containers
/
automation-tests
mirror of https://github.com/containers/automation-tests.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Don't look for the binary digest when pulling layers 

This code path is usually never triggered because
the annotations are present; and it was broken until recently.

Remove it to simplify the code and analysis.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
This commit is contained in:
Miloslav Trmač 2024-04-22 22:20:13 +02:00
parent 8dac32c027
commit ea3e384742
4 changed files with 16 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
storage/pkg/chunked/compression_linux.go
View File

@ -132,48 +132,16 @@ func readEstargzChunkedManifest(blobStream ImageSourceSeekable, blobSize int64,
return manifestUncompressed, tocOffset, nil return manifestUncompressed, tocOffset, nil
} }
// readZstdChunkedManifest reads the zstd:chunked manifest from the seekable stream blobStream. The blob total size must // readZstdChunkedManifest reads the zstd:chunked manifest from the seekable stream blobStream.
// be specified. func readZstdChunkedManifest(blobStream ImageSourceSeekable, tocDigest digest.Digest, annotations map[string]string) ([]byte, []byte, int64, error) {
// This function uses the io.github.containers.zstd-chunked. annotations when specified. offsetMetadata := annotations[internal.ManifestInfoKey]
func readZstdChunkedManifest(blobStream ImageSourceSeekable, blobSize int64, tocDigest digest.Digest, annotations map[string]string) ([]byte, []byte, int64, error) { if offsetMetadata == "" {
footerSize := int64(internal.FooterSizeSupported) return nil, nil, 0, fmt.Errorf("%q annotation missing", internal.ManifestInfoKey)
if blobSize <= footerSize {
return nil, nil, 0, errors.New("blob too small")
} }
var footerData internal.ZstdChunkedFooterData footerData, err := internal.ReadFooterDataFromAnnotations(annotations)
if err != nil {
if offsetMetadata := annotations[internal.ManifestInfoKey]; offsetMetadata != "" { return nil, nil, 0, err
var err error
footerData, err = internal.ReadFooterDataFromAnnotations(annotations)
if err != nil {
return nil, nil, 0, err
}
} else {
chunk := ImageSourceChunk{
Offset: uint64(blobSize - footerSize),
Length: uint64(footerSize),
}
parts, errs, err := blobStream.GetBlobAt([]ImageSourceChunk{chunk})
if err != nil {
return nil, nil, 0, err
}
var reader io.ReadCloser
select {
case r := <-parts:
reader = r
case err := <-errs:
return nil, nil, 0, err
}
footer := make([]byte, footerSize)
if _, err := io.ReadFull(reader, footer); err != nil {
return nil, nil, 0, err
}
footerData, err = internal.ReadFooterDataFromBlob(footer)
if err != nil {
return nil, nil, 0, err
}
} }
if footerData.ManifestType != internal.ManifestTypeCRFS { if footerData.ManifestType != internal.ManifestTypeCRFS {

5
storage/pkg/chunked/internal/compression.go
View File

@ -200,6 +200,11 @@ func ZstdWriterWithLevel(dest io.Writer, level int) (*zstd.Encoder, error) {
} }
// ZstdChunkedFooterData contains all the data stored in the zstd:chunked footer. // ZstdChunkedFooterData contains all the data stored in the zstd:chunked footer.
// This footer exists to make the blobs self-describing, our implementation
// never reads it:
// Partial pull security hinges on the TOC digest, and that exists as a layer annotation;
// so we are relying on the layer annotations anyway, and doing so means we can avoid
// a round-trip to fetch this binary footer.
type ZstdChunkedFooterData struct { type ZstdChunkedFooterData struct {
ManifestType uint64 ManifestType uint64

4
storage/pkg/chunked/storage_linux.go
View File

@ -314,7 +314,7 @@ func makeConvertFromRawDiffer(ctx context.Context, store storage.Store, blobDige
} }
func makeZstdChunkedDiffer(ctx context.Context, store storage.Store, blobSize int64, tocDigest digest.Digest, annotations map[string]string, iss ImageSourceSeekable, storeOpts *types.StoreOptions) (*chunkedDiffer, error) { func makeZstdChunkedDiffer(ctx context.Context, store storage.Store, blobSize int64, tocDigest digest.Digest, annotations map[string]string, iss ImageSourceSeekable, storeOpts *types.StoreOptions) (*chunkedDiffer, error) {
manifest, tarSplit, tocOffset, err := readZstdChunkedManifest(iss, blobSize, tocDigest, annotations) manifest, tarSplit, tocOffset, err := readZstdChunkedManifest(iss, tocDigest, annotations)
if err != nil { if err != nil {
return nil, fmt.Errorf("read zstd:chunked manifest: %w", err) return nil, fmt.Errorf("read zstd:chunked manifest: %w", err)
} }
@ -1701,7 +1701,7 @@ func (c *chunkedDiffer) ApplyDiff(dest string, options *archive.TarOptions, diff
if tocDigest == nil { if tocDigest == nil {
return graphdriver.DriverWithDifferOutput{}, fmt.Errorf("internal error: just-created zstd:chunked missing TOC digest") return graphdriver.DriverWithDifferOutput{}, fmt.Errorf("internal error: just-created zstd:chunked missing TOC digest")
} }
manifest, tarSplit, tocOffset, err := readZstdChunkedManifest(fileSource, c.blobSize, *tocDigest, annotations) manifest, tarSplit, tocOffset, err := readZstdChunkedManifest(fileSource, *tocDigest, annotations)
if err != nil { if err != nil {
return graphdriver.DriverWithDifferOutput{}, fmt.Errorf("read zstd:chunked manifest: %w", err) return graphdriver.DriverWithDifferOutput{}, fmt.Errorf("read zstd:chunked manifest: %w", err)
} }

2
storage/pkg/chunked/zstdchunked_test.go
View File

@ -153,7 +153,7 @@ func TestGenerateAndParseManifest(t *testing.T) {
tocDigest, err := toc.GetTOCDigest(annotations) tocDigest, err := toc.GetTOCDigest(annotations)
require.NoError(t, err) require.NoError(t, err)
require.NotNil(t, tocDigest) require.NotNil(t, tocDigest)
manifest, _, _, err := readZstdChunkedManifest(s, 8192, *tocDigest, annotations) manifest, _, _, err := readZstdChunkedManifest(s, *tocDigest, annotations)
if err != nil { if err != nil {
t.Error(err) t.Error(err)
} }