apptainer

package
v1.2.5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 22, 2023 License: BSD-3-Clause Imports: 74 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// PKIXOCSPNoCheck refers to the Revocation Checking of an Authorized Responder.
	// More more info check https://oidref.com/1.3.6.1.5.5.7.48.1.5
	PKIXOCSPNoCheck = "1.3.6.1.5.5.7.48.1.5"
)

Variables

View Source 
var ErrLibraryUnsigned = errors.New("image is not signed")

ErrLibraryUnsigned indicated that the image intended to be used is not signed, nor has an override for requiring a signature been provided

View Source 
var ErrLoginAborted = errors.New("user aborted login")

ErrLoginAborted is raised when the login process has been aborted by the user

Functions

func CapabilityAdd 

func CapabilityAdd(capFile string, c CapManageConfig) error

CapabilityAdd adds the specified capability set to the capability file

func CapabilityAvail 

func CapabilityAvail(c CapAvailConfig) error

CapabilityAvail lists the capabilities based on the CapAvailConfig

func CapabilityDrop 

func CapabilityDrop(capFile string, c CapManageConfig) error

CapabilityDrop drops the specified capability set from the capability file

func CapabilityList 

func CapabilityList(capFile string, c CapListConfig) error

CapabilityList lists the capabilities based on the CapListConfig

func CleanApptainerCache 

func CleanApptainerCache(imgCache *cache.Handle, dryRun bool, cacheCleanTypes []string, days int) error

CleanApptainerCache is the main function that drives all these other functions. If force is true, remove the entries, otherwise only provide a summary of what would have been done. If cacheCleanTypes contains something, only clean that type. The special value "all" is interpreted as "all types of entries". If cacheName contains something, clean only cache entries matching that name.

func CompilePlugin 

func CompilePlugin(sourceDir, destSif, buildTags string) error

CompilePlugin compiles a plugin. It takes as input: sourceDir, the path to the plugin's source code directory; and destSif, the path to the intended final location of the plugin SIF file.

func CreatePlugin 

func CreatePlugin(dir, name string) error

CreatePlugin create the plugin directory skeleton.

func DeleteImage 

func DeleteImage(ctx context.Context, clientConfig *client.Config, imageRef, arch string) error

DeleteImage deletes an image from a remote library.

func DisablePlugin 

func DisablePlugin(name, libexecdir string) error

DisablePlugin disables the named plugin.

func EnablePlugin 

func EnablePlugin(name string) error

EnablePlugin enables the named plugin.

func FakerootConfig 

func FakerootConfig(username string, op FakerootConfigOp) error

FakerootConfig allows to add/remove/enable/disable a user fakeroot mapping entry in /etc/subuid and /etc/subgid files.

func GlobalConfig 

func GlobalConfig(args []string, configFile string, dry bool, op GlobalConfigOp) error

GlobalConfig allows to set/unset/reset a configuration directive value in apptainer.conf

func InspectPlugin 

func InspectPlugin(name string) error

InspectPlugin inspects the named plugin.

func InstallPlugin 

func InstallPlugin(pluginPath string) error

InstallPlugin takes a plugin located at path and installs it into the apptainer plugin installation directory.

Installing a plugin will also automatically enable it.

func InstanceStats added in v1.1.0 

func InstanceStats(ctx context.Context, name, instanceUser string, formatJSON bool, noStream bool) error

InstanceStats uses underlying cgroups to get statistics for a named instance

func LibraryPush 

func LibraryPush(ctx context.Context, pushSpec LibraryPushSpec, libraryConfig *client.Config, co []keyClient.Option) error

LibraryPush will upload an image file according to the provided LibraryPushSpec Before uploading, the image will be checked for a valid signature unless AllowUnsigned is true

func ListApptainerCache 

func ListApptainerCache(imgCache *cache.Handle, cacheListTypes []string, cacheListVerbose bool) error

ListApptainerCache will list the local apptainer cache for the types specified by cacheListTypes. If cacheListTypes contains the value "all", all the cache entries are considered. If cacheListVerbose is true, the entries will be shown in the output, otherwise only a summary is provided.

