def generate_validation_manifest(self):
"""
Generates a gomtree validation manifest for a non-system image and stores it in
ATOMIC_VAR_LIB
:param:
:return: None
"""
_images = self.get_images(get_all=True)
for image in _images:
atomic_var_lib = util.ATOMIC_VAR_LIB
if not image["RepoTags"]:
continue
iid = image["RepoTags"][0]
if image["ImageType"] == "system":
continue
if iid == "<none>:<none>" or iid == "<none>":
continue
if os.path.exists(os.path.join(atomic_var_lib, "gomtree-manifests/%s.mtree" % iid)):
continue
manifestname = os.path.join(atomic_var_lib, "gomtree-manifests/%s.mtree" % iid)
dname = os.path.dirname(manifestname)
if not os.path.exists(dname):
os.makedirs(dname)
tmpdir = tempfile.mkdtemp()
m = Mount()
m.args = []
m.image = iid
m.mountpoint = tmpdir
m.storage = self.args.storage
m.mount()
r = util.generate_validation_manifest(img_rootfs=tmpdir, keywords="type,uid,gid,mode,size,sha256digest")
m.unmount()
with open(manifestname,"wb",0) as f:
f.write(r.stdout)
shutil.rmtree(tmpdir)
def validate_layer(self, layer):
"""
Validates a docker image by mounting the image on a rootfs and validate that
rootfs against the manifests that were created. Note that it won't be validated
layer by layer.
:param:
:return: None
"""
inspect = self._inspect_image(image=layer)
if inspect is None:
return None
iid = inspect['RepoTags'][0]
manifestname = os.path.join(util.ATOMIC_VAR_LIB, "gomtree-manifests/%s.mtree" % iid)
if not os.path.exists(manifestname):
return
tmpdir = tempfile.mkdtemp()
try:
from Atomic.mount import Mount
m = Mount()
m.args = []
m.image = iid
m.storage = "docker"
m.mountpoint = tmpdir
m.mount()
try:
r = util.validate_manifest(manifestname, img_rootfs=tmpdir, keywords="type,uid,gid,mode,size,sha256digest")
if r.return_code != 0:
util.write_err(r.stdout)
finally:
m.unmount()
finally:
shutil.rmtree(tmpdir)
def MountImage(self, image, mountpoint, options, live, shared):
mount = Mount()
mount.image = image
mount.mountpoint = mountpoint
args = self.Args()
args.options = options
args.live = live
args.shared = shared
self.atomic.set_args(args)
return mount.mount()
def MountImage(self, image, mountpoint, options, live, shared):
mount = Mount()
mount.image = image
mount.mountpoint = mountpoint
args = self.Args()
args.options = options
args.live = live
args.shared = shared
self.atomic.set_args(args)
return mount.mount()
def generate_validation_manifest(self):
"""
Generates a gomtree validation manifest for a non-system image and stores it in
ATOMIC_VAR_LIB
:param:
:return: None
"""
_images = self.get_images(get_all=True)
for image in _images:
atomic_var_lib = util.ATOMIC_VAR_LIB
if not image["RepoTags"]:
continue
iid = image["RepoTags"][0]
if image["ImageType"] == "system":
continue
if iid == "<none>:<none>" or iid == "<none>":
continue
if os.path.exists(os.path.join(atomic_var_lib, "gomtree-manifests/%s.mtree" % iid)):
continue
manifestname = os.path.join(atomic_var_lib, "gomtree-manifests/%s.mtree" % iid)
dname = os.path.dirname(manifestname)
if not os.path.exists(dname):
os.makedirs(dname)
tmpdir = tempfile.mkdtemp()
m = Mount()
m.args = []
m.image = iid
m.mountpoint = tmpdir
m.storage = self.args.storage
m.mount()
r = util.generate_validation_manifest(img_rootfs=tmpdir, keywords="type,uid,gid,mode,size,sha256digest")
m.unmount()
with open(manifestname,"w",0) as f:
f.write(r.stdout)
shutil.rmtree(tmpdir)
def UnmountImage(self, mountpoint):
mount = Mount()
mount.mountpoint = mountpoint
return mount.unmount()
def UnmountImage(self, mountpoint):
mount = Mount()
mount.mountpoint = mountpoint
return mount.unmount()