2015-02-26 21:23:50 -05:00
package main
import (
2015-08-01 02:27:19 -04:00
"encoding/json"
2015-02-26 21:23:50 -05:00
"fmt"
2015-11-18 17:20:54 -05:00
"os"
"path/filepath"
2015-02-26 21:23:50 -05:00
"regexp"
"strings"
2015-08-01 02:27:19 -04:00
"github.com/docker/distribution/digest"
2015-10-30 20:46:25 -04:00
"github.com/docker/distribution/manifest/schema1"
2015-12-18 18:06:23 -05:00
"github.com/docker/distribution/manifest/schema2"
2015-10-27 16:59:13 -04:00
"github.com/docker/docker/pkg/integration/checker"
2015-10-22 06:34:12 -04:00
"github.com/docker/docker/pkg/stringutils"
2016-01-04 19:05:26 -05:00
"github.com/docker/engine-api/types"
2015-04-18 12:46:47 -04:00
"github.com/go-check/check"
2015-02-26 21:23:50 -05:00
)
var (
2015-08-01 02:27:19 -04:00
remoteRepoName = "dockercli/busybox-by-dgst"
repoName = fmt . Sprintf ( "%v/%s" , privateRegistryURL , remoteRepoName )
2015-07-15 16:42:45 -04:00
pushDigestRegex = regexp . MustCompile ( "[\\S]+: digest: ([\\S]+) size: [0-9]+" )
digestRegex = regexp . MustCompile ( "Digest: ([\\S]+)" )
2015-02-26 21:23:50 -05:00
)
2015-08-01 02:27:19 -04:00
func setupImage ( c * check . C ) ( digest . Digest , error ) {
2015-07-14 02:35:36 -04:00
return setupImageWithTag ( c , "latest" )
2015-02-26 21:23:50 -05:00
}
2015-08-01 02:27:19 -04:00
func setupImageWithTag ( c * check . C , tag string ) ( digest . Digest , error ) {
2015-02-26 21:23:50 -05:00
containerName := "busyboxbydigest"
2015-07-14 02:35:36 -04:00
dockerCmd ( c , "run" , "-d" , "-e" , "digest=1" , "--name" , containerName , "busybox" )
2015-02-26 21:23:50 -05:00
// tag the image to upload it to the private registry
2015-11-18 17:20:54 -05:00
repoAndTag := repoName + ":" + tag
2015-10-27 16:59:13 -04:00
out , _ , err := dockerCmdWithError ( "commit" , containerName , repoAndTag )
c . Assert ( err , checker . IsNil , check . Commentf ( "image tagging failed: %s" , out ) )
2015-02-26 21:23:50 -05:00
// delete the container as we don't need it any more
2015-10-27 16:59:13 -04:00
err = deleteContainer ( containerName )
c . Assert ( err , checker . IsNil )
2015-02-26 21:23:50 -05:00
// push the image
2015-10-27 16:59:13 -04:00
out , _ , err = dockerCmdWithError ( "push" , repoAndTag )
c . Assert ( err , checker . IsNil , check . Commentf ( "pushing the image to the private registry has failed: %s" , out ) )
2015-02-26 21:23:50 -05:00
// delete our local repo that we previously tagged
2015-10-27 16:59:13 -04:00
rmiout , _ , err := dockerCmdWithError ( "rmi" , repoAndTag )
c . Assert ( err , checker . IsNil , check . Commentf ( "error deleting images prior to real test: %s" , rmiout ) )
2015-02-26 21:23:50 -05:00
2015-07-15 16:42:45 -04:00
matches := pushDigestRegex . FindStringSubmatch ( out )
2015-10-27 16:59:13 -04:00
c . Assert ( matches , checker . HasLen , 2 , check . Commentf ( "unable to parse digest from push output: %s" , out ) )
2015-02-26 21:23:50 -05:00
pushDigest := matches [ 1 ]
2015-08-01 02:27:19 -04:00
return digest . Digest ( pushDigest ) , nil
2015-02-26 21:23:50 -05:00
}
2015-12-18 18:06:23 -05:00
func testPullByTagDisplaysDigest ( c * check . C ) {
2015-08-28 13:36:42 -04:00
testRequires ( c , DaemonIsLinux )
2015-07-14 02:35:36 -04:00
pushDigest , err := setupImage ( c )
2015-10-27 16:59:13 -04:00
c . Assert ( err , checker . IsNil , check . Commentf ( "error setting up image" ) )
2015-02-26 21:23:50 -05:00
// pull from the registry using the tag
2015-07-14 02:35:36 -04:00
out , _ := dockerCmd ( c , "pull" , repoName )
2015-02-26 21:23:50 -05:00
// the pull output includes "Digest: <digest>", so find that
matches := digestRegex . FindStringSubmatch ( out )
2015-10-27 16:59:13 -04:00