func ListPlugins 

func ListPlugins() error

ListPlugins lists the apptainer plugins installed in the plugin plugin installation directory.

func OCSPVerify added in v1.2.0 

func OCSPVerify(chain ...*x509.Certificate) error

func OciAttach 

func OciAttach(ctx context.Context, containerID string) error

OciAttach attaches console to a running container

func OciCreate 

func OciCreate(containerID string, args *OciArgs) error

OciCreate creates a container from an OCI bundle

func OciDelete 

func OciDelete(ctx context.Context, containerID string) error

OciDelete deletes container resources

func OciExec 

func OciExec(containerID string, cmdArgs []string) error

OciExec executes a command in a container

func OciKill 

func OciKill(containerID string, killSignal string, killTimeout int) error

OciKill kills container process

func OciMount 

func OciMount(image string, bundle string) error

OciMount mount a SIF image to create an OCI bundle

func OciPauseResume 

func OciPauseResume(containerID string, pause bool) error

OciPauseResume pauses/resumes processes in a container

func OciRun 

func OciRun(ctx context.Context, containerID string, args *OciArgs) error

OciRun runs a container (equivalent to create/start/delete)

func OciStart 

func OciStart(containerID string) error

OciStart starts a previously create container

func OciState 

func OciState(containerID string, args *OciArgs) error

OciState query container state

func OciUmount 

func OciUmount(bundle string) error

OciUmount umount SIF and delete OCI bundle

func OciUpdate 

func OciUpdate(containerID string, args *OciArgs) error

OciUpdate updates container cgroups resources

func OverlayCreate 

func OverlayCreate(size int, imgPath string, overlaySparse bool, isFakeroot bool, overlayDirs ...string) error

OverlayCreate creates the overlay with an optional size, image path, dirs, fakeroot and sparse option.

func PrintInstanceList 

func PrintInstanceList(w io.Writer, name, user string, formatJSON bool, showLogs bool) error

PrintInstanceList fetches instance list, applying name and user filters, and prints it in a regular or a JSON format (if formatJSON is true) to the passed writer. Additionally, fetches log paths (if showLogs is true).

func RemoteAdd 

func RemoteAdd(configFile, name, uri string, global bool, insecure bool) (err error)

RemoteAdd adds remote to configuration

func RemoteAddKeyserver 

func RemoteAddKeyserver(name, uri string, order uint32, insecure bool) error

func RemoteGetLoginPassword added in v1.2.0 

func RemoteGetLoginPassword(config *scslibclient.Config) (string, error)

RemoteGetLoginPassword retrieves cli token from oci library shim

func RemoteList 

func RemoteList(usrConfigFile string) (err error)

RemoteList prints information about remote configurations

func RemoteLogin 

func RemoteLogin(usrConfigFile string, args *LoginArgs) (err error)

RemoteLogin logs in remote by setting API token If the supplied remote name is an empty string, it will attempt to use the default remote.

func RemoteLogout 

func RemoteLogout(usrConfigFile, name string) (err error)

RemoteLogout logs out from an endpoint or service.

func RemoteRemove 

func RemoteRemove(configFile, name string) (err error)

RemoteRemove deletes a remote endpoint from the configuration

func RemoteRemoveKeyserver 

func RemoteRemoveKeyserver(name, uri string) error

func RemoteStatus 

func RemoteStatus(usrConfigFile, name string) (err error)

RemoteStatus checks status of services related to an endpoint If the supplied remote name is an empty string, it will attempt to use the default remote.

func RemoteUse 

func RemoteUse(usrConfigFile, name string, global, exclusive bool) (err error)

RemoteUse sets remote to use

func Sign 

func Sign(ctx context.Context, path string, opts ...SignOpt) error

Sign adds one or more digital signatures to the SIF image found at path, according to opts. Key material must be provided via OptSignEntitySelector.

