distribution: Error when pulling OCI artifacts

Currently an attempt to pull a reference which resolves to an OCI
artifact (Helm chart for example), results in a bit unrelated error
message `invalid rootfs in image configuration`.

This provides a more meaningful error in case a user attempts to
download a media type which isn't image related.

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
This commit is contained in:
Paweł Gronowski 2022-10-27 14:31:35 +02:00
parent aeafa2a28f
commit 407e3a4552
No known key found for this signature in database
GPG key ID: B85EFCFE26DEF92A
2 changed files with 39 additions and 1 deletions

View file

@ -63,6 +63,19 @@ func (e notFoundError) Cause() error {
return e.cause
}
// unsupportedMediaTypeError is an error issued when attempted
// to pull unsupported content.
type unsupportedMediaTypeError struct {
MediaType string
}
func (e unsupportedMediaTypeError) InvalidParameter() {}
// Error returns the error string for unsupportedMediaTypeError.
func (e unsupportedMediaTypeError) Error() string {
return "unsupported media type " + e.MediaType
}
// translatePullError is used to convert an error from a registry pull
// operation to an error representing the entire pull operation. Any error
// information which is not used by the returned error gets output to
@ -124,6 +137,8 @@ func continueOnError(err error, mirrorEndpoint bool) bool {
// Failures from a mirror endpoint should result in fallback to the
// canonical repo.
return mirrorEndpoint
case unsupportedMediaTypeError:
return false
case error:
return !strings.Contains(err.Error(), strings.ToLower(syscall.ESRCH.Error()))
}
@ -153,7 +168,7 @@ func retryOnError(err error) error {
return xfer.DoNotRetry{Err: v.Err}
}
return retryOnError(v.Err)
case *client.UnexpectedHTTPResponseError:
case *client.UnexpectedHTTPResponseError, unsupportedMediaTypeError:
return xfer.DoNotRetry{Err: err}
case error:
if err == distribution.ErrBlobUnknown {

View file

@ -7,6 +7,7 @@ import (
"io"
"os"
"runtime"
"strings"
"time"
"github.com/containerd/containerd/log"
@ -606,6 +607,21 @@ func (p *puller) pullSchema1(ctx context.Context, ref reference.Reference, unver
return imageID, manifestDigest, nil
}
func checkSupportedMediaType(mediaType string) error {
supportedMediaTypes := []string{
"application/vnd.oci.image.",
"application/vnd.docker.",
}
lowerMt := strings.ToLower(mediaType)
for _, mt := range supportedMediaTypes {
if strings.HasPrefix(lowerMt, mt) {
return nil
}
}
return unsupportedMediaTypeError{MediaType: mediaType}
}
func (p *puller) pullSchema2Layers(ctx context.Context, target distribution.Descriptor, layers []distribution.Descriptor, platform *specs.Platform) (id digest.Digest, err error) {
if _, err := p.config.ImageStore.Get(ctx, target.Digest); err == nil {
// If the image already exists locally, no need to pull
@ -613,6 +629,10 @@ func (p *puller) pullSchema2Layers(ctx context.Context, target distribution.Desc
return target.Digest, nil
}
if err := checkSupportedMediaType(target.MediaType); err != nil {
return "", err
}
var descriptors []xfer.DownloadDescriptor
// Note that the order of this loop is in the direction of bottom-most
@ -621,6 +641,9 @@ func (p *puller) pullSchema2Layers(ctx context.Context, target distribution.Desc
if err := d.Digest.Validate(); err != nil {
return "", errors.Wrapf(err, "could not validate layer digest %q", d.Digest)
}
if err := checkSupportedMediaType(d.MediaType); err != nil {
return "", err
}
layerDescriptor := &layerDescriptor{
digest: d.Digest,
repo: p.repo,