c . Assert ( matches , checker . HasLen , 2 , check . Commentf ( "unable to parse digest from pull output: %s" , out ) )
2015-02-26 21:23:50 -05:00
pullDigest := matches [ 1 ]
// make sure the pushed and pull digests match
2015-10-27 16:59:13 -04:00
c . Assert ( pushDigest . String ( ) , checker . Equals , pullDigest )
2015-02-26 21:23:50 -05:00
}
2015-12-18 18:06:23 -05:00
func ( s * DockerRegistrySuite ) TestPullByTagDisplaysDigest ( c * check . C ) {
testPullByTagDisplaysDigest ( c )
}
func ( s * DockerSchema1RegistrySuite ) TestPullByTagDisplaysDigest ( c * check . C ) {
testPullByTagDisplaysDigest ( c )
}
func testPullByDigest ( c * check . C ) {
2015-08-28 13:36:42 -04:00
testRequires ( c , DaemonIsLinux )
2015-07-14 02:35:36 -04:00
pushDigest , err := setupImage ( c )
2015-10-27 16:59:13 -04:00
c . Assert ( err , checker . IsNil , check . Commentf ( "error setting up image" ) )
2015-02-26 21:23:50 -05:00
// pull from the registry using the <name>@<digest> reference
imageReference := fmt . Sprintf ( "%s@%s" , repoName , pushDigest )
2015-07-14 02:35:36 -04:00
out , _ := dockerCmd ( c , "pull" , imageReference )
2015-02-26 21:23:50 -05:00
// the pull output includes "Digest: <digest>", so find that
matches := digestRegex . FindStringSubmatch ( out )
2015-10-27 16:59:13 -04:00
c . Assert ( matches , checker . HasLen , 2 , check . Commentf ( "unable to parse digest from pull output: %s" , out ) )
2015-02-26 21:23:50 -05:00
pullDigest := matches [ 1 ]
// make sure the pushed and pull digests match
2015-10-27 16:59:13 -04:00
c . Assert ( pushDigest . String ( ) , checker . Equals , pullDigest )
2015-02-26 21:23:50 -05:00
}
2015-12-18 18:06:23 -05:00
func ( s * DockerRegistrySuite ) TestPullByDigest ( c * check . C ) {
testPullByDigest ( c )
}
func ( s * DockerSchema1RegistrySuite ) TestPullByDigest ( c * check . C ) {
testPullByDigest ( c )
}
func testPullByDigestNoFallback ( c * check . C ) {
2015-08-28 13:36:42 -04:00
testRequires ( c , DaemonIsLinux )
2015-04-29 15:29:50 -04:00
// pull from the registry using the <name>@<digest> reference
imageReference := fmt . Sprintf ( "%s@sha256:ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" , repoName )
2015-07-27 14:13:25 -04:00
out , _ , err := dockerCmdWithError ( "pull" , imageReference )
2015-10-27 16:59:13 -04:00
c . Assert ( err , checker . NotNil , check . Commentf ( "expected non-zero exit status and correct error message when pulling non-existing image" ) )
c . Assert ( out , checker . Contains , "manifest unknown" , check . Commentf ( "expected non-zero exit status and correct error message when pulling non-existing image" ) )
2015-04-29 15:29:50 -04:00
}
2015-12-18 18:06:23 -05:00
func ( s * DockerRegistrySuite ) TestPullByDigestNoFallback ( c * check . C ) {
testPullByDigestNoFallback ( c )
}
func ( s * DockerSchema1RegistrySuite ) TestPullByDigestNoFallback ( c * check . C ) {
testPullByDigestNoFallback ( c )
}
2015-04-24 17:16:56 -04:00
func ( s * DockerRegistrySuite ) TestCreateByDigest ( c * check . C ) {
2015-07-14 02:35:36 -04:00
pushDigest , err := setupImage ( c )
2015-10-27 16:59:13 -04:00
c . Assert ( err , checker . IsNil , check . Commentf ( "error setting up image" ) )
2015-02-26 21:23:50 -05:00
imageReference := fmt . Sprintf ( "%s@%s" , repoName , pushDigest )
containerName := "createByDigest"
2015-07-14 02:35:36 -04:00
out , _ := dockerCmd ( c , "create" , "--name" , containerName , imageReference )
2015-02-26 21:23:50 -05:00
res , err := inspectField ( containerName , "Config.Image" )
2015-10-27 16:59:13 -04:00
c . Assert ( err , checker . IsNil , check . Commentf ( "failed to get Config.Image: %s" , out ) )
c . Assert ( res , checker . Equals , imageReference )
2015-02-26 21:23:50 -05:00
}
2015-04-24 17:16:56 -04:00
