0ecc759684
To ensure manifest integrity when pulling by digest, this changeset ensures that not only the remote digest provided by the registry is verified but also that the digest provided on the command line is checked, as well. If this check fails, the pull is cancelled as with an error. Inspection also should that while layers were being verified against their digests, the error was being treated as tech preview image signing verification error. This, in fact, is not a tech preview and opens up the docker daemon to man in the middle attacks that can be avoided with the v2 registry protocol. As a matter of cleanliness, the digest package from the distribution project has been updated to latest version. There were some recent improvements in the digest package. Signed-off-by: Stephen J Day <stephen.day@docker.com> |
||
|---|---|---|
| .. | ||
| auth.go | ||
| auth_test.go | ||
| authchallenge.go | ||
| config.go | ||
| config_test.go | ||
| endpoint.go | ||
| endpoint_test.go | ||
| registry.go | ||
| registry_mock_test.go | ||
| registry_test.go | ||
| service.go | ||
| session.go | ||
| session_v2.go | ||
| token.go | ||
| types.go | ||