From ca9f0451a6f1d3a3a618f53d8ad33b7583805ca8 Mon Sep 17 00:00:00 2001 From: Troels Thomsen Date: Thu, 22 Oct 2015 20:55:51 +0200 Subject: [PATCH 1/7] Use case of type name Signed-off-by: Troels Thomsen --- registry/storage/manifeststore.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/registry/storage/manifeststore.go b/registry/storage/manifeststore.go index d161fb5a5..9af225412 100644 --- a/registry/storage/manifeststore.go +++ b/registry/storage/manifeststore.go @@ -47,7 +47,7 @@ func SkipLayerVerification(ms distribution.ManifestService) error { ms.skipDependencyVerification = true return nil } - return fmt.Errorf("skip layer verification only valid for manifeststore") + return fmt.Errorf("skip layer verification only valid for manifestStore") } func (ms *manifestStore) Put(manifest *schema1.SignedManifest) error { From e8f8f4034ec41c0c0382d8f9b704be1ac96c0f74 Mon Sep 17 00:00:00 2001 From: Troels Thomsen Date: Wed, 25 Nov 2015 21:16:28 +0100 Subject: [PATCH 2/7] Remove name verification Signed-off-by: Troels Thomsen --- registry/storage/manifeststore.go | 3 --- 1 file changed, 3 deletions(-) diff --git a/registry/storage/manifeststore.go b/registry/storage/manifeststore.go index 9af225412..9c04b0031 100644 --- a/registry/storage/manifeststore.go +++ b/registry/storage/manifeststore.go @@ -106,9 +106,6 @@ func (ms *manifestStore) GetByTag(tag string, options ...distribution.ManifestSe // content, leaving trust policies of that content up to consumers. func (ms *manifestStore) verifyManifest(ctx context.Context, mnfst *schema1.SignedManifest) error { var errs distribution.ErrManifestVerification - if mnfst.Name != ms.repository.Name() { - errs = append(errs, fmt.Errorf("repository name does not match manifest name")) - } if len(mnfst.History) != len(mnfst.FSLayers) { errs = append(errs, fmt.Errorf("mismatched history and fslayer cardinality %d != %d", From 34c8194c9501e9e0baca2f0a1c618e6317df50d0 Mon Sep 17 00:00:00 2001 From: Troels Thomsen Date: Thu, 26 Nov 2015 10:28:28 +0100 Subject: [PATCH 3/7] Verify manifest name length Signed-off-by: Troels Thomsen --- registry/storage/manifeststore.go | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/registry/storage/manifeststore.go b/registry/storage/manifeststore.go index 9c04b0031..4cbfbda27 100644 --- a/registry/storage/manifeststore.go +++ b/registry/storage/manifeststore.go @@ -7,6 +7,7 @@ import ( "github.com/docker/distribution/context" "github.com/docker/distribution/digest" "github.com/docker/distribution/manifest/schema1" + "github.com/docker/distribution/reference" "github.com/docker/libtrust" ) @@ -107,6 +108,10 @@ func (ms *manifestStore) GetByTag(tag string, options ...distribution.ManifestSe func (ms *manifestStore) verifyManifest(ctx context.Context, mnfst *schema1.SignedManifest) error { var errs distribution.ErrManifestVerification + if len(mnfst.Name) > reference.NameTotalLengthMax { + errs = append(errs, fmt.Errorf("manifest name must not be more than %v characters", reference.NameTotalLengthMax)) + } + if len(mnfst.History) != len(mnfst.FSLayers) { errs = append(errs, fmt.Errorf("mismatched history and fslayer cardinality %d != %d", len(mnfst.History), len(mnfst.FSLayers))) From d309bce2d1ba7fa06fbaa29a4768651afaba72c2 Mon Sep 17 00:00:00 2001 From: Troels Thomsen Date: Thu, 26 Nov 2015 10:28:35 +0100 Subject: [PATCH 4/7] Verify manifest name format Signed-off-by: Troels Thomsen --- registry/storage/manifeststore.