func ( s * DockerRegistrySuite ) TestRunByDigest ( c * check . C ) {
2015-07-14 02:35:36 -04:00
pushDigest , err := setupImage ( c )
2015-10-27 16:59:13 -04:00
c . Assert ( err , checker . IsNil )
2015-02-26 21:23:50 -05:00
imageReference := fmt . Sprintf ( "%s@%s" , repoName , pushDigest )
containerName := "runByDigest"
2015-07-14 02:35:36 -04:00
out , _ := dockerCmd ( c , "run" , "--name" , containerName , imageReference , "sh" , "-c" , "echo found=$digest" )
2015-02-26 21:23:50 -05:00
foundRegex := regexp . MustCompile ( "found=([^\n]+)" )
matches := foundRegex . FindStringSubmatch ( out )
2015-10-27 16:59:13 -04:00
c . Assert ( matches , checker . HasLen , 2 , check . Commentf ( "unable to parse digest from pull output: %s" , out ) )
c . Assert ( matches [ 1 ] , checker . Equals , "1" , check . Commentf ( "Expected %q, got %q" , "1" , matches [ 1 ] ) )
2015-02-26 21:23:50 -05:00
res , err := inspectField ( containerName , "Config.Image" )
2015-10-27 16:59:13 -04:00
c . Assert ( err , checker . IsNil , check . Commentf ( "failed to get Config.Image: %s" , out ) )
c . Assert ( res , checker . Equals , imageReference )
2015-02-26 21:23:50 -05:00
}
2015-04-24 17:16:56 -04:00
func ( s * DockerRegistrySuite ) TestRemoveImageByDigest ( c * check . C ) {
2015-07-14 02:35:36 -04:00
digest , err := setupImage ( c )
2015-10-27 16:59:13 -04:00
c . Assert ( err , checker . IsNil , check . Commentf ( "error setting up image" ) )
2015-02-26 21:23:50 -05:00
imageReference := fmt . Sprintf ( "%s@%s" , repoName , digest )
// pull from the registry using the <name>@<digest> reference
2015-07-14 02:35:36 -04:00
dockerCmd ( c , "pull" , imageReference )
2015-02-26 21:23:50 -05:00
// make sure inspect runs ok
2015-10-27 16:59:13 -04:00
_ , err = inspectField ( imageReference , "Id" )
c . Assert ( err , checker . IsNil , check . Commentf ( "failed to inspect image" ) )
2015-02-26 21:23:50 -05:00
// do the delete
2015-10-27 16:59:13 -04:00
err = deleteImages ( imageReference )
c . Assert ( err , checker . IsNil , check . Commentf ( "unexpected error deleting image" ) )
2015-02-26 21:23:50 -05:00
// try to inspect again - it should error this time
2015-10-27 16:59:13 -04:00
_ , err = inspectField ( imageReference , "Id" )
//unexpected nil err trying to inspect what should be a non-existent image
c . Assert ( err , checker . NotNil )
c . Assert ( err . Error ( ) , checker . Contains , "No such image" )
2015-02-26 21:23:50 -05:00
}
2015-04-24 17:16:56 -04:00
func ( s * DockerRegistrySuite ) TestBuildByDigest ( c * check . C ) {
2015-07-14 02:35:36 -04:00
digest , err := setupImage ( c )
2015-10-27 16:59:13 -04:00
c . Assert ( err , checker . IsNil , check . Commentf ( "error setting up image" ) )
2015-02-26 21:23:50 -05:00
imageReference := fmt . Sprintf ( "%s@%s" , repoName , digest )
// pull from the registry using the <name>@<digest> reference
2015-07-14 02:35:36 -04:00
dockerCmd ( c , "pull" , imageReference )
2015-02-26 21:23:50 -05:00
// get the image id
imageID , err := inspectField ( imageReference , "Id" )
2015-10-27 16:59:13 -04:00
c . Assert ( err , checker . IsNil , check . Commentf ( "error getting image id" ) )
2015-02-26 21:23:50 -05:00
// do the build
name := "buildbydigest"
_ , err = buildImage ( name , fmt . Sprintf (
` FROM % s
CMD [ "/bin/echo" , "Hello World" ] ` , imageReference ) ,
true )
2015-10-27 16:59:13 -04:00
c . Assert ( err , checker . IsNil )
2015-02-26 21:23:50 -05:00
// get the build's image id
res , err := inspectField ( name , "Config.Image" )
2015-10-27 16:59:13 -04:00
c . Assert ( err , checker . IsNil )
2015-02-26 21:23:50 -05:00
// make sure they match
2015-10-27 16:59:13 -04:00
c . Assert ( res , checker . Equals , imageID )
