TrueCloudLab/distribution
13
0
Fork 3
Code Issues 3 Pull requests Projects Releases 2 Packages Wiki Activity Actions
distribution/registry/storage/schema2manifesthandler.go

145 lines
4.4 KiB
Go
Raw Normal View History

Factor out schema-specific portions of manifestStore Create signedManifestHandler and schema2ManifestHandler. Use these to unmarshal and put the respective types of manifests from manifestStore. Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-12-15 02:19:34 +00:00
package storage
import (
context: remove definition of Context Back in the before time, the best practices surrounding usage of Context weren't quite worked out. We defined our own type to make usage easier. As this packaged was used elsewhere, it make it more and more challenging to integrate with the forked `Context` type. Now that it is available in the standard library, we can just use that one directly. To make usage more consistent, we now use `dcontext` when referring to the distribution context package. Signed-off-by: Stephen J Day <stephen.day@docker.com>
2017-08-11 22:31:16 +00:00
"context"
Add support for layers from foreign sources This will be used to support downloading Windows base layers from Microsoft URLs. Signed-off-by: John Starks <jostarks@microsoft.com>
2016-05-14 21:49:08 +00:00
"errors"
Factor out schema-specific portions of manifestStore Create signedManifestHandler and schema2ManifestHandler. Use these to unmarshal and put the respective types of manifests from manifestStore. Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-12-15 02:19:34 +00:00
"fmt"
Add support for layers from foreign sources This will be used to support downloading Windows base layers from Microsoft URLs. Signed-off-by: John Starks <jostarks@microsoft.com>
2016-05-14 21:49:08 +00:00
"net/url"
Factor out schema-specific portions of manifestStore Create signedManifestHandler and schema2ManifestHandler. Use these to unmarshal and put the respective types of manifests from manifestStore. Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-12-15 02:19:34 +00:00
go.mod: change imports to github.com/distribution/distribution/v3 Go 1.13 and up enforce import paths to be versioned if a project contains a go.mod and has released v2 or up. The current v2.x branches (and releases) do not yet have a go.mod, and therefore are still allowed to be imported with a non-versioned import path (go modules add a `+incompatible` annotation in that case). However, now that this project has a `go.mod` file, incompatible import paths will not be accepted by go modules, and attempting to use code from this repository will fail. This patch uses `v3` for the import-paths (not `v2`), because changing import paths itself is a breaking change, which means that the next release should increment the "major" version to comply with SemVer (as go modules dictate). Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-08-24 11:18:39 +00:00
"github.com/distribution/distribution/v3"
dcontext "github.com/distribution/distribution/v3/context"
Ignore SA1019: "schema1 is deprecated" linting errors We need to use this for backward compatibility. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-05-09 11:18:47 +00:00
"github.com/distribution/distribution/v3/manifest/schema1" //nolint:staticcheck // Ignore SA1019: "github.com/distribution/distribution/v3/manifest/schema1" is deprecated, as it's used for backward compatibility.
go.mod: change imports to github.com/distribution/distribution/v3 Go 1.13 and up enforce import paths to be versioned if a project contains a go.mod and has released v2 or up. The current v2.x branches (and releases) do not yet have a go.mod, and therefore are still allowed to be imported with a non-versioned import path (go modules add a `+incompatible` annotation in that case). However, now that this project has a `go.mod` file, incompatible import paths will not be accepted by go modules, and attempting to use code from this repository will fail. This patch uses `v3` for the import-paths (not `v2`), because changing import paths itself is a breaking change, which means that the next release should increment the "major" version to comply with SemVer (as go modules dictate). Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-08-24 11:18:39 +00:00
"github.com/distribution/distribution/v3/manifest/schema2"
digest: migrate to opencontainers/go-digest Signed-off-by: Stephen J Day <stephen.day@docker.com>
2016-12-17 00:28:34 +00:00
"github.com/opencontainers/go-digest"
Factor out schema-specific portions of manifestStore Create signedManifestHandler and schema2ManifestHandler. Use these to unmarshal and put the respective types of manifests from manifestStore. Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-12-15 02:19:34 +00:00
)
Add support for layers from foreign sources This will be used to support downloading Windows base layers from Microsoft URLs. Signed-off-by: John Starks <jostarks@microsoft.com>
2016-05-14 21:49:08 +00:00
var (
Fix gometalint errors Signed-off-by: Manish Tomar <manish.tomar@docker.com>
2019-02-05 00:01:04 +00:00
errMissingURL = errors.New("missing URL on layer")
errInvalidURL = errors.New("invalid URL on layer")
Add support for layers from foreign sources This will be used to support downloading Windows base layers from Microsoft URLs. Signed-off-by: John Starks <jostarks@microsoft.com>
2016-05-14 21:49:08 +00:00
)
format code with gofumpt gofumpt (https://github.com/mvdan/gofumpt) provides a supserset of `gofmt` / `go fmt`, and addresses various formatting issues that linters may be checking for. We can consider enabling the `gofumpt` linter to verify the formatting in CI, although not every developer may have it installed, so for now this runs it once to get formatting in shape. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-11-02 21:05:45 +00:00
// schema2ManifestHandler is a ManifestHandler that covers schema2 manifests.
