distribution/registry/storage/ocimanifesthandler.go

package storage

import (
	"context"
	"fmt"
	"net/url"

	"github.com/distribution/distribution/v3"
	"github.com/distribution/distribution/v3/internal/dcontext"
	"github.com/distribution/distribution/v3/manifest/ocischema"
	"github.com/opencontainers/go-digest"
	v1 "github.com/opencontainers/image-spec/specs-go/v1"
)

// ocischemaManifestHandler is a ManifestHandler that covers ocischema manifests.
type ocischemaManifestHandler struct {
	repository   distribution.Repository
	blobStore    distribution.BlobStore
	ctx          context.Context
	manifestURLs manifestURLs
}

var _ ManifestHandler = &ocischemaManifestHandler{}

func (ms *ocischemaManifestHandler) Unmarshal(ctx context.Context, dgst digest.Digest, content []byte) (distribution.Manifest, error) {
	dcontext.GetLogger(ms.ctx).Debug("(*ocischemaManifestHandler).Unmarshal")

	m := &ocischema.DeserializedManifest{}
	if err := m.UnmarshalJSON(content); err != nil {
		return nil, err
	}

	return m, nil
}

func (ms *ocischemaManifestHandler) Put(ctx context.Context, manifest distribution.Manifest, skipDependencyVerification bool) (digest.Digest, error) {
	dcontext.GetLogger(ms.ctx).Debug("(*ocischemaManifestHandler).Put")

	m, ok := manifest.(*ocischema.DeserializedManifest)
	if !ok {
		return "", fmt.Errorf("non-ocischema manifest put to ocischemaManifestHandler: %T", manifest)
	}

	if err := ms.verifyManifest(ms.ctx, *m, skipDependencyVerification); err != nil {
		return "", err
	}

	mt, payload, err := m.Payload()
	if err != nil {
		return "", err
	}

	revision, err := ms.blobStore.Put(ctx, mt, payload)
	if err != nil {
		dcontext.GetLogger(ctx).Errorf("error putting payload into blobstore: %v", err)
		return "", err
	}

	return revision.Digest, nil
}

// verifyManifest ensures that the manifest content is valid from the
// perspective of the registry. As a policy, the registry only tries to store
// valid content, leaving trust policies of that content up to consumers.
func (ms *ocischemaManifestHandler) verifyManifest(ctx context.Context, mnfst ocischema.DeserializedManifest, skipDependencyVerification bool) error {
	var errs distribution.ErrManifestVerification

	if mnfst.Manifest.SchemaVersion != 2 {
		return fmt.Errorf("unrecognized manifest schema version %d", mnfst.Manifest.SchemaVersion)
	}

	if skipDependencyVerification {
		return nil
	}

	manifestService, err := ms.repository.Manifests(ctx)
	if err != nil {
		return err
	}

	blobsService := ms.repository.Blobs(ctx)

	for _, descriptor := range mnfst.References() {
		err := descriptor.Digest.Validate()
		if err != nil {
			errs = append(errs, err, distribution.ErrManifestBlobUnknown{Digest: descriptor.Digest})
			continue
		}

		switch descriptor.MediaType {
		case v1.MediaTypeImageLayer, v1.MediaTypeImageLayerGzip, v1.MediaTypeImageLayerNonDistributable, v1.MediaTypeImageLayerNonDistributableGzip: //nolint:staticcheck // ignore A1019: v1.MediaTypeImageLayerNonDistributable is deprecated: Non-distributable layers are deprecated, and not recommended for future use.
			allow := ms.manifestURLs.allow
			deny := ms.manifestURLs.deny
			for _, u := range descriptor.URLs {
				var pu *url.URL
				pu, err = url.Parse(u)
				if err != nil || (pu.Scheme != "http" && pu.Scheme != "https") || pu.Fragment != "" || (allow != nil && !allow.MatchString(u)) || (deny != nil && deny.MatchString(u)) {
					err = errInvalidURL
					break
				}
			}
			if err == nil {
				// check the presence if it is normal layer or
				// there is no urls for non-distributable
				if len(descriptor.URLs) == 0 ||
					(descriptor.MediaType == v1.MediaTypeImageLayer || descriptor.MediaType == v1.MediaTypeImageLayerGzip) {