2015-02-26 21:23:50 -05:00
}
2015-04-24 17:16:56 -04:00
func ( s * DockerRegistrySuite ) TestTagByDigest ( c * check . C ) {
2015-07-14 02:35:36 -04:00
digest , err := setupImage ( c )
2015-10-27 16:59:13 -04:00
c . Assert ( err , checker . IsNil , check . Commentf ( "error setting up image" ) )
2015-02-26 21:23:50 -05:00
imageReference := fmt . Sprintf ( "%s@%s" , repoName , digest )
// pull from the registry using the <name>@<digest> reference
2015-07-14 02:35:36 -04:00
dockerCmd ( c , "pull" , imageReference )
2015-02-26 21:23:50 -05:00
// tag it
tag := "tagbydigest"
2015-07-14 02:35:36 -04:00
dockerCmd ( c , "tag" , imageReference , tag )
2015-02-26 21:23:50 -05:00
expectedID , err := inspectField ( imageReference , "Id" )
2015-10-27 16:59:13 -04:00
c . Assert ( err , checker . IsNil , check . Commentf ( "error getting original image id" ) )
2015-02-26 21:23:50 -05:00
tagID , err := inspectField ( tag , "Id" )
2015-10-27 16:59:13 -04:00
c . Assert ( err , checker . IsNil , check . Commentf ( "error getting tagged image id" ) )
c . Assert ( tagID , checker . Equals , expectedID )
2015-02-26 21:23:50 -05:00
}
2015-04-24 17:16:56 -04:00
func ( s * DockerRegistrySuite ) TestListImagesWithoutDigests ( c * check . C ) {
2015-07-14 02:35:36 -04:00
digest , err := setupImage ( c )
2015-10-27 16:59:13 -04:00
c . Assert ( err , checker . IsNil , check . Commentf ( "error setting up image" ) )
2015-02-26 21:23:50 -05:00
imageReference := fmt . Sprintf ( "%s@%s" , repoName , digest )
// pull from the registry using the <name>@<digest> reference
2015-07-14 02:35:36 -04:00
dockerCmd ( c , "pull" , imageReference )
2015-02-26 21:23:50 -05:00
2015-07-14 02:35:36 -04:00
out , _ := dockerCmd ( c , "images" )
2015-10-27 16:59:13 -04:00
c . Assert ( out , checker . Not ( checker . Contains ) , "DIGEST" , check . Commentf ( "list output should not have contained DIGEST header" ) )
2015-02-26 21:23:50 -05:00
}
2015-04-24 17:16:56 -04:00
func ( s * DockerRegistrySuite ) TestListImagesWithDigests ( c * check . C ) {
2015-02-26 21:23:50 -05:00
// setup image1
2015-07-14 02:35:36 -04:00
digest1 , err := setupImageWithTag ( c , "tag1" )
2015-10-27 16:59:13 -04:00
c . Assert ( err , checker . IsNil , check . Commentf ( "error setting up image" ) )
2015-02-26 21:23:50 -05:00
imageReference1 := fmt . Sprintf ( "%s@%s" , repoName , digest1 )
2015-04-18 12:46:47 -04:00
c . Logf ( "imageReference1 = %s" , imageReference1 )
2015-02-26 21:23:50 -05:00
// pull image1 by digest
2015-07-14 02:35:36 -04:00
dockerCmd ( c , "pull" , imageReference1 )
2015-02-26 21:23:50 -05:00
// list images
2015-07-14 02:35:36 -04:00
out , _ := dockerCmd ( c , "images" , "--digests" )
2015-02-26 21:23:50 -05:00
// make sure repo shown, tag=<none>, digest = $digest1
2015-08-01 02:27:19 -04:00
re1 := regexp . MustCompile ( ` \s* ` + repoName + ` \s*<none>\s* ` + digest1 . String ( ) + ` \s ` )
2015-10-27 16:59:13 -04:00
c . Assert ( re1 . MatchString ( out ) , checker . True , check . Commentf ( "expected %q: %s" , re1 . String ( ) , out ) )
2015-02-26 21:23:50 -05:00
// setup image2
2015-07-14 02:35:36 -04:00
digest2 , err := setupImageWithTag ( c , "tag2" )
2015-10-27 16:59:13 -04:00
//error setting up image
c . Assert ( err , checker . IsNil )
2015-02-26 21:23:50 -05:00
imageReference2 := fmt . Sprintf ( "%s@%s" , repoName , digest2 )
2015-04-18 12:46:47 -04:00
c . Logf ( "imageReference2 = %s" , imageReference2 )
2015-02-26 21:23:50 -05:00
// pull image1 by digest
2015-07-14 02:35:36 -04:00
dockerCmd ( c , "pull" , imageReference1 )
2015-02-26 21:23:50 -05:00
// pull image2 by digest
2015-07-14 02:35:36 -04:00
dockerCmd ( c , "pull" , imageReference2 )
2015-02-26 21:23:50 -05:00
// list images