Factor out schema-specific portions of manifestStore Create signedManifestHandler and schema2ManifestHandler. Use these to unmarshal and put the respective types of manifests from manifestStore. Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-12-15 02:19:34 +00:00
type schema2ManifestHandler struct {
Fix the build. Pass the manifestURL directly into the schema2 manifest handler instead of accessing through the repository as it has since the reference is now an interface. Signed-off-by: Richard Scothern <richard.scothern@docker.com>
2016-07-22 00:16:47 +00:00
repository distribution.Repository
blobStore distribution.BlobStore
ctx context.Context
manifestURLs manifestURLs
Factor out schema-specific portions of manifestStore Create signedManifestHandler and schema2ManifestHandler. Use these to unmarshal and put the respective types of manifests from manifestStore. Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-12-15 02:19:34 +00:00
}
var _ ManifestHandler = &schema2ManifestHandler{}
func (ms *schema2ManifestHandler) Unmarshal(ctx context.Context, dgst digest.Digest, content []byte) (distribution.Manifest, error) {
context: remove definition of Context Back in the before time, the best practices surrounding usage of Context weren't quite worked out. We defined our own type to make usage easier. As this packaged was used elsewhere, it make it more and more challenging to integrate with the forked `Context` type. Now that it is available in the standard library, we can just use that one directly. To make usage more consistent, we now use `dcontext` when referring to the distribution context package. Signed-off-by: Stephen J Day <stephen.day@docker.com>
2017-08-11 22:31:16 +00:00
dcontext.GetLogger(ms.ctx).Debug("(*schema2ManifestHandler).Unmarshal")
Factor out schema-specific portions of manifestStore Create signedManifestHandler and schema2ManifestHandler. Use these to unmarshal and put the respective types of manifests from manifestStore. Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-12-15 02:19:34 +00:00
Fix registry stripping newlines from manifests Content must be preserved exactly Signed-off-by: Derek McGowan <derek@mcgstyle.net>
2018-09-05 20:40:42 +00:00
m := &schema2.DeserializedManifest{}
if err := m.UnmarshalJSON(content); err != nil {
Factor out schema-specific portions of manifestStore Create signedManifestHandler and schema2ManifestHandler. Use these to unmarshal and put the respective types of manifests from manifestStore. Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-12-15 02:19:34 +00:00
return nil, err
}
Fix registry stripping newlines from manifests Content must be preserved exactly Signed-off-by: Derek McGowan <derek@mcgstyle.net>
2018-09-05 20:40:42 +00:00
return m, nil
Factor out schema-specific portions of manifestStore Create signedManifestHandler and schema2ManifestHandler. Use these to unmarshal and put the respective types of manifests from manifestStore. Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-12-15 02:19:34 +00:00
}
func (ms *schema2ManifestHandler) Put(ctx context.Context, manifest distribution.Manifest, skipDependencyVerification bool) (digest.Digest, error) {
context: remove definition of Context Back in the before time, the best practices surrounding usage of Context weren't quite worked out. We defined our own type to make usage easier. As this packaged was used elsewhere, it make it more and more challenging to integrate with the forked `Context` type. Now that it is available in the standard library, we can just use that one directly. To make usage more consistent, we now use `dcontext` when referring to the distribution context package. Signed-off-by: Stephen J Day <stephen.day@docker.com>
2017-08-11 22:31:16 +00:00
dcontext.GetLogger(ms.ctx).Debug("(*schema2ManifestHandler).Put")
Factor out schema-specific portions of manifestStore Create signedManifestHandler and schema2ManifestHandler. Use these to unmarshal and put the respective types of manifests from manifestStore. Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-12-15 02:19:34 +00:00
m, ok := manifest.(*schema2.DeserializedManifest)
if !ok {
return "", fmt.Errorf("non-schema2 manifest put to schema2ManifestHandler: %T", manifest)
}
if err := ms.verifyManifest(ms.ctx, *m, skipDependencyVerification); err != nil {
return "", err
}
mt, payload, err := m.Payload()
if err != nil {
return "", err
}
revision, err := ms.blobStore.Put(ctx, mt, payload)
if err != nil {
context: remove definition of Context Back in the before time, the best practices surrounding usage of Context weren't quite worked out. We defined our own type to make usage easier. As this packaged was used elsewhere, it make it more and more challenging to integrate with the forked `Context` type. Now that it is available in the standard library, we can just use that one directly. To make usage more consistent, we now use `dcontext` when referring to the distribution context package. Signed-off-by: Stephen J Day <stephen.day@docker.com>
2017-08-11 22:31:16 +00:00
dcontext.GetLogger(ctx).Errorf("error putting payload into blobstore: %v", err)
