distribution/storage/revisionstore.go

package storage

import (
	"encoding/json"
	"path"

	"github.com/Sirupsen/logrus"
	"github.com/docker/distribution/digest"
	"github.com/docker/distribution/manifest"
	"github.com/docker/distribution/storagedriver"
	"github.com/docker/libtrust"
)

// revisionStore supports storing and managing manifest revisions.
type revisionStore struct {
	driver     storagedriver.StorageDriver
	pathMapper *pathMapper
	blobStore  *blobStore
}

// exists returns true if the revision is available in the named repository.
func (rs *revisionStore) exists(name string, revision digest.Digest) (bool, error) {
	revpath, err := rs.pathMapper.path(manifestRevisionPathSpec{
		name:     name,
		revision: revision,
	})

	if err != nil {
		return false, err
	}

	exists, err := exists(rs.driver, revpath)
	if err != nil {
		return false, err
	}

	return exists, nil
}

// get retrieves the manifest, keyed by revision digest.
func (rs *revisionStore) get(name string, revision digest.Digest) (*manifest.SignedManifest, error) {
	// Ensure that this revision is available in this repository.
	if exists, err := rs.exists(name, revision); err != nil {
		return nil, err
	} else if !exists {
		return nil, ErrUnknownManifestRevision{
			Name:     name,
			Revision: revision,
		}
	}

	content, err := rs.blobStore.get(revision)
	if err != nil {
		return nil, err
	}

	// Fetch the signatures for the manifest
	signatures, err := rs.getSignatures(name, revision)
	if err != nil {
		return nil, err
	}

	logrus.Infof("retrieved signatures: %v", string(signatures[0]))

	jsig, err := libtrust.NewJSONSignature(content, signatures...)
	if err != nil {
		return nil, err
	}

	// Extract the pretty JWS
	raw, err := jsig.PrettySignature("signatures")
	if err != nil {
		return nil, err
	}

	var sm manifest.SignedManifest
	if err := json.Unmarshal(raw, &sm); err != nil {
		return nil, err
	}

	return &sm, nil
}

// put stores the manifest in the repository, if not already present. Any
// updated signatures will be stored, as well.
func (rs *revisionStore) put(name string, sm *manifest.SignedManifest) (digest.Digest, error) {
	jsig, err := libtrust.ParsePrettySignature(sm.Raw, "signatures")
	if err != nil {
		return "", err
	}

	// Resolve the payload in the manifest.
	payload, err := jsig.Payload()
	if err != nil {
		return "", err
	}

	// Digest and store the manifest payload in the blob store.
	revision, err := rs.blobStore.put(payload)
	if err != nil {
		logrus.Errorf("error putting payload into blobstore: %v", err)
		return "", err
	}

	// Link the revision into the repository.
	if err := rs.link(name, revision); err != nil {
		return "", err
	}

	// Grab each json signature and store them.
	signatures, err := jsig.Signatures()
	if err != nil {
		return "", err
	}

	for _, signature := range signatures {
		if err := rs.putSignature(name, revision, signature); err != nil {
			return "", err
		}
	}

	return revision, nil
}

// link links the revision into the repository.
func (rs *revisionStore) link(name string, revision digest.Digest) error {
	revisionPath, err := rs.pathMapper.path(manifestRevisionLinkPathSpec{
		name:     name,
		revision: revision,
	})

	if err != nil {
		return err
	}

	if exists, err := exists(rs.driver, revisionPath); err != nil {
		return err
	} else if exists {
		// Revision has already been linked!
		return nil
	}

	return rs.blobStore.link(revisionPath, revision)
}

// delete removes the specified manifest revision from storage.
func (rs *revisionStore) delete(name string, revision digest.Digest) error {
	revisionPath, err := rs.pathMapper.path(manifestRevisionPathSpec{
		name:     name,
		revision: revision,
	})

	if err != nil {
		return err
	}

	return rs.driver.Delete(revisionPath)
}

// getSignatures retrieves all of the signature blobs for the specified
// manifest revision.
func (rs *revisionStore) getSignatures(name string, revision digest.Digest) ([][]byte, error) {
	signaturesPath, err := rs.pathMapper.path(manifestSignaturesPathSpec{
		name:     name,
		revision: revision,
	})

	if err != nil {
		return nil, err
	}

	// Need to append signature digest algorithm to path to get all items.
	// Perhaps, this should be in the pathMapper but it feels awkward. This
	// can be eliminated by implementing listAll on drivers.
	signaturesPath = path.Join(signaturesPath, "sha256")

	signaturePaths, err := rs.driver.List(signaturesPath)
	if err != nil {
		return nil, err
	}

	var signatures [][]byte
	for _, sigPath := range signaturePaths {
		// Append the link portion
		sigPath = path.Join(sigPath, "link")

		// TODO(stevvooe): These fetches should be parallelized for performance.
		p, err := rs.blobStore.linked(sigPath)
		if err != nil {
			return nil, err
		}

		signatures = append(signatures, p)
	}

	return signatures, nil
}

// putSignature stores the signature for the provided manifest revision.
func (rs *revisionStore) putSignature(name string, revision digest.Digest, signature []byte) error {
	signatureDigest, err := rs.blobStore.put(signature)
	if err != nil {
		return err
	}

	signaturePath, err := rs.pathMapper.path(manifestSignatureLinkPathSpec{
		name:      name,
		revision:  revision,
		signature: signatureDigest,
	})

	if err != nil {
		return err
	}

	return rs.blobStore.link(signaturePath, signatureDigest)
}