2015-07-14 02:35:36 -04:00
out , _ = dockerCmd ( c , "images" , "--digests" )
2015-02-26 21:23:50 -05:00
// make sure repo shown, tag=<none>, digest = $digest1
2015-10-27 16:59:13 -04:00
c . Assert ( re1 . MatchString ( out ) , checker . True , check . Commentf ( "expected %q: %s" , re1 . String ( ) , out ) )
2015-02-26 21:23:50 -05:00
// make sure repo shown, tag=<none>, digest = $digest2
2015-08-01 02:27:19 -04:00
re2 := regexp . MustCompile ( ` \s* ` + repoName + ` \s*<none>\s* ` + digest2 . String ( ) + ` \s ` )
2015-10-27 16:59:13 -04:00
c . Assert ( re2 . MatchString ( out ) , checker . True , check . Commentf ( "expected %q: %s" , re2 . String ( ) , out ) )
2015-02-26 21:23:50 -05:00
// pull tag1
2015-07-14 02:35:36 -04:00
dockerCmd ( c , "pull" , repoName + ":tag1" )
2015-02-26 21:23:50 -05:00
// list images
2015-07-14 02:35:36 -04:00
out , _ = dockerCmd ( c , "images" , "--digests" )
2015-02-26 21:23:50 -05:00
// make sure image 1 has repo, tag, <none> AND repo, <none>, digest
reWithTag1 := regexp . MustCompile ( ` \s* ` + repoName + ` \s*tag1\s*<none>\s ` )
2015-08-01 02:27:19 -04:00
reWithDigest1 := regexp . MustCompile ( ` \s* ` + repoName + ` \s*<none>\s* ` + digest1 . String ( ) + ` \s ` )
2015-10-27 16:59:13 -04:00
c . Assert ( reWithDigest1 . MatchString ( out ) , checker . True , check . Commentf ( "expected %q: %s" , reWithDigest1 . String ( ) , out ) )
c . Assert ( reWithTag1 . MatchString ( out ) , checker . True , check . Commentf ( "expected %q: %s" , reWithTag1 . String ( ) , out ) )
2015-02-26 21:23:50 -05:00
// make sure image 2 has repo, <none>, digest
2015-10-27 16:59:13 -04:00
c . Assert ( re2 . MatchString ( out ) , checker . True , check . Commentf ( "expected %q: %s" , re2 . String ( ) , out ) )
2015-02-26 21:23:50 -05:00
// pull tag 2
2015-07-14 02:35:36 -04:00
dockerCmd ( c , "pull" , repoName + ":tag2" )
2015-02-26 21:23:50 -05:00
// list images
2015-07-14 02:35:36 -04:00
out , _ = dockerCmd ( c , "images" , "--digests" )
2015-02-26 21:23:50 -05:00
// make sure image 1 has repo, tag, digest
2015-10-27 16:59:13 -04:00
c . Assert ( reWithTag1 . MatchString ( out ) , checker . True , check . Commentf ( "expected %q: %s" , reWithTag1 . String ( ) , out ) )
2015-02-26 21:23:50 -05:00
// make sure image 2 has repo, tag, digest
reWithTag2 := regexp . MustCompile ( ` \s* ` + repoName + ` \s*tag2\s*<none>\s ` )
2015-08-01 02:27:19 -04:00
reWithDigest2 := regexp . MustCompile ( ` \s* ` + repoName + ` \s*<none>\s* ` + digest2 . String ( ) + ` \s ` )
2015-10-27 16:59:13 -04:00
c . Assert ( reWithTag2 . MatchString ( out ) , checker . True , check . Commentf ( "expected %q: %s" , reWithTag2 . String ( ) , out ) )
c . Assert ( reWithDigest2 . MatchString ( out ) , checker . True , check . Commentf ( "expected %q: %s" , reWithDigest2 . String ( ) , out ) )
2015-02-26 21:23:50 -05:00
// list images
2015-07-14 02:35:36 -04:00
out , _ = dockerCmd ( c , "images" , "--digests" )
2015-02-26 21:23:50 -05:00
// make sure image 1 has repo, tag, digest
2015-10-27 16:59:13 -04:00
c . Assert ( reWithTag1 . MatchString ( out ) , checker . True , check . Commentf ( "expected %q: %s" , reWithTag1 . String ( ) , out ) )
2015-02-26 21:23:50 -05:00
// make sure image 2 has repo, tag, digest
2015-10-27 16:59:13 -04:00
c . Assert ( reWithTag2 . MatchString ( out ) , checker . True , check . Commentf ( "expected %q: %s" , reWithTag2 . String ( ) , out ) )
2015-02-26 21:23:50 -05:00
// make sure busybox has tag, but not digest
busyboxRe := regexp . MustCompile ( ` \s*busybox\s*latest\s*<none>\s ` )
2015-10-27 16:59:13 -04:00
c . Assert ( busyboxRe . MatchString ( out ) , checker . True , check . Commentf ( "expected %q: %s" , busyboxRe . String ( ) , out ) )
