diff --git a/Dockerfile b/Dockerfile index 2389aa79b2..07c30c9361 100644 --- a/Dockerfile +++ b/Dockerfile @@ -146,7 +146,7 @@ RUN ln -sfv $PWD/.bashrc ~/.bashrc COPY contrib/download-frozen-image.sh /go/src/github.com/docker/docker/contrib/ RUN ./contrib/download-frozen-image.sh /docker-frozen-images \ busybox:latest@4986bf8c15363d1c5d15512d5266f8777bfba4974ac56e3270e7760f6f0a8125 \ - hello-world:latest@e45a5af57b00862e5ef5782a9925979a02ba2b12dff832fd0991335f4a11e5c5 + hello-world:frozen@e45a5af57b00862e5ef5782a9925979a02ba2b12dff832fd0991335f4a11e5c5 # see also "hack/make/.ensure-frozen-images" (which needs to be updated any time this list is) # Install man page generator diff --git a/graph/pull.go b/graph/pull.go index 27830f64e3..40bb39ae68 100644 --- a/graph/pull.go +++ b/graph/pull.go @@ -532,7 +532,7 @@ func (s *TagStore) pullV2Tag(eng *engine.Engine, r *registry.Session, out io.Wri } } - var layersDownloaded bool + var tagUpdated bool for i := len(downloads) - 1; i >= 0; i-- { d := &downloads[i] if d.err != nil { @@ -556,14 +556,27 @@ func (s *TagStore) pullV2Tag(eng *engine.Engine, r *registry.Session, out io.Wri // FIXME: Pool release here for parallel tag pull (ensures any downloads block until fully extracted) } out.Write(sf.FormatProgress(common.TruncateID(d.img.ID), "Pull complete", nil)) - layersDownloaded = true + tagUpdated = true } else { out.Write(sf.FormatProgress(common.TruncateID(d.img.ID), "Already exists", nil)) } } - if verified && layersDownloaded { + // Check for new tag if no layers downloaded + if !tagUpdated { + repo, err := s.Get(repoInfo.LocalName) + if err != nil { + return false, err + } + if repo != nil { + if _, exists := repo[tag]; !exists { + tagUpdated = true + } + } + } + + if verified && tagUpdated { out.Write(sf.FormatStatus(repoInfo.CanonicalName+":"+tag, "The image you are pulling has been verified. Important: image verification is a tech preview feature and should not be relied on to provide security.")) } @@ -571,5 +584,5 @@ func (s *TagStore) pullV2Tag(eng *engine.Engine, r *registry.Session, out io.Wri return false, err } - return layersDownloaded, nil + return tagUpdated, nil } diff --git a/hack/make/.ensure-frozen-images b/hack/make/.ensure-frozen-images index a0b4efc1e9..ec65b83370 100644 --- a/hack/make/.ensure-frozen-images +++ b/hack/make/.ensure-frozen-images @@ -4,7 +4,7 @@ set -e # this list should match roughly what's in the Dockerfile (minus the explicit image IDs, of course) images=( busybox:latest - hello-world:latest + hello-world:frozen ) if ! docker inspect "${images[@]}" &> /dev/null; then diff --git a/integration-cli/docker_cli_build_test.go b/integration-cli/docker_cli_build_test.go index ecef76f9da..729b538053 100644 --- a/integration-cli/docker_cli_build_test.go +++ b/integration-cli/docker_cli_build_test.go @@ -5234,7 +5234,7 @@ func TestBuildRUNoneJSON(t *testing.T) { defer deleteAllContainers() defer deleteImages(name) - ctx, err := fakeContext(`FROM hello-world:latest + ctx, err := fakeContext(`FROM hello-world:frozen RUN [ "/hello" ]`, map[string]string{}) if err != nil { t.Fatal(err)