By default, one digital signature is added per object group in f. To override this behavior, consider using OptSignGroup and/or OptSignObject.

func StopInstance 

func StopInstance(name, user string, sig syscall.Signal, timeout time.Duration) error

StopInstance fetches instance list, applying name and user filters, and stops them by sending a signal sig. If an instance is still running after a grace period defined by timeout is expired, it will be forcibly killed.

func UninstallPlugin 

func UninstallPlugin(name string) error

UninstallPlugin removes the named plugin from the system.

func Verify 

func Verify(ctx context.Context, path string, opts ...VerifyOpt) error

Verify verifies digital signature(s) in the SIF image found at path, according to opts.

To use key material from an x.509 certificate, use OptVerifyWithCertificate. The system roots or the platform verifier will be used to verify the certificate, unless OptVerifyWithIntermediates and/or OptVerifyWithRoots are specified.

To use raw key material, use OptVerifyWithVerifier.

To use PGP key material, use OptVerifyWithPGP.

By default, non-legacy signatures for all object groups are verified. To override the default behavior, consider using OptVerifyGroup, OptVerifyObject, OptVerifyAll, and/or OptVerifyLegacy.

func VerifyFingerprints 

func VerifyFingerprints(ctx context.Context, path string, fingerprints []string, opts ...VerifyOpt) error

VerifyFingerprints verifies an image and checks it was signed by *all* of the provided fingerprints.

To use key material from an x.509 certificate, use OptVerifyWithCertificate. The system roots or the platform verifier will be used to verify the certificate, unless OptVerifyWithIntermediates and/or OptVerifyWithRoots are specified.

To use raw key material, use OptVerifyWithVerifier.

To use PGP key material, use OptVerifyWithPGP.

By default, non-legacy signatures for all object groups are verified. To override the default behavior, consider using OptVerifyGroup, OptVerifyObject, OptVerifyAll, and/or OptVerifyLegacy.

func WriteInstancePidFile 

func WriteInstancePidFile(name, pidFile string) error

WriteInstancePidFile fetches instance's PID and writes it to the pidFile, truncating it if it already exists. Note that the name should not be a glob, i.e. name should identify a single instance only, otherwise an error is returned.

Types

type CapAvailConfig 

type CapAvailConfig struct {
	Caps string
	Desc bool
}

CapAvailConfig instructs CapabilityAvail on what capability to list/describe

type CapListConfig 

type CapListConfig struct {
	User  string
	Group string
	All   bool
}

CapListConfig instructs CapabilityList on what to list

type CapManageConfig 

type CapManageConfig struct {
	Caps  string
	User  string
	Group string
}

CapManageConfig specifies what capability set to edit in the capability file

type FakerootConfigOp 

type FakerootConfigOp uint8

FakerootConfigOp defines a type for a fakeroot configuration operation. 

const (
	// FakerootAddUser is the operation to add a user fakeroot mapping.
	FakerootAddUser FakerootConfigOp = iota
	// FakerootRemoveUser is the operation to remove a user fakeroot mapping.
	FakerootRemoveUser
	// FakerootEnableUser is the operation to enable a user fakeroot mapping.
	FakerootEnableUser
	// FakerootDisableUser is the operation to disable a user fakeroot mapping.
	FakerootDisableUser
)

type GlobalConfigOp 

type GlobalConfigOp uint8

GlobalConfigOp defines a type for a global configuration operation. 

const (
	// GlobalConfigSet is the operation to set a configuration directive value.
	GlobalConfigSet GlobalConfigOp = iota
	// GlobalConfigUnset is the operation to unset a configuration directive value.
	GlobalConfigUnset
	// GlobalConfigGet is the operation to get a configuration directive value.
	GlobalConfigGet
	// GlobalConfigReset is the operation to reset a configuration directive value.
	GlobalConfigReset
)

type LibraryPushSpec 

type LibraryPushSpec struct {
	// SourceFile is the path to the container image to be pushed to the library
	SourceFile string
	// DestRef is the destination reference that the container image will be pushed to in the library
	DestRef string
	// Description is an optional string that describes the container image
	Description string
	// AllowUnsigned must be set to true to allow push of an unsigned container image to succeed
	AllowUnsigned bool
	// FrontendURI is the URI for the frontend
	FrontendURI string
}