Factor out schema-specific portions of manifestStore Create signedManifestHandler and schema2ManifestHandler. Use these to unmarshal and put the respective types of manifests from manifestStore. Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-12-15 02:19:34 +00:00
return "", err
}
return revision.Digest, nil
}
// verifyManifest ensures that the manifest content is valid from the
Add support for manifest list ("fat manifest") Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-12-17 01:26:13 +00:00
// perspective of the registry. As a policy, the registry only tries to store
// valid content, leaving trust policies of that content up to consumers.
Factor out schema-specific portions of manifestStore Create signedManifestHandler and schema2ManifestHandler. Use these to unmarshal and put the respective types of manifests from manifestStore. Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-12-15 02:19:34 +00:00
func (ms *schema2ManifestHandler) verifyManifest(ctx context.Context, mnfst schema2.DeserializedManifest, skipDependencyVerification bool) error {
var errs distribution.ErrManifestVerification
adds validation testing for schema version values Signed-off-by: Mike Brown <brownwm@us.ibm.com>
2018-07-23 22:03:17 +00:00
if mnfst.Manifest.SchemaVersion != 2 {
return fmt.Errorf("unrecognized manifest schema version %d", mnfst.Manifest.SchemaVersion)
}
manifest: references should cover all children To allow generic manifest walking, we define an interface method of `References` that returns the referenced items in the manifest. The current implementation does not return the config target from schema2, making this useless for most applications. The garbage collector has been modified to show the utility of this correctly formed `References` method. We may be able to make more generic traversal methods with this, as well. Signed-off-by: Stephen J Day <stephen.day@docker.com>
2016-10-13 00:20:27 +00:00
if skipDependencyVerification {
return nil
}
Factor out schema-specific portions of manifestStore Create signedManifestHandler and schema2ManifestHandler. Use these to unmarshal and put the respective types of manifests from manifestStore. Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-12-15 02:19:34 +00:00
manifest: references should cover all children To allow generic manifest walking, we define an interface method of `References` that returns the referenced items in the manifest. The current implementation does not return the config target from schema2, making this useless for most applications. The garbage collector has been modified to show the utility of this correctly formed `References` method. We may be able to make more generic traversal methods with this, as well. Signed-off-by: Stephen J Day <stephen.day@docker.com>
2016-10-13 00:20:27 +00:00
manifestService, err := ms.repository.Manifests(ctx)
if err != nil {
return err
}
Factor out schema-specific portions of manifestStore Create signedManifestHandler and schema2ManifestHandler. Use these to unmarshal and put the respective types of manifests from manifestStore. Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-12-15 02:19:34 +00:00
manifest: references should cover all children To allow generic manifest walking, we define an interface method of `References` that returns the referenced items in the manifest. The current implementation does not return the config target from schema2, making this useless for most applications. The garbage collector has been modified to show the utility of this correctly formed `References` method. We may be able to make more generic traversal methods with this, as well. Signed-off-by: Stephen J Day <stephen.day@docker.com>
2016-10-13 00:20:27 +00:00
blobsService := ms.repository.Blobs(ctx)
for _, descriptor := range mnfst.References() {
registry: verify digest and check blob presence when put manifest According to OCI image spec, the descriptor's digest field is required. For the normal config/layer blobs, the valivation should check the presence of the blob when put manifest. REF: https://github.com/opencontainers/image-spec/blob/v1.0.1/descriptor.md Signed-off-by: Arko Dasgupta <arko.dasgupta@docker.com> Signed-off-by: Wei Fu <fuweid89@gmail.com>
2021-04-15 06:44:04 +00:00
err := descriptor.Digest.Validate()
if err != nil {
errs = append(errs, err, distribution.ErrManifestBlobUnknown{Digest: descriptor.Digest})
continue
}
manifest: references should cover all children To allow generic manifest walking, we define an interface method of `References` that returns the referenced items in the manifest. The current implementation does not return the config target from schema2, making this useless for most applications. The garbage collector has been modified to show the utility of this correctly formed `References` method. We may be able to make more generic traversal methods with this, as well. Signed-off-by: Stephen J Day <stephen.day@docker.com>
2016-10-13 00:20:27 +00:00
switch descriptor.MediaType {
case schema2.MediaTypeForeignLayer:
// Clients download this layer from an external URL, so do not check for
Migrate to golangci-lint Signed-off-by: Tam Mach <sayboras@yahoo.com>
2019-10-09 12:02:21 +00:00
// its presence.