					_, err = blobsService.Stat(ctx, descriptor.Digest)
				}
			}

		case v1.MediaTypeImageManifest:
			var exists bool
			exists, err = manifestService.Exists(ctx, descriptor.Digest)
			if err != nil || !exists {
				err = distribution.ErrBlobUnknown // just coerce to unknown.
			}

			if err != nil {
				dcontext.GetLogger(ms.ctx).WithError(err).Debugf("failed to ensure exists of %v in manifest service", descriptor.Digest)
			}
			fallthrough // double check the blob store.
		default:
			// check the presence
			_, err = blobsService.Stat(ctx, descriptor.Digest)
		}

		if err != nil {
			if err != distribution.ErrBlobUnknown {
				errs = append(errs, err)
			}

			// On error here, we always append unknown blob errors.
			errs = append(errs, distribution.ErrManifestBlobUnknown{Digest: descriptor.Digest})
		}
	}

	if len(errs) != 0 {
		return errs
	}

	return nil
}
add an ocischema manifest handler for the registry Signed-off-by: Mike Brown <brownwm@us.ibm.com> 2017-07-10 23:09:10 +00:00			`package storage`

			`import (`
folow commit 9c88801a12a97de49abf26e9604975eececa654c Signed-off-by: Mike Brown <brownwm@us.ibm.com> 2017-09-01 02:14:40 +00:00			`"context"`
add an ocischema manifest handler for the registry Signed-off-by: Mike Brown <brownwm@us.ibm.com> 2017-07-10 23:09:10 +00:00			`"fmt"`
update url policy support; testing for annoations in index Signed-off-by: Mike Brown <brownwm@us.ibm.com> 2017-08-01 22:27:52 +00:00			`"net/url"`
add an ocischema manifest handler for the registry Signed-off-by: Mike Brown <brownwm@us.ibm.com> 2017-07-10 23:09:10 +00:00
go.mod: change imports to github.com/distribution/distribution/v3 Go 1.13 and up enforce import paths to be versioned if a project contains a go.mod and has released v2 or up. The current v2.x branches (and releases) do not yet have a go.mod, and therefore are still allowed to be imported with a non-versioned import path (go modules add a `+incompatible` annotation in that case). However, now that this project has a `go.mod` file, incompatible import paths will not be accepted by go modules, and attempting to use code from this repository will fail. This patch uses `v3` for the import-paths (not `v2`), because changing import paths itself is a breaking change, which means that the next release should increment the "major" version to comply with SemVer (as go modules dictate). Signed-off-by: Sebastiaan van Stijn <github@gone.nl> 2020-08-24 11:18:39 +00:00			`"github.com/distribution/distribution/v3"`
Move context package internal Our context package predates the establishment of current best practices regarding context usage and it shows. It encourages bad practices such as using contexts to propagate non-request-scoped values like the application version and using string-typed keys for context values. Move the package internal to remove it from the API surface of distribution/v3@v3.0.0 so we are free to iterate on it without being constrained by compatibility. Signed-off-by: Cory Snider <csnider@mirantis.com> 2023-10-24 17:16:58 +00:00			`"github.com/distribution/distribution/v3/internal/dcontext"`
go.mod: change imports to github.com/distribution/distribution/v3 Go 1.13 and up enforce import paths to be versioned if a project contains a go.mod and has released v2 or up. The current v2.x branches (and releases) do not yet have a go.mod, and therefore are still allowed to be imported with a non-versioned import path (go modules add a `+incompatible` annotation in that case). However, now that this project has a `go.mod` file, incompatible import paths will not be accepted by go modules, and attempting to use code from this repository will fail. This patch uses `v3` for the import-paths (not `v2`), because changing import paths itself is a breaking change, which means that the next release should increment the "major" version to comply with SemVer (as go modules dictate). Signed-off-by: Sebastiaan van Stijn <github@gone.nl> 2020-08-24 11:18:39 +00:00			`"github.com/distribution/distribution/v3/manifest/ocischema"`
add an ocischema manifest handler for the registry Signed-off-by: Mike Brown <brownwm@us.ibm.com> 2017-07-10 23:09:10 +00:00			`"github.com/opencontainers/go-digest"`
Migrate to golangci-lint Signed-off-by: Tam Mach <sayboras@yahoo.com> 2019-10-09 12:02:21 +00:00			`v1 "github.com/opencontainers/image-spec/specs-go/v1"`
add an ocischema manifest handler for the registry Signed-off-by: Mike Brown <brownwm@us.ibm.com> 2017-07-10 23:09:10 +00:00			`)`

