Mostly just name changes that should not change behavior,
apart from ioutil.ReadDir -> os.ReadDir avoiding per-item
lstat(2) in some cases.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Refuse to process manifest / manifest list data
that could possibly be interpreted as two different
manifest formats, because differences in how those
ambiguities are resolved could be used to bypass
image verification or review mechanisms.
Fixes CVE-2021-41190 / GHSA-77vh-xpmg-72qh .
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
... so that major-version-aware Go module import
(as opposed to vX.Y.Z+incompatible, which does not allow different
packages to use different versions) works right.
Also requires adding some more GO111MODULE=on options to Makefile.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
This makes the "empty layer" flag available for storageImage.
Also continues to add tests to the manifest subpackage.
A possible alternative was to add this right to types.BlobInfo,
but that exists primarily for copying images around, where
the consumers don't care about the value, and producers
like PutBlob would have to do extra work to preserve the (unused)
value; whether the value is or isn't available in a particular
instance would have to be only documented in text.
This allows us to use the type system to verify availability
of the flag: if you want it, call manifest.LayerInfos explicitly.
(Of course if it turns out to be more widely needed, we can undo this
and move the flag directly to BlobInfo.)
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
This allows us to simplify consumers of the data, and notably will allow
future LayerInfos to work without having to worry about parsing errors.
manifest.Schema1FromManifest is parsing all of that data anyway in
fixManifestLayers, so this is a net win for those manifests; OTOH
manifest.Schema1FromComponents may do the work unnecessarily.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
This is a shared component of the two constructors, currently only verifying
invariants, but intended primarily to share code to unmarshal the History components
in the future.
Also opportunistically starts adding tests to the manifest subpackage.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Miloslav Trmač