Merge pull request #10305 from jlhawn/use_tarsum_v1
Always store images with tarsum.v1 checksum added
This commit is contained in:
commit
bfa0dc47da
3 changed files with 21 additions and 5 deletions
|
@ -80,8 +80,8 @@ func LoadImage(root string) (*Image, error) {
|
|||
|
||||
// StoreImage stores file system layer data for the given image to the
|
||||
// image's registered storage driver. Image metadata is stored in a file
|
||||
// at the specified root directory. This function also computes the TarSum
|
||||
// of `layerData` (currently using tarsum.dev).
|
||||
// at the specified root directory. This function also computes a checksum
|
||||
// of `layerData` if the image does not have one already.
|
||||
func StoreImage(img *Image, layerData archive.ArchiveReader, root string) error {
|
||||
// Store the layer
|
||||
var (
|
||||
|
@ -95,15 +95,18 @@ func StoreImage(img *Image, layerData archive.ArchiveReader, root string) error
|
|||
if layerData != nil {
|
||||
// If the image doesn't have a checksum, we should add it. The layer
|
||||
// checksums are verified when they are pulled from a remote, but when
|
||||
// a container is committed it should be added here.
|
||||
if img.Checksum == "" {
|
||||
// a container is committed it should be added here. Also ensure that
|
||||
// the stored checksum has the latest version of tarsum (assuming we
|
||||
// are using tarsum).
|
||||
if tarsum.VersionLabelForChecksum(img.Checksum) != tarsum.Version1.String() {
|
||||
// Either there was no checksum or it's not a tarsum.v1
|
||||
layerDataDecompressed, err := archive.DecompressStream(layerData)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
defer layerDataDecompressed.Close()
|
||||
|
||||
if layerTarSum, err = tarsum.NewTarSum(layerDataDecompressed, true, tarsum.VersionDev); err != nil {
|
||||
if layerTarSum, err = tarsum.NewTarSum(layerDataDecompressed, true, tarsum.Version1); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
|
|
|
@ -122,6 +122,7 @@ type tHashConfig struct {
|
|||
}
|
||||
|
||||
var (
|
||||
// NOTE: DO NOT include MD5 or SHA1, which are considered insecure.
|
||||
standardHashConfigs = map[string]tHashConfig{
|
||||
"sha256": {name: "sha256", hash: crypto.SHA256},
|
||||
"sha512": {name: "sha512", hash: crypto.SHA512},
|
||||
|
|
|
@ -22,6 +22,18 @@ const (
|
|||
VersionDev
|
||||
)
|
||||
|
||||
// VersionLabelForChecksum returns the label for the given tarsum
|
||||
// checksum, i.e., everything before the first `+` character in
|
||||
// the string or an empty string if no label separator is found.
|
||||
func VersionLabelForChecksum(checksum string) string {
|
||||
// Checksums are in the form: {versionLabel}+{hashID}:{hex}
|
||||
sepIndex := strings.Index(checksum, "+")
|
||||
if sepIndex < 0 {
|
||||
return ""
|
||||
}
|
||||
return checksum[:sepIndex]
|
||||
}
|
||||
|
||||
// Get a list of all known tarsum Version
|
||||
func GetVersions() []Version {
|
||||
v := []Version{}
|
||||
|
|
Loading…
Reference in a new issue