diff --git a/Dockerfile b/Dockerfile index 2389aa79b2..07c30c9361 100644 --- a/Dockerfile +++ b/Dockerfile @@ -146,7 +146,7 @@ RUN ln -sfv $PWD/.bashrc ~/.bashrc COPY contrib/download-frozen-image.sh /go/src/github.com/docker/docker/contrib/ RUN ./contrib/download-frozen-image.sh /docker-frozen-images \ busybox:latest@4986bf8c15363d1c5d15512d5266f8777bfba4974ac56e3270e7760f6f0a8125 \ - hello-world:latest@e45a5af57b00862e5ef5782a9925979a02ba2b12dff832fd0991335f4a11e5c5 + hello-world:frozen@e45a5af57b00862e5ef5782a9925979a02ba2b12dff832fd0991335f4a11e5c5 # see also "hack/make/.ensure-frozen-images" (which needs to be updated any time this list is) # Install man page generator diff --git a/graph/pull.go b/graph/pull.go index ecf0309b17..8696658d1e 100644 --- a/graph/pull.go +++ b/graph/pull.go @@ -549,7 +549,7 @@ func (s *TagStore) pullV2Tag(eng *engine.Engine, r *registry.Session, out io.Wri } } - var layersDownloaded bool + var tagUpdated bool for i := len(downloads) - 1; i >= 0; i-- { d := &downloads[i] if d.err != nil { @@ -580,14 +580,27 @@ func (s *TagStore) pullV2Tag(eng *engine.Engine, r *registry.Session, out io.Wri // FIXME: Pool release here for parallel tag pull (ensures any downloads block until fully extracted) } out.Write(sf.FormatProgress(common.TruncateID(d.img.ID), "Pull complete", nil)) - layersDownloaded = true + tagUpdated = true } else { out.Write(sf.FormatProgress(common.TruncateID(d.img.ID), "Already exists", nil)) } } - if verified && layersDownloaded { + // Check for new tag if no layers downloaded + if !tagUpdated { + repo, err := s.Get(repoInfo.LocalName) + if err != nil { + return false, err + } + if repo != nil { + if _, exists := repo[tag]; !exists { + tagUpdated = true + } + } + } + + if verified && tagUpdated { out.Write(sf.FormatStatus(repoInfo.CanonicalName+":"+tag, "The image you are pulling has been verified. Important: image verification is a tech preview feature and should not be relied on to provide security.")) } @@ -595,5 +608,5 @@ func (s *TagStore) pullV2Tag(eng *engine.Engine, r *registry.Session, out io.Wri return false, err } - return layersDownloaded, nil + return tagUpdated, nil } diff --git a/hack/make/.ensure-frozen-images b/hack/make/.ensure-frozen-images index a0b4efc1e9..379f738495 100644 --- a/hack/make/.ensure-frozen-images +++ b/hack/make/.ensure-frozen-images @@ -4,17 +4,17 @@ set -e # this list should match roughly what's in the Dockerfile (minus the explicit image IDs, of course) images=( busybox:latest - hello-world:latest + hello-world:frozen ) if ! docker inspect "${images[@]}" &> /dev/null; then hardCodedDir='/docker-frozen-images' if [ -d "$hardCodedDir" ]; then ( set -x; tar -cC "$hardCodedDir" . | docker load ) - elif [ -e Dockerfile ] && command -v curl > /dev/null; then - # testing for "curl" because "download-frozen-image.sh" is built around curl + else dir="$DEST/frozen-images" # extract the exact "RUN download-frozen-image.sh" line from the Dockerfile itself for consistency + # NOTE: this will fail if either "curl" is not installed or if the Dockerfile is not available/readable awk ' $1 == "RUN" && $2 == "./contrib/download-frozen-image.sh" { for (i = 2; i < NF; i++) @@ -33,11 +33,5 @@ if ! docker inspect "${images[@]}" &> /dev/null; then } ' Dockerfile | sh -x ( set -x; tar -cC "$dir" . | docker load ) - else - for image in "${images[@]}"; do - if ! docker inspect "$image" &> /dev/null; then - ( set -x; docker pull "$image" ) - fi - done fi fi diff --git a/integration-cli/docker_cli_build_test.go b/integration-cli/docker_cli_build_test.go index ecef76f9da..729b538053 100644 --- a/integration-cli/docker_cli_build_test.go +++ b/integration-cli/docker_cli_build_test.go @@ -5234,7 +5234,7 @@ func TestBuildRUNoneJSON(t *testing.T) { defer deleteAllContainers() defer deleteImages(name) - ctx, err := fakeContext(`FROM hello-world:latest + ctx, err := fakeContext(`FROM hello-world:frozen RUN [ "/hello" ]`, map[string]string{}) if err != nil { t.Fatal(err)