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/registry/storage/manifeststore.go b/registry/storage/manifeststore.go index 4cbfbda27..2505b57c7 100644 --- a/registry/storage/manifeststore.go +++ b/registry/storage/manifeststore.go @@ -112,6 +112,10 @@ func (ms *manifestStore) verifyManifest(ctx context.Context, mnfst *schema1.Sign errs = append(errs, fmt.Errorf("manifest name must not be more than %v characters", reference.NameTotalLengthMax)) } + if !reference.NameRegexp.MatchString(mnfst.Name) { + errs = append(errs, fmt.Errorf("invalid manifest name format")) + } + if len(mnfst.History) != len(mnfst.FSLayers) { errs = append(errs, fmt.Errorf("mismatched history and fslayer cardinality %d != %d", len(mnfst.History), len(mnfst.FSLayers))) From e2b4b426b4e3b291c90302d967c6a864ff01b008 Mon Sep 17 00:00:00 2001 From: Troels Thomsen Date: Tue, 1 Dec 2015 22:21:22 +0100 Subject: [PATCH 5/7] Define error type Signed-off-by: Troels Thomsen --- errors.go | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/errors.go b/errors.go index eb332d1bb..7bf720e03 100644 --- a/errors.go +++ b/errors.go @@ -89,3 +89,14 @@ type ErrManifestBlobUnknown struct { func (err ErrManifestBlobUnknown) Error() string { return fmt.Sprintf("unknown blob %v on manifest", err.Digest) } + +// ErrManifestNameInvalid should be used to denote an invalid manifest +// name. Reason may set, indicating the cause of invalidity. +type ErrManifestNameInvalid struct { + Name string + Reason error +} + +func (err ErrManifestNameInvalid) Error() string { + return fmt.Sprintf("manifest name %q invalid: %v", err.Name, err.Reason) +} From 1ece510198b47621052ddb93e703f9e138769796 Mon Sep 17 00:00:00 2001 From: Troels Thomsen Date: Tue, 1 Dec 2015 22:22:27 +0100 Subject: [PATCH 6/7] Use well-known error type Signed-off-by: Troels Thomsen --- registry/storage/manifeststore.go | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/registry/storage/manifeststore.go b/registry/storage/manifeststore.go index 2505b57c7..024c8e4bb 100644 --- a/registry/storage/manifeststore.go +++ b/registry/storage/manifeststore.go @@ -109,11 +109,19 @@ func (ms *manifestStore) verifyManifest(ctx context.Context, mnfst *schema1.Sign var errs distribution.ErrManifestVerification if len(mnfst.Name) > reference.NameTotalLengthMax { - errs = append(errs, fmt.Errorf("manifest name must not be more than %v characters", reference.NameTotalLengthMax)) + errs = append(errs, + distribution.ErrManifestNameInvalid{ + Name: mnfst.Name, + Reason: fmt.Errorf("manifest name must not be more than %v characters", reference.NameTotalLengthMax), + }) } if !reference.NameRegexp.MatchString(mnfst.Name) { - errs = append(errs, fmt.Errorf("invalid manifest name format")) + errs = append(errs, + distribution.ErrManifestNameInvalid{ + Name: mnfst.Name, + Reason: fmt.Errorf("invalid manifest name format"), + }) } if len(mnfst.History) != len(mnfst.FSLayers) { From 300ce35c121b53020858f35584fe97d12386a8c8 Mon Sep 17 00:00:00 2001 From: Troels Thomsen Date: Tue, 1 Dec 2015 22:26:37 +0100 Subject: [PATCH 7/7] Map error type to error code Signed-off-by: Troels Thomsen --- registry/handlers/images.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/registry/handlers/images.go b/registry/handlers/images.go index f753f099f..d30fce267 100644 --- a/registry/handlers/images.go +++ b/registry/handlers/images.go @@ -169,6 +169,8 @@ func (imh *imageManifestHandler) PutImageManifest(w http.ResponseWriter, r *http switch verificationError := verificationError.(type) { case distribution.ErrManifestBlobUnknown: imh.Errors = append(imh.Errors, v2.ErrorCodeManifestBlobUnknown.WithDetail(verificationError.Digest)) + case distribution.ErrManifestNameInvalid: + imh.Errors = append(imh.Errors, v2.ErrorCodeNameInvalid.WithDetail(err)) case distribution.ErrManifestUnverified: imh.Errors = append(imh.Errors, v2.ErrorCodeManifestUnverified) default: