Mostly just name changes that should not change behavior,
apart from ioutil.ReadDir -> os.ReadDir avoiding per-item
lstat(2) in some cases.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Newer versions of the OCI spec include the mediaType field in image
manifests and image indexes, and if they include them, save ourselves
some work by using that information.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
If a schema version 2 manifest doesn't include a top-level media type,
default to "guessing" it's an OCI v1 manifest.
Previously, we defaulted to a Docker v2s2 manifest which is causing
issues for OCI artifacts which may ship a custom config media type.
In that case, we guessed it's a Docker image which is wrong.
To harden the code a bit further, add an additional media-type check for
the config to not only check for an ordinary OCI config but also a
Docker one.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
separate from the format-specific files, and from the ~generic
public utilities in manifest.go.
Only moves code, should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Add the manifest.List interface, and implementations for OCIv1 Index and
Docker Schema2List documents.
Add an instanceDigest parameter to PutManifest(), PutSignatures(), and
LayerInfosForCopy, for symmetry with GetManifest() and GetSignatures().
Return an error if the instanceDigest is supplied to destinations which
don't support them, and add stubs that do so even to the transports
which would support it, so that we don't break compilation here.
Add a MultipleImages flag to copy.Options, and if the source for a copy
operation contains multiple images, copy all of the images if we can.
If we can't copy them all, but we were told to, return an error.
Use the generic manifest list API to select a single image to copy from
a list, so that we aren't just limited to the Docker manifest list
format for those cases.
When guessing at the type of a manifest, if the manifest contains a list
of manifests, use its declared MIME type if it included one, else assume
it's an OCI index, because an OCI index doesn't include its MIME type.
When copying, switch from using an encode-then-compare of the original
and updated versions of the list to checking if the instance list was
changed (one of the things we might have changed) or if its type has
changed due to conversion (the other change we might have made). If
neither has changed, then we don't need to change the encoded value of
the manifest.
When copying, when checking for a digest mismatch in a target image
reference, ignore a mismatch between the digest in the reference and the
digest of the main manifest if we're copying one element from a list,
and the digest in the reference matches the digest of the manifest list.
When copying, if conversion of manifests for single images is being
forced, convert manifest lists to the corresponding list types.
When copying, supply the unparsed top level to Commit() by attaching the
value to the context.Context.
Support manifest lists in the directory transport by using the instance
digest as a prefix of the filename used to store a manifest or a piece
of signature data.
Support manifest lists in the oci-layout transport by accepting indexes
as we do images, and stop guessing about Platform values to add to the
top-level index.
Support storing manifest lists to registries in the docker: transport by
using the manifest digest when we're writing one image as part of
pushing a list of them, and by using the instance digest when reading or
writing signature data, when one is specified, or the cached digest of
the non-instanced digest when one is not specified.
Add partial support for manifest lists to the storage transport: when
committing one image from a list into storage, also add a copy of the
manifest list by extracting it from the context.Context. The logic is
already in place to enable locating an image using any of multiple
manifest digests.
When writing an image that has an instanceDigest value (meaning it's a
secondary image), don't try to generate a canonical reference to add to
the image's list of names if the reference for the primary image doesn't
contain a name. That should only happen if we're writing using just an
image ID, which is unlikely, but we still need to handle it.
Avoid computing the digest of the manifest, or retrieving the
either-a-tag-or-a-digest value from the target reference, if we're given
an instanceDigest, which would override them anyway.
Move the check for non-nil instanceDigest values up into the main
PutSignatures() method instead of duplicating it in the per-strategy
helpers.
Add mention of the instanceDigest parameter and its use to various
PutManifest, PutSignatures, and LayerInfosForCopy implementations and
their declarations in interfaces.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
... so that major-version-aware Go module import
(as opposed to vX.Y.Z+incompatible, which does not allow different
packages to use different versions) works right.
Also requires adding some more GO111MODULE=on options to Makefile.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
... instead of using the "replace" directive in go.mod, which
changes absolutely nothing for consumers of this library.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
This makes the "empty layer" flag available for storageImage.
Also continues to add tests to the manifest subpackage.
A possible alternative was to add this right to types.BlobInfo,
but that exists primarily for copying images around, where
the consumers don't care about the value, and producers
like PutBlob would have to do extra work to preserve the (unused)
value; whether the value is or isn't available in a particular
instance would have to be only documented in text.
This allows us to use the type system to verify availability
of the flag: if you want it, call manifest.LayerInfos explicitly.
(Of course if it turns out to be more widely needed, we can undo this
and move the flag directly to BlobInfo.)
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Right now this does not change behavior, and manifest.LayerInfo is
just a trivial wrapper around types.BlobInfo; we will add an
EmptyLayer flag next.
To support this, add image.manifestLayerInfosToBlobInfos, and update
manifest.layerInfosToStrings (and make it private, and add tests for it).
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
We will be removing it from types.Image altogether; and c/i/manifest
is a better place for hard-coding MIME types anyway.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
This is needed for editing schema 1 manifests; docker/distribution
actually requires a signature even if the incoming data uses the
nominally unsigned DockerV2Schema1MediaType .
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
The ...Signed... type (+prettyjws) is what Docker Hub returns in
Content-Type. So, use that value for signed manifests, and keep
DockerV2Schema1MIMEType for the unsigned ones.
This changes the guess results for the common case. Manifest parsing in
genericImage therefore needs to handle both.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Miloslav Trmač