Verify images in manifest list are not dangling and pruned

Vendor in latest containers/common

Currently if you create an un tagged image and add it to a manifest
list, podman image prune will remove the image, and leave you with
a broken manifest list. This PR removes the image from dangling in
this situation and prevents the pruning.

We have seen this trigger issues with RamaLama which is creating
manifest lists in this manner, and then users pruning the images.

Verifing: containers/common#2360

Signed-off-by: Daniel J Walsh <[email protected]>

Author: rhatdan

Makefile

@@ -363,7 +363,7 @@ $(IN_CONTAINER): %-in-container:
 	$(PODMANCMD) run --rm --env HOME=/root \
 		-v $(CURDIR):/src -w /src \
 		--security-opt label=disable \
-		docker.io/library/golang:1.22 \
+		docker.io/library/golang:1.23 \
 		make $(*)
 
 

go.mod

@@ -235,3 +235,5 @@ require (
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	tags.cncf.io/container-device-interface/specs-go v1.0.0 // indirect
 )
+
+replace github.com/containers/common => github.com/rhatdan/common v0.47.1-0.20250318135319-2242b2e1f465

go.sum

@@ -78,8 +78,6 @@ github.com/containernetworking/plugins v1.6.2 h1:pqP8Mq923TLyef5g97XfJ/xpDeVek4y
 github.com/containernetworking/plugins v1.6.2/go.mod h1:SP5UG3jDO9LtmfbBJdP+nl3A1atOtbj2MBOYsnaxy64=
 github.com/containers/buildah v1.39.2 h1:YaFMNnuTr7wKYKQDHkm7yyP9HhWVrNB4DA+DjYUS9k4=
 github.com/containers/buildah v1.39.2/go.mod h1:Vb4sDbEq06qQqk29mcGw/1qit8dyukpfL4hwNQ5t+z8=
-github.com/containers/common v0.62.3-0.20250320113334-33bf9345b5ef h1:OpMI1mIyrKWPGAYlJY9VVjsCXigtk+3ckYE1SN7JxYA=
-github.com/containers/common v0.62.3-0.20250320113334-33bf9345b5ef/go.mod h1:vGmB+0zxqbh5Gd0kOKDlC6sIeoMqso3l4ZKg6+G3YFc=
 github.com/containers/conmon v2.0.20+incompatible h1:YbCVSFSCqFjjVwHTPINGdMX1F6JXHGTUje2ZYobNrkg=
 github.com/containers/conmon v2.0.20+incompatible/go.mod h1:hgwZ2mtuDrppv78a/cOBNiCm6O0UMWGx1mu7P00nu5I=
 github.com/containers/gvisor-tap-vsock v0.8.4 h1:z7MqcldnXYGaU6uTaKVl7RFxTmbhNsd2UL0CyM3fdBs=
@@ -438,6 +436,8 @@ github.com/prometheus/common v0.57.0 h1:Ro/rKjwdq9mZn1K5QPctzh+MA4Lp0BuYk5ZZEVho
 github.com/prometheus/common v0.57.0/go.mod h1:7uRPFSUTbfZWsJ7MHY56sqt7hLQu3bxXHDnNhl8E9qI=
 github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc=
 github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk=
+github.com/rhatdan/common v0.47.1-0.20250318135319-2242b2e1f465 h1:aV/PjGzklc+iNdy86HriZ/yQ25h5sctFOFIy8O9inIs=
+github.com/rhatdan/common v0.47.1-0.20250318135319-2242b2e1f465/go.mod h1:l7TYE/GilpOcGkrErMCRHfvUnftyhjUGrSL/0gYad0M=
 github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
 github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ=
 github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=

pkg/domain/infra/abi/images.go

@@ -597,7 +597,7 @@ func (ir *ImageEngine) Tree(ctx context.Context, nameOrID string, opts entities.
 	if err != nil {
 		return nil, err
 	}
-	tree, err := image.Tree(opts.WhatRequires)
+	tree, err := image.Tree(ctx, opts.WhatRequires)
 	if err != nil {
 		return nil, err
 	}

test/system/012-manifest.bats

@@ -324,4 +324,30 @@ function manifestListAddArtifactOnce() {
         manifestListAddArtifactOnce
     done
 }
+
+@test "manifest list images should not be marked as dangling" {
+      # build image and attach it to a manifest list
+      mlist=m-$(safename)
+      run_podman build -q -f -  <<< "from scratch"
+      iid=${output}
+      run_podman manifest create ${mlist} ${iid}
+
+      # verify image is not dangling, and is not remove via prune
+      run_podman images --filter dangling=true
+      assert "$output" != "sha256:${iid}" "Verify the filter dangling does not list the image"
+      run_podman image prune --force
+      assert "$output" != "${iid}" "Verify the prune does not remove the non dangling image"
+      run_podman image exists ${iid}
+
+      # Remove manifes
+      run_podman manifest rm ${mlist}
+
+      # verify the image is now dangling, and is removed via prune
+      run_podman images -q --filter dangling=true --no-trunc
+      assert "$output" == "sha256:${iid}" "Verify the filter dangling does list the image"
+      run_podman image prune --force
+      assert "$output" == "${iid}" "Verify that prune does not remove the dangling image"
+      run_podman 1 image exists ${iid}
+}
+
 # vim: filetype=sh

vendor/github.com/containers/common/libimage/history.go

@@ -179,7 +179,7 @@ github.com/containers/buildah/pkg/sshagent
 github.com/containers/buildah/pkg/util
 github.com/containers/buildah/pkg/volumes
 github.com/containers/buildah/util
-# github.com/containers/common v0.62.3-0.20250320113334-33bf9345b5ef
+# github.com/containers/common v0.62.3-0.20250320113334-33bf9345b5ef => github.com/rhatdan/common v0.47.1-0.20250318135319-2242b2e1f465
 ## explicit; go 1.23.0
 github.com/containers/common/internal
 github.com/containers/common/internal/attributedstring
@@ -1425,3 +1425,4 @@ tags.cncf.io/container-device-interface/pkg/parser
 # tags.cncf.io/container-device-interface/specs-go v1.0.0
 ## explicit; go 1.19
 tags.cncf.io/container-device-interface/specs-go
+# github.com/containers/common => github.com/rhatdan/common v0.47.1-0.20250318135319-2242b2e1f465