mirror of
https://github.com/moby/moby.git
synced 2022-11-09 12:21:53 -05:00
Merge pull request #16958 from tonistiigi/digest-collision
Make sure tags and digests don’t collide
This commit is contained in:
commit
9a13c2dc79
3 changed files with 26 additions and 8 deletions
|
@ -10,6 +10,7 @@ import (
|
|||
"time"
|
||||
|
||||
"github.com/Sirupsen/logrus"
|
||||
"github.com/docker/distribution/digest"
|
||||
"github.com/docker/docker/pkg/archive"
|
||||
"github.com/docker/docker/pkg/parsers"
|
||||
"github.com/docker/docker/registry"
|
||||
|
@ -59,6 +60,11 @@ func (s *TagStore) ImageExport(names []string, outStream io.Writer) error {
|
|||
// This is a named image like 'busybox:latest'
|
||||
repoName, repoTag := parsers.ParseRepositoryTag(name)
|
||||
|
||||
// Skip digests on save
|
||||
if _, err := digest.ParseDigest(repoTag); err == nil {
|
||||
repoTag = ""
|
||||
}
|
||||
|
||||
// check this length, because a lookup of a truncated has will not have a tag
|
||||
// and will not need to be added to this map
|
||||
if len(repoTag) > 0 {
|
||||
|
|
|
@ -277,14 +277,7 @@ func (store *TagStore) setLoad(repoName, tag, imageName string, force bool, out
|
|||
return err
|
||||
}
|
||||
if err := tags.ValidateTagName(tag); err != nil {
|
||||
if _, formatError := err.(tags.ErrTagInvalidFormat); !formatError {
|
||||
return err
|
||||
}
|
||||
if _, dErr := digest.ParseDigest(tag); dErr != nil {
|
||||
// Still return the tag validation error.
|
||||
// It's more likely to be a user generated issue.
|
||||
return err
|
||||
}
|
||||
return err
|
||||
}
|
||||
if err := store.reload(); err != nil {
|
||||
return err
|
||||
|
|
|
@ -152,3 +152,22 @@ func (s *DockerSuite) TestTagOfficialNames(c *check.C) {
|
|||
deleteImages("fooo/bar:latest")
|
||||
}
|
||||
}
|
||||
|
||||
// ensure tags can not match digests
|
||||
func (s *DockerSuite) TestTagMatchesDigest(c *check.C) {
|
||||
testRequires(c, DaemonIsLinux)
|
||||
if err := pullImageIfNotExist("busybox:latest"); err != nil {
|
||||
c.Fatal("couldn't find the busybox:latest image locally and failed to pull it")
|
||||
}
|
||||
digest := "busybox@sha256:abcdef76720241213f5303bda7704ec4c2ef75613173910a56fb1b6e20251507"
|
||||
// test setting tag fails
|
||||
_, _, err := dockerCmdWithError("tag", "-f", "busybox:latest", digest)
|
||||
if err == nil {
|
||||
c.Fatal("digest tag a name should have failed")
|
||||
}
|
||||
// check that no new image matches the digest
|
||||
_, _, err = dockerCmdWithError("inspect", digest)
|
||||
if err == nil {
|
||||
c.Fatal("inspecting by digest should have failed")
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue