39AllTags bool40// RemoveSignatures causes any existing signatures for the image to be41// discarded when pulling it.42RemoveSignatures bool43// MaxRetries is the maximum number of attempts we'll make to pull any44// one image from the external registry if the first attempt fails.45MaxRetries int46// RetryDelay is how long to wait before retrying a pull attempt.47RetryDelay time.Duration48// OciDecryptConfig contains the config that can be used to decrypt an image if it is49// encrypted if non-nil. If nil, it does not attempt to decrypt an image.50OciDecryptConfig *encconfig.DecryptConfig51// PullPolicy takes the value PullIfMissing, PullAlways, PullIfNewer, or PullNever.52PullPolicy define.PullPolicy53}54// Pull copies the contents of the image from somewhere else to local storage. Returns the56// ID of the local image or an error.57func Pull(ctx context.Context, imageName string, options PullOptions) (imageID string, err error) {58libimageOptions := &libimage.PullOptions{}59libimageOptions.SignaturePolicyPath = options.SignaturePolicyPath60libimageOptions.Writer = options.ReportWriter61libimageOptions.RemoveSignatures = options.RemoveSignatures62libimageOptions.OciDecryptConfig = options.OciDecryptConfig63libimageOptions.AllTags = options.AllTags64libimageOptions.RetryDelay = &options.RetryDelay65libimageOptions.DestinationLookupReferenceFunc = cacheLookupReferenceFunc(options.BlobDirectory, types.PreserveOriginal)66if options.MaxRetries > 0 {68retries := uint(options.MaxRetries)69libimageOptions.MaxRetries = &retries70}71pullPolicy, err := config.ParsePullPolicy(options.PullPolicy.String())73if err != nil {74return "", err75}76// Note: It is important to do this before we pull any images/create containers.78// The default backend detection logic needs an empty store to correctly detect79// that we can use netavark, if the store was not empty it will use CNI to not break existing installs.80_, err = getNetworkInterface(options.Store, "", "")81if err != nil {82return "", err83}84runtime, err := libimage.RuntimeFromStore(options.Store, &libimage.RuntimeOptions{SystemContext: options.SystemContext})86if err != nil {87return "", err88}89pulledImages, err := runtime.Pull(context.Background(), imageName, pullPolicy, libimageOptions)91if err != nil {92return "", err93}94if len(pulledImages) == 0 {96return "", fmt.Errorf("internal error pulling %s: no image pulled and no error", imageName)97}98return pulledImages[0].ID(), nil100}101