2015-02-26 21:23:50 -05:00
}
2015-10-22 06:34:12 -04:00
func ( s * DockerRegistrySuite ) TestInspectImageWithDigests ( c * check . C ) {
digest , err := setupImage ( c )
2015-10-27 16:59:13 -04:00
c . Assert ( err , check . IsNil , check . Commentf ( "error setting up image" ) )
2015-10-22 06:34:12 -04:00
imageReference := fmt . Sprintf ( "%s@%s" , repoName , digest )
// pull from the registry using the <name>@<digest> reference
dockerCmd ( c , "pull" , imageReference )
out , _ := dockerCmd ( c , "inspect" , imageReference )
var imageJSON [ ] types . ImageInspect
2015-10-27 16:59:13 -04:00
err = json . Unmarshal ( [ ] byte ( out ) , & imageJSON )
c . Assert ( err , checker . IsNil )
c . Assert ( imageJSON , checker . HasLen , 1 )
c . Assert ( imageJSON [ 0 ] . RepoDigests , checker . HasLen , 1 )
c . Assert ( stringutils . InSlice ( imageJSON [ 0 ] . RepoDigests , imageReference ) , checker . Equals , true )
2015-10-22 06:34:12 -04:00
}
2015-08-20 03:57:15 -04:00
func ( s * DockerRegistrySuite ) TestPsListContainersFilterAncestorImageByDigest ( c * check . C ) {
digest , err := setupImage ( c )
2015-10-27 16:59:13 -04:00
c . Assert ( err , checker . IsNil , check . Commentf ( "error setting up image" ) )
2015-08-20 03:57:15 -04:00
imageReference := fmt . Sprintf ( "%s@%s" , repoName , digest )
// pull from the registry using the <name>@<digest> reference
dockerCmd ( c , "pull" , imageReference )
// build a image from it
imageName1 := "images_ps_filter_test"
_ , err = buildImage ( imageName1 , fmt . Sprintf (
` FROM % s
LABEL match me 1 ` , imageReference ) , true )
2015-10-27 16:59:13 -04:00
c . Assert ( err , checker . IsNil )
2015-08-20 03:57:15 -04:00
// run a container based on that
out , _ := dockerCmd ( c , "run" , "-d" , imageReference , "echo" , "hello" )
expectedID := strings . TrimSpace ( out )
// run a container based on the a descendant of that too
out , _ = dockerCmd ( c , "run" , "-d" , imageName1 , "echo" , "hello" )
expectedID1 := strings . TrimSpace ( out )
expectedIDs := [ ] string { expectedID , expectedID1 }
// Invalid imageReference
out , _ = dockerCmd ( c , "ps" , "-a" , "-q" , "--no-trunc" , fmt . Sprintf ( "--filter=ancestor=busybox@%s" , digest ) )
2015-10-27 16:59:13 -04:00
// Filter container for ancestor filter should be empty
c . Assert ( strings . TrimSpace ( out ) , checker . Equals , "" )
2015-08-20 03:57:15 -04:00
// Valid imageReference
out , _ = dockerCmd ( c , "ps" , "-a" , "-q" , "--no-trunc" , "--filter=ancestor=" + imageReference )
checkPsAncestorFilterOutput ( c , out , imageReference , expectedIDs )
}
2015-04-24 17:16:56 -04:00
func ( s * DockerRegistrySuite ) TestDeleteImageByIDOnlyPulledByDigest ( c * check . C ) {
2015-07-14 02:35:36 -04:00
pushDigest , err := setupImage ( c )
2015-10-27 16:59:13 -04:00
c . Assert ( err , checker . IsNil , check . Commentf ( "error setting up image" ) )
2015-02-26 21:23:50 -05:00
// pull from the registry using the <name>@<digest> reference
imageReference := fmt . Sprintf ( "%s@%s" , repoName , pushDigest )
2015-07-14 02:35:36 -04:00
dockerCmd ( c , "pull" , imageReference )
2015-02-26 21:23:50 -05:00
// just in case...
2015-07-08 15:41:01 -04:00
imageID , err := inspectField ( imageReference , "Id" )
2015-10-27 16:59:13 -04:00
c . Assert ( err , checker . IsNil , check . Commentf ( "error inspecting image id" ) )
2015-02-26 21:23:50 -05:00
2015-07-14 02:35:36 -04:00
dockerCmd ( c , "rmi" , imageID )
2015-02-26 21:23:50 -05:00
}
2015-08-01 02:27:19 -04:00
// TestPullFailsWithAlteredManifest tests that a `docker pull` fails when
// we have modified a manifest blob and its digest cannot be verified.
2015-12-18 18:06:23 -05:00
// This is the schema2 version of the test.