format code with gofumpt gofumpt (https://github.com/mvdan/gofumpt) provides a supserset of `gofmt` / `go fmt`, and addresses various formatting issues that linters may be checking for. We can consider enabling the `gofumpt` linter to verify the formatting in CI, although not every developer may have it installed, so for now this runs it once to get formatting in shape. Signed-off-by: Sebastiaan van Stijn <github@gone.nl> 2022-11-02 21:05:45 +00:00			`// ocischemaManifestHandler is a ManifestHandler that covers ocischema manifests.`
add an ocischema manifest handler for the registry Signed-off-by: Mike Brown <brownwm@us.ibm.com> 2017-07-10 23:09:10 +00:00			`type ocischemaManifestHandler struct {`
			`repository distribution.Repository`
			`blobStore distribution.BlobStore`
			`ctx context.Context`
			`manifestURLs manifestURLs`
			`}`

			`var _ ManifestHandler = &ocischemaManifestHandler{}`

			`func (ms *ocischemaManifestHandler) Unmarshal(ctx context.Context, dgst digest.Digest, content []byte) (distribution.Manifest, error) {`
folow commit 9c88801a12a97de49abf26e9604975eececa654c Signed-off-by: Mike Brown <brownwm@us.ibm.com> 2017-09-01 02:14:40 +00:00			`dcontext.GetLogger(ms.ctx).Debug("(*ocischemaManifestHandler).Unmarshal")`
add an ocischema manifest handler for the registry Signed-off-by: Mike Brown <brownwm@us.ibm.com> 2017-07-10 23:09:10 +00:00
Fix registry stripping newlines from manifests Content must be preserved exactly Signed-off-by: Derek McGowan <derek@mcgstyle.net> 2018-09-05 20:40:42 +00:00			`m := &ocischema.DeserializedManifest{}`
			`if err := m.UnmarshalJSON(content); err != nil {`
add an ocischema manifest handler for the registry Signed-off-by: Mike Brown <brownwm@us.ibm.com> 2017-07-10 23:09:10 +00:00			`return nil, err`
			`}`

Fix registry stripping newlines from manifests Content must be preserved exactly Signed-off-by: Derek McGowan <derek@mcgstyle.net> 2018-09-05 20:40:42 +00:00			`return m, nil`
add an ocischema manifest handler for the registry Signed-off-by: Mike Brown <brownwm@us.ibm.com> 2017-07-10 23:09:10 +00:00			`}`

			`func (ms *ocischemaManifestHandler) Put(ctx context.Context, manifest distribution.Manifest, skipDependencyVerification bool) (digest.Digest, error) {`
folow commit 9c88801a12a97de49abf26e9604975eececa654c Signed-off-by: Mike Brown <brownwm@us.ibm.com> 2017-09-01 02:14:40 +00:00			`dcontext.GetLogger(ms.ctx).Debug("(*ocischemaManifestHandler).Put")`
add an ocischema manifest handler for the registry Signed-off-by: Mike Brown <brownwm@us.ibm.com> 2017-07-10 23:09:10 +00:00
			`m, ok := manifest.(*ocischema.DeserializedManifest)`
			`if !ok {`
			`return "", fmt.Errorf("non-ocischema manifest put to ocischemaManifestHandler: %T", manifest)`
			`}`