LibraryPushSpec describes how a source image file should be pushed to a library server

type LoginArgs 

type LoginArgs struct {
	Name      string
	Username  string
	Password  string
	Tokenfile string
	Insecure  bool
}

type OciArgs 

type OciArgs struct {
	BundlePath     string
	LogPath        string
	LogFormat      string
	SyncSocketPath string
	PidFile        string
	FromFile       string
	KillSignal     string
	KillTimeout    uint32
	EmptyProcess   bool
	ForceKill      bool
}

OciArgs contains CLI arguments

type SignOpt 

type SignOpt func(s *signer) error

SignOpt are used to configure s.

func OptSignEntitySelector 

func OptSignEntitySelector(f sypgp.EntitySelector) SignOpt

OptSignEntitySelector specifies f be used to select (and decrypt, if necessary) the entity to use to generate signature(s).

func OptSignGroup 

func OptSignGroup(groupID uint32) SignOpt

OptSignGroup specifies that a signature be applied to cover all objects in the group with the specified groupID. This may be called multiple times to add multiple group signatures.

func OptSignObjects 

func OptSignObjects(ids ...uint32) SignOpt

OptSignObjects specifies that one or more signature(s) be applied to cover objects with the specified ids. One signature will be applied for each group ID associated with the object(s). This may be called multiple times to add multiple signatures.

func OptSignWithSigner added in v1.2.0 

func OptSignWithSigner(ss signature.Signer) SignOpt

OptSignWithSigner specifies ss be used to generate signature(s).

type VerifyCallback 

type VerifyCallback func(*sif.FileImage, integrity.VerifyResult) bool

type VerifyOpt 

type VerifyOpt func(v *verifier) error

VerifyOpt are used to configure v.

func OptVerifyAll 

func OptVerifyAll() VerifyOpt

OptVerifyAll adds one verification task per non-signature object in the image when verification of legacy signatures is enabled. When verification of legacy signatures is disabled (the default), this option has no effect.

func OptVerifyCallback 

func OptVerifyCallback(cb VerifyCallback) VerifyOpt

OptVerifyCallback registers f as the verification callback.

func OptVerifyGroup 

func OptVerifyGroup(groupID uint32) VerifyOpt

OptVerifyGroup adds a verification task for the group with the specified groupID. This may be called multiple times to request verification of more than one group.

func OptVerifyLegacy 

func OptVerifyLegacy() VerifyOpt

OptVerifyLegacy enables verification of legacy signatures.

func OptVerifyObject 

func OptVerifyObject(id uint32) VerifyOpt

OptVerifyObject adds a verification task for the object with the specified id. This may be called multiple times to request verification of more than one object.

func OptVerifyWithCertificate added in v1.2.0 

func OptVerifyWithCertificate(c *x509.Certificate) VerifyOpt

OptVerifyWithCertificate appends c as a source of key material to verify signatures.

func OptVerifyWithIntermediates added in v1.2.0 

func OptVerifyWithIntermediates(p *x509.CertPool) VerifyOpt

OptVerifyWithIntermediates specifies p as the pool of certificates that can be used to form a chain from the leaf certificate to a root certificate.

func OptVerifyWithOCSP added in v1.2.0 

func OptVerifyWithOCSP() VerifyOpt

OptVerifyWithOCSP subjects the x509 certificate chains to online revocation checks, before the leaf certificate is deemed as trusted for validating the signature.

func OptVerifyWithPGP added in v1.2.0 

func OptVerifyWithPGP(opts ...client.Option) VerifyOpt

OptVerifyWithPGP adds the local public keyring as a source of key material to verify signatures. If supplied, opts specify a keyserver to use in addition to the local public keyring.

func OptVerifyWithRoots added in v1.2.0 

func OptVerifyWithRoots(p *x509.CertPool) VerifyOpt

OptVerifyWithRoots specifies p as the pool of root certificates to use, instead of the system roots or the platform verifier.

func OptVerifyWithVerifier added in v1.2.0 

func OptVerifyWithVerifier(sv signature.Verifier) VerifyOpt

OptVerifyWithVerifier appends sv as a source of key material to verify signatures.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.