canon-json provides a serde_json Formatter to serialize
as RFC 8785 canonical JSON.
It's a drop in replacement for olpc-cjson.
Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
I wanted to test out how container runtimes behaved with
a tarball that had a filled in user/group name. For convenience
of testing arbitrary tarballs in container images, add this
example which takes an externally generated tar and just wraps
it with OCI metadata.
Signed-off-by: Colin Walters <walters@verbum.org>
The empty descriptor is described in the image spec [1].
`new_empty_manifest` writes an empty config descriptor in the blobs
directory, which results in a valid image layout specification. This is
validated using the fsck function in the `test_new_empty_manifest` test.
Fixes#27
[1] https://github.com/opencontainers/image-spec/blob/main/manifest.md#guidance-for-an-empty-descriptor
Signed-off-by: Ariel Miculas-Trif <amiculas@cisco.com>
The index.json file MUST exist according to the OCI Image Layout Spec
[1], thus read_index should return the ImageIndex directly, there's no
need to wrap it into an Option.
[1] https://github.com/opencontainers/image-spec/blob/main/image-layout.md
Signed-off-by: Ariel Miculas-Trif <amiculas@cisco.com>
They now both take owned values of type cap_std::Dir for both parameters
instead of references to cap_std::Dir. The reason for owned values
instead of references is avoiding the undesired effects of sharing the
same underlying file handle [1].
[1] https://doc.rust-lang.org/nightly/std/fs/struct.File.html#method.try_clone
Signed-off-by: Ariel Miculas-Trif <amiculas@cisco.com>
This feature is especially useful when we want to share blobs across OCI
repositories. See the `--dest-shared-blob-dir` option in skopeo [1] as
well as the LXC OCI template [2] (specifically OCI_USE_CACHE).
Usually this is done via symlinking oci/blobs or oci/blobs/sha256, but
ocidir-rs doesn't follow symlinks which lead outside the oci directory
(this is by design). This commit doesn't change the capability model, it
only addresses the blob sharing use case by adding a new
open_with_external_blobs function which takes the blobs directory as a
separate cap_std::Dir. The library won't allow any accesses outside the
blobs directory, but instead of reading the blobs directory from the OCI
directory, it will directly read the user supplied blobs directory.
closes#21
[1] https://github.com/containers/skopeo/blob/main/docs/skopeo-copy.1.md
[2] https://github.com/lxc/lxc/blob/main/templates/lxc-oci.in
Signed-off-by: Ariel Miculas-Trif <amiculas@cisco.com>
`complete_verified_as` finishes writing the blob, verifying its digest
and size against the expected descriptor, and then writing the contents
to a file with a completely different sha256 digest. The reason is that
both `complete_verified_as` and `complete` call self.hash.finish(), but
this function can only be called once, because after the first call it
transitions into the Finalized state [1]. The second time it gets called
it realizes it's in the Finalized state and then it calls self.init,
resetting the hasher. This is a bad API design.
Fix this by only calling self.hash.finish() once and then passing the
result to a new internal function `complete_as`, which does the same
thing as `complete` but avoids calling self.hash.finish() again.
Add a test to ensure `complete_verified_as` behaves as expected.
[1] https://docs.rs/openssl/0.10.66/src/openssl/hash.rs.html#295-297
Signed-off-by: Ariel Miculas-Trif <amiculas@cisco.com>
It was requested that we use `thiserror` as we're a library.
I dropped the `read_manifest` API as I don't think people
should use it in general and it would have required its
own dedicated error type.
Closes: https://github.com/containers/ocidir-rs/issues/15
Signed-off-by: Colin Walters <walters@verbum.org>
There are a few semver breaks there, but I helped drive
them because they clean up the codebase here.
Most notably:
- We have hardened upstream "verify descriptor is sha256:" logic
- size is now properly u64
etc.
Signed-off-by: Colin Walters <walters@verbum.org>
In some other code I was hitting an unexpected size in a config
object; I'm not sure there's a bug here yet, but the obvious
thing to do is to strengthen our `fsck()` to walk descriptors,
not the blobs directly.
This way we validate:
- size of objects (cheap corruption detection too)
- Nothing is missing
Signed-off-by: Colin Walters <walters@verbum.org>
I didn't have an immediate use case, I was just reading
the code for unrelated reasons and noticed this.
But I'm sure we'd want this for reproducible builds.
Signed-off-by: Colin Walters <walters@verbum.org>
No idea why this was a free function before. Add a method
which delegates to the free function, and deprecate the old
way.
Signed-off-by: Colin Walters <walters@verbum.org>
Just on general principle, but also specifically as I was
looking at the `flush()` calls in the writer paths and was
uncertain why I added those. If we were somehow losing data,
this might help us find that.
Signed-off-by: Colin Walters <walters@verbum.org>
2024-07-23 15:21:27 -04:00
7 changed files with 957 additions and 269 deletions
Colin Walters
Tom Fay
Tom Fay
Etienne Champetier
Allison Karlitskaya
Platform Engineering Bot
Ariel Miculas-Trif
John Eckersberg
Ariel Miculas-Trif
Joseph Marrero Corchado