			`if err := ms.verifyManifest(ms.ctx, *m, skipDependencyVerification); err != nil {`
			`return "", err`
			`}`

			`mt, payload, err := m.Payload()`
			`if err != nil {`
			`return "", err`
			`}`

			`revision, err := ms.blobStore.Put(ctx, mt, payload)`
			`if err != nil {`
folow commit 9c88801a12a97de49abf26e9604975eececa654c Signed-off-by: Mike Brown <brownwm@us.ibm.com> 2017-09-01 02:14:40 +00:00			`dcontext.GetLogger(ctx).Errorf("error putting payload into blobstore: %v", err)`
add an ocischema manifest handler for the registry Signed-off-by: Mike Brown <brownwm@us.ibm.com> 2017-07-10 23:09:10 +00:00			`return "", err`
			`}`

			`return revision.Digest, nil`
			`}`

			`// verifyManifest ensures that the manifest content is valid from the`
			`// perspective of the registry. As a policy, the registry only tries to store`
			`// valid content, leaving trust policies of that content up to consumers.`
			`func (ms *ocischemaManifestHandler) verifyManifest(ctx context.Context, mnfst ocischema.DeserializedManifest, skipDependencyVerification bool) error {`
			`var errs distribution.ErrManifestVerification`

adds validation testing for schema version values Signed-off-by: Mike Brown <brownwm@us.ibm.com> 2018-07-23 22:03:17 +00:00			`if mnfst.Manifest.SchemaVersion != 2 {`
			`return fmt.Errorf("unrecognized manifest schema version %d", mnfst.Manifest.SchemaVersion)`
			`}`

add an ocischema manifest handler for the registry Signed-off-by: Mike Brown <brownwm@us.ibm.com> 2017-07-10 23:09:10 +00:00			`if skipDependencyVerification {`
			`return nil`
			`}`

			`manifestService, err := ms.repository.Manifests(ctx)`
			`if err != nil {`
			`return err`
			`}`

			`blobsService := ms.repository.Blobs(ctx)`

			`for _, descriptor := range mnfst.References() {`
registry: verify digest and check blob presence when put manifest According to OCI image spec, the descriptor's digest field is required. For the normal config/layer blobs, the valivation should check the presence of the blob when put manifest. REF: https://github.com/opencontainers/image-spec/blob/v1.0.1/descriptor.md Signed-off-by: Arko Dasgupta <arko.dasgupta@docker.com> Signed-off-by: Wei Fu <fuweid89@gmail.com> 2021-04-15 06:44:04 +00:00			`err := descriptor.Digest.Validate()`
			`if err != nil {`
			`errs = append(errs, err, distribution.ErrManifestBlobUnknown{Digest: descriptor.Digest})`
			`continue`
			`}`
add an ocischema manifest handler for the registry Signed-off-by: Mike Brown <brownwm@us.ibm.com> 2017-07-10 23:09:10 +00:00
			`switch descriptor.MediaType {`
vendor: github.com/opencontainers/image-spec v1.1.0 full diff: https://github.com/opencontainers/image-spec/compare/v1.0.2...v1.1.0 Signed-off-by: Sebastiaan van Stijn <github@gone.nl> 2023-04-30 17:01:20 +00:00			`case v1.MediaTypeImageLayer, v1.MediaTypeImageLayerGzip, v1.MediaTypeImageLayerNonDistributable, v1.MediaTypeImageLayerNonDistributableGzip: //nolint:staticcheck // ignore A1019: v1.MediaTypeImageLayerNonDistributable is deprecated: Non-distributable layers are deprecated, and not recommended for future use.`
update url policy support; testing for annoations in index Signed-off-by: Mike Brown <brownwm@us.ibm.com> 2017-08-01 22:27:52 +00:00			`allow := ms.manifestURLs.allow`
			`deny := ms.manifestURLs.deny`
			`for _, u := range descriptor.URLs {`
			`var pu *url.URL`
			`pu, err = url.Parse(u)`
			`if err != nil \|\| (pu.Scheme != "http" && pu.Scheme != "https") \|\| pu.Fragment != "" \|\| (allow != nil && !allow.MatchString(u)) \|\| (deny != nil && deny.MatchString(u)) {`
			`err = errInvalidURL`
			`break`
			`}`
			`}`
registry: verify digest and check blob presence when put manifest According to OCI image spec, the descriptor's digest field is required. For the normal config/layer blobs, the valivation should check the presence of the blob when put manifest. REF: https://github.com/opencontainers/image-spec/blob/v1.0.1/descriptor.md Signed-off-by: Arko Dasgupta <arko.dasgupta@docker.com> Signed-off-by: Wei Fu <fuweid89@gmail.com> 2021-04-15 06:44:04 +00:00			`if err == nil {`
			`// check the presence if it is normal layer or`
			`// there is no urls for non-distributable`
			`if len(descriptor.URLs) == 0 \|\|`
			`(descriptor.MediaType == v1.MediaTypeImageLayer \|\| descriptor.MediaType == v1.MediaTypeImageLayerGzip) {`