manifest: references should cover all children To allow generic manifest walking, we define an interface method of `References` that returns the referenced items in the manifest. The current implementation does not return the config target from schema2, making this useless for most applications. The garbage collector has been modified to show the utility of this correctly formed `References` method. We may be able to make more generic traversal methods with this, as well. Signed-off-by: Stephen J Day <stephen.day@docker.com>
2016-10-13 00:20:27 +00:00
if len(descriptor.URLs) == 0 {
err = errMissingURL
Add support for layers from foreign sources This will be used to support downloading Windows base layers from Microsoft URLs. Signed-off-by: John Starks <jostarks@microsoft.com>
2016-05-14 21:49:08 +00:00
}
manifest: references should cover all children To allow generic manifest walking, we define an interface method of `References` that returns the referenced items in the manifest. The current implementation does not return the config target from schema2, making this useless for most applications. The garbage collector has been modified to show the utility of this correctly formed `References` method. We may be able to make more generic traversal methods with this, as well. Signed-off-by: Stephen J Day <stephen.day@docker.com>
2016-10-13 00:20:27 +00:00
allow := ms.manifestURLs.allow
deny := ms.manifestURLs.deny
for _, u := range descriptor.URLs {
var pu *url.URL
pu, err = url.Parse(u)
if err != nil || (pu.Scheme != "http" && pu.Scheme != "https") || pu.Fragment != "" || (allow != nil && !allow.MatchString(u)) || (deny != nil && deny.MatchString(u)) {
err = errInvalidURL
break
Factor out schema-specific portions of manifestStore Create signedManifestHandler and schema2ManifestHandler. Use these to unmarshal and put the respective types of manifests from manifestStore. Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-12-15 02:19:34 +00:00
}
manifest: references should cover all children To allow generic manifest walking, we define an interface method of `References` that returns the referenced items in the manifest. The current implementation does not return the config target from schema2, making this useless for most applications. The garbage collector has been modified to show the utility of this correctly formed `References` method. We may be able to make more generic traversal methods with this, as well. Signed-off-by: Stephen J Day <stephen.day@docker.com>
2016-10-13 00:20:27 +00:00
}
Ignore SA1019: "schema1 is deprecated" linting errors We need to use this for backward compatibility. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-05-09 11:18:47 +00:00
case schema2.MediaTypeManifest, schema1.MediaTypeManifest: //nolint:staticcheck // Ignore SA1019: "github.com/distribution/distribution/v3/manifest/schema1" is deprecated, as it's used for backward compatibility.
manifest: references should cover all children To allow generic manifest walking, we define an interface method of `References` that returns the referenced items in the manifest. The current implementation does not return the config target from schema2, making this useless for most applications. The garbage collector has been modified to show the utility of this correctly formed `References` method. We may be able to make more generic traversal methods with this, as well. Signed-off-by: Stephen J Day <stephen.day@docker.com>
2016-10-13 00:20:27 +00:00
var exists bool
exists, err = manifestService.Exists(ctx, descriptor.Digest)
if err != nil || !exists {
err = distribution.ErrBlobUnknown // just coerce to unknown.