2015-08-01 02:27:19 -04:00
func ( s * DockerRegistrySuite ) TestPullFailsWithAlteredManifest ( c * check . C ) {
2015-08-28 13:36:42 -04:00
testRequires ( c , DaemonIsLinux )
2015-08-01 02:27:19 -04:00
manifestDigest , err := setupImage ( c )
2015-10-27 16:59:13 -04:00
c . Assert ( err , checker . IsNil , check . Commentf ( "error setting up image" ) )
2015-08-01 02:27:19 -04:00
// Load the target manifest blob.
manifestBlob := s . reg . readBlobContents ( c , manifestDigest )
2015-12-18 18:06:23 -05:00
var imgManifest schema2 . Manifest
err = json . Unmarshal ( manifestBlob , & imgManifest )
c . Assert ( err , checker . IsNil , check . Commentf ( "unable to decode image manifest from blob" ) )
// Change a layer in the manifest.
imgManifest . Layers [ 0 ] . Digest = digest . Digest ( "sha256:0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef" )
// Move the existing data file aside, so that we can replace it with a
// malicious blob of data. NOTE: we defer the returned undo func.
undo := s . reg . tempMoveBlobData ( c , manifestDigest )
defer undo ( )
alteredManifestBlob , err := json . MarshalIndent ( imgManifest , "" , " " )
c . Assert ( err , checker . IsNil , check . Commentf ( "unable to encode altered image manifest to JSON" ) )
s . reg . writeBlobContents ( c , manifestDigest , alteredManifestBlob )
// Now try pulling that image by digest. We should get an error about
// digest verification for the manifest digest.
// Pull from the registry using the <name>@<digest> reference.
imageReference := fmt . Sprintf ( "%s@%s" , repoName , manifestDigest )
out , exitStatus , _ := dockerCmdWithError ( "pull" , imageReference )
c . Assert ( exitStatus , checker . Not ( check . Equals ) , 0 )
expectedErrorMsg := fmt . Sprintf ( "manifest verification failed for digest %s" , manifestDigest )
c . Assert ( out , checker . Contains , expectedErrorMsg )
}
// TestPullFailsWithAlteredManifest tests that a `docker pull` fails when
// we have modified a manifest blob and its digest cannot be verified.
// This is the schema1 version of the test.
func ( s * DockerSchema1RegistrySuite ) TestPullFailsWithAlteredManifest ( c * check . C ) {
testRequires ( c , DaemonIsLinux )
manifestDigest , err := setupImage ( c )
c . Assert ( err , checker . IsNil , check . Commentf ( "error setting up image" ) )
// Load the target manifest blob.
manifestBlob := s . reg . readBlobContents ( c , manifestDigest )
2015-10-30 20:46:25 -04:00
var imgManifest schema1 . Manifest
2015-10-27 16:59:13 -04:00
err = json . Unmarshal ( manifestBlob , & imgManifest )
c . Assert ( err , checker . IsNil , check . Commentf ( "unable to decode image manifest from blob" ) )
2015-08-01 02:27:19 -04:00
2015-10-30 20:46:25 -04:00
// Change a layer in the manifest.
imgManifest . FSLayers [ 0 ] = schema1 . FSLayer {
2015-08-01 02:27:19 -04:00
BlobSum : digest . Digest ( "sha256:0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef" ) ,
2015-10-30 20:46:25 -04:00
}
2015-08-01 02:27:19 -04:00
// Move the existing data file aside, so that we can replace it with a
// malicious blob of data. NOTE: we defer the returned undo func.
undo := s . reg . tempMoveBlobData ( c , manifestDigest )
defer undo ( )
2015-10-30 20:46:25 -04:00
alteredManifestBlob , err := json . MarshalIndent ( imgManifest , "" , " " )
2015-10-27 16:59:13 -04:00
c . Assert ( err , checker . IsNil , check . Commentf ( "unable to encode altered image manifest to JSON" ) )
2015-08-01 02:27:19 -04:00
s . reg . writeBlobContents ( c , manifestDigest , alteredManifestBlob )
// Now try pulling that image by digest. We should get an error about
// digest verification for the manifest digest.
// Pull from the registry using the <name>@<digest> reference.
imageReference := fmt . Sprintf ( "%s@%s" , repoName , manifestDigest )
out , exitStatus , _ := dockerCmdWithError ( "pull" , imageReference )
2015-10-27 16:59:13 -04:00
c . Assert ( exitStatus , checker . Not ( check . Equals ) , 0 )
2015-08-01 02:27:19 -04:00
expectedErrorMsg := fmt . Sprintf ( "image verification failed for digest %s" , manifestDigest )
2015-10-27 16:59:13 -04:00
c . Assert ( out , checker . Contains , expectedErrorMsg )
2015-08-01 02:27:19 -04:00
}
// TestPullFailsWithAlteredLayer tests that a `docker pull` fails when
// we have modified a layer blob and its digest cannot be verified.
2015-12-18 18:06:23 -05:00
// This is the schema2 version of the test.