			`_, err = blobsService.Stat(ctx, descriptor.Digest)`
			`}`
update url policy support; testing for annoations in index Signed-off-by: Mike Brown <brownwm@us.ibm.com> 2017-08-01 22:27:52 +00:00			`}`

OCI media types; annotation support; oci index Signed-off-by: Mike Brown <brownwm@us.ibm.com> 2017-07-11 19:19:47 +00:00			`case v1.MediaTypeImageManifest:`
add an ocischema manifest handler for the registry Signed-off-by: Mike Brown <brownwm@us.ibm.com> 2017-07-10 23:09:10 +00:00			`var exists bool`
			`exists, err = manifestService.Exists(ctx, descriptor.Digest)`
			`if err != nil \|\| !exists {`
			`err = distribution.ErrBlobUnknown // just coerce to unknown.`
			`}`

registry: verify digest and check blob presence when put manifest According to OCI image spec, the descriptor's digest field is required. For the normal config/layer blobs, the valivation should check the presence of the blob when put manifest. REF: https://github.com/opencontainers/image-spec/blob/v1.0.1/descriptor.md Signed-off-by: Arko Dasgupta <arko.dasgupta@docker.com> Signed-off-by: Wei Fu <fuweid89@gmail.com> 2021-04-15 06:44:04 +00:00			`if err != nil {`
			`dcontext.GetLogger(ms.ctx).WithError(err).Debugf("failed to ensure exists of %v in manifest service", descriptor.Digest)`
			`}`
add an ocischema manifest handler for the registry Signed-off-by: Mike Brown <brownwm@us.ibm.com> 2017-07-10 23:09:10 +00:00			`fallthrough // double check the blob store.`
			`default:`
registry: verify digest and check blob presence when put manifest According to OCI image spec, the descriptor's digest field is required. For the normal config/layer blobs, the valivation should check the presence of the blob when put manifest. REF: https://github.com/opencontainers/image-spec/blob/v1.0.1/descriptor.md Signed-off-by: Arko Dasgupta <arko.dasgupta@docker.com> Signed-off-by: Wei Fu <fuweid89@gmail.com> 2021-04-15 06:44:04 +00:00			`// check the presence`
			`_, err = blobsService.Stat(ctx, descriptor.Digest)`
add an ocischema manifest handler for the registry Signed-off-by: Mike Brown <brownwm@us.ibm.com> 2017-07-10 23:09:10 +00:00			`}`

			`if err != nil {`
			`if err != distribution.ErrBlobUnknown {`
			`errs = append(errs, err)`
			`}`

			`// On error here, we always append unknown blob errors.`
			`errs = append(errs, distribution.ErrManifestBlobUnknown{Digest: descriptor.Digest})`
			`}`
			`}`

			`if len(errs) != 0 {`
			`return errs`
			`}`

			`return nil`
			`}`