}
registry: verify digest and check blob presence when put manifest According to OCI image spec, the descriptor's digest field is required. For the normal config/layer blobs, the valivation should check the presence of the blob when put manifest. REF: https://github.com/opencontainers/image-spec/blob/v1.0.1/descriptor.md Signed-off-by: Arko Dasgupta <arko.dasgupta@docker.com> Signed-off-by: Wei Fu <fuweid89@gmail.com>
2021-04-15 06:44:04 +00:00
if err != nil {
dcontext.GetLogger(ms.ctx).WithError(err).Debugf("failed to ensure exists of %v in manifest service", descriptor.Digest)
}
manifest: references should cover all children To allow generic manifest walking, we define an interface method of `References` that returns the referenced items in the manifest. The current implementation does not return the config target from schema2, making this useless for most applications. The garbage collector has been modified to show the utility of this correctly formed `References` method. We may be able to make more generic traversal methods with this, as well. Signed-off-by: Stephen J Day <stephen.day@docker.com>
2016-10-13 00:20:27 +00:00
fallthrough // double check the blob store.
default:
registry: verify digest and check blob presence when put manifest According to OCI image spec, the descriptor's digest field is required. For the normal config/layer blobs, the valivation should check the presence of the blob when put manifest. REF: https://github.com/opencontainers/image-spec/blob/v1.0.1/descriptor.md Signed-off-by: Arko Dasgupta <arko.dasgupta@docker.com> Signed-off-by: Wei Fu <fuweid89@gmail.com>
2021-04-15 06:44:04 +00:00
// check its presence
_, err = blobsService.Stat(ctx, descriptor.Digest)
manifest: references should cover all children To allow generic manifest walking, we define an interface method of `References` that returns the referenced items in the manifest. The current implementation does not return the config target from schema2, making this useless for most applications. The garbage collector has been modified to show the utility of this correctly formed `References` method. We may be able to make more generic traversal methods with this, as well. Signed-off-by: Stephen J Day <stephen.day@docker.com>
2016-10-13 00:20:27 +00:00
}
Factor out schema-specific portions of manifestStore Create signedManifestHandler and schema2ManifestHandler. Use these to unmarshal and put the respective types of manifests from manifestStore. Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-12-15 02:19:34 +00:00
manifest: references should cover all children To allow generic manifest walking, we define an interface method of `References` that returns the referenced items in the manifest. The current implementation does not return the config target from schema2, making this useless for most applications. The garbage collector has been modified to show the utility of this correctly formed `References` method. We may be able to make more generic traversal methods with this, as well. Signed-off-by: Stephen J Day <stephen.day@docker.com>
2016-10-13 00:20:27 +00:00
if err != nil {
if err != distribution.ErrBlobUnknown {
errs = append(errs, err)
Factor out schema-specific portions of manifestStore Create signedManifestHandler and schema2ManifestHandler. Use these to unmarshal and put the respective types of manifests from manifestStore. Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-12-15 02:19:34 +00:00
}
manifest: references should cover all children To allow generic manifest walking, we define an interface method of `References` that returns the referenced items in the manifest. The current implementation does not return the config target from schema2, making this useless for most applications. The garbage collector has been modified to show the utility of this correctly formed `References` method. We may be able to make more generic traversal methods with this, as well. Signed-off-by: Stephen J Day <stephen.day@docker.com>
2016-10-13 00:20:27 +00:00
// On error here, we always append unknown blob errors.
errs = append(errs, distribution.ErrManifestBlobUnknown{Digest: descriptor.Digest})
Factor out schema-specific portions of manifestStore Create signedManifestHandler and schema2ManifestHandler. Use these to unmarshal and put the respective types of manifests from manifestStore. Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-12-15 02:19:34 +00:00
}
}
manifest: references should cover all children To allow generic manifest walking, we define an interface method of `References` that returns the referenced items in the manifest. The current implementation does not return the config target from schema2, making this useless for most applications. The garbage collector has been modified to show the utility of this correctly formed `References` method. We may be able to make more generic traversal methods with this, as well. Signed-off-by: Stephen J Day <stephen.day@docker.com>
2016-10-13 00:20:27 +00:00
Factor out schema-specific portions of manifestStore Create signedManifestHandler and schema2ManifestHandler. Use these to unmarshal and put the respective types of manifests from manifestStore. Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-12-15 02:19:34 +00:00
if len(errs) != 0 {
return errs
}
return nil
}
Reference in a new issue Copy permalink