2015-08-01 02:27:19 -04:00
func ( s * DockerRegistrySuite ) TestPullFailsWithAlteredLayer ( c * check . C ) {
2015-08-28 13:36:42 -04:00
testRequires ( c , DaemonIsLinux )
2015-08-01 02:27:19 -04:00
manifestDigest , err := setupImage ( c )
2015-10-27 16:59:13 -04:00
c . Assert ( err , checker . IsNil )
2015-08-01 02:27:19 -04:00
// Load the target manifest blob.
manifestBlob := s . reg . readBlobContents ( c , manifestDigest )
2015-12-18 18:06:23 -05:00
var imgManifest schema2 . Manifest
err = json . Unmarshal ( manifestBlob , & imgManifest )
c . Assert ( err , checker . IsNil )
// Next, get the digest of one of the layers from the manifest.
targetLayerDigest := imgManifest . Layers [ 0 ] . Digest
// Move the existing data file aside, so that we can replace it with a
// malicious blob of data. NOTE: we defer the returned undo func.
undo := s . reg . tempMoveBlobData ( c , targetLayerDigest )
defer undo ( )
// Now make a fake data blob in this directory.
s . reg . writeBlobContents ( c , targetLayerDigest , [ ] byte ( "This is not the data you are looking for." ) )
// Now try pulling that image by digest. We should get an error about
// digest verification for the target layer digest.
// Remove distribution cache to force a re-pull of the blobs
if err := os . RemoveAll ( filepath . Join ( dockerBasePath , "image" , s . d . storageDriver , "distribution" ) ) ; err != nil {
c . Fatalf ( "error clearing distribution cache: %v" , err )
}
// Pull from the registry using the <name>@<digest> reference.
imageReference := fmt . Sprintf ( "%s@%s" , repoName , manifestDigest )
out , exitStatus , _ := dockerCmdWithError ( "pull" , imageReference )
c . Assert ( exitStatus , checker . Not ( check . Equals ) , 0 , check . Commentf ( "expected a zero exit status" ) )
expectedErrorMsg := fmt . Sprintf ( "filesystem layer verification failed for digest %s" , targetLayerDigest )
c . Assert ( out , checker . Contains , expectedErrorMsg , check . Commentf ( "expected error message in output: %s" , out ) )
}
// TestPullFailsWithAlteredLayer tests that a `docker pull` fails when
// we have modified a layer blob and its digest cannot be verified.
// This is the schema1 version of the test.
func ( s * DockerSchema1RegistrySuite ) TestPullFailsWithAlteredLayer ( c * check . C ) {
testRequires ( c , DaemonIsLinux )
manifestDigest , err := setupImage ( c )
c . Assert ( err , checker . IsNil )
// Load the target manifest blob.
manifestBlob := s . reg . readBlobContents ( c , manifestDigest )
2015-10-30 20:46:25 -04:00
var imgManifest schema1 . Manifest
2015-10-27 16:59:13 -04:00
err = json . Unmarshal ( manifestBlob , & imgManifest )
c . Assert ( err , checker . IsNil )
2015-08-01 02:27:19 -04:00
// Next, get the digest of one of the layers from the manifest.
targetLayerDigest := imgManifest . FSLayers [ 0 ] . BlobSum
// Move the existing data file aside, so that we can replace it with a
// malicious blob of data. NOTE: we defer the returned undo func.
undo := s . reg . tempMoveBlobData ( c , targetLayerDigest )
defer undo ( )
// Now make a fake data blob in this directory.
s . reg . writeBlobContents ( c , targetLayerDigest , [ ] byte ( "This is not the data you are looking for." ) )
// Now try pulling that image by digest. We should get an error about
// digest verification for the target layer digest.
2015-11-18 17:20:54 -05:00
// Remove distribution cache to force a re-pull of the blobs
if err := os . RemoveAll ( filepath . Join ( dockerBasePath , "image" , s . d . storageDriver , "distribution" ) ) ; err != nil {
c . Fatalf ( "error clearing distribution cache: %v" , err )
}
2015-08-01 02:27:19 -04:00
// Pull from the registry using the <name>@<digest> reference.
imageReference := fmt . Sprintf ( "%s@%s" , repoName , manifestDigest )
out , exitStatus , _ := dockerCmdWithError ( "pull" , imageReference )
2015-10-27 16:59:13 -04:00
c . Assert ( exitStatus , checker . Not ( check . Equals ) , 0 , check . Commentf ( "expected a zero exit status" ) )
2015-08-01 02:27:19 -04:00
expectedErrorMsg := fmt . Sprintf ( "filesystem layer verification failed for digest %s" , targetLayerDigest )
2015-10-27 16:59:13 -04:00
c . Assert ( out , checker . Contains , expectedErrorMsg , check . Commentf ( "expected error message in output: %s" , out ) )
2015-08-01 02:27:19 -04:00
}