kotovalexarian-likes-github/moby--moby
1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00
Code Releases Activity

Merge pull request #10305 from jlhawn/use_tarsum_v1

Browse source 
Always store images with tarsum.v1 checksum added
This commit is contained in:
Arnaud Porterie 2015-01-26 14:42:07 -08:00
commit bfa0dc47da
3 changed files with 21 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
image/image.go
View file

@ -80,8 +80,8 @@ func LoadImage(root string) (*Image, error) {
// StoreImage stores file system layer data for the given image to the // StoreImage stores file system layer data for the given image to the
// image's registered storage driver. Image metadata is stored in a file // image's registered storage driver. Image metadata is stored in a file
// at the specified root directory. This function also computes the TarSum // at the specified root directory. This function also computes a checksum
// of `layerData` (currently using tarsum.dev). // of `layerData` if the image does not have one already.
func StoreImage(img *Image, layerData archive.ArchiveReader, root string) error { func StoreImage(img *Image, layerData archive.ArchiveReader, root string) error {
// Store the layer // Store the layer
var ( var (
@ -95,15 +95,18 @@ func StoreImage(img *Image, layerData archive.ArchiveReader, root string) error
if layerData != nil { if layerData != nil {
// If the image doesn't have a checksum, we should add it. The layer // If the image doesn't have a checksum, we should add it. The layer
// checksums are verified when they are pulled from a remote, but when // checksums are verified when they are pulled from a remote, but when
// a container is committed it should be added here. // a container is committed it should be added here. Also ensure that
if img.Checksum == "" { // the stored checksum has the latest version of tarsum (assuming we
// are using tarsum).
if tarsum.VersionLabelForChecksum(img.Checksum) != tarsum.Version1.String() {
// Either there was no checksum or it's not a tarsum.v1
layerDataDecompressed, err := archive.DecompressStream(layerData) layerDataDecompressed, err := archive.DecompressStream(layerData)
if err != nil { if err != nil {
return err return err
} }
defer layerDataDecompressed.Close() defer layerDataDecompressed.Close()
if layerTarSum, err = tarsum.NewTarSum(layerDataDecompressed, true, tarsum.VersionDev); err != nil { if layerTarSum, err = tarsum.NewTarSum(layerDataDecompressed, true, tarsum.Version1); err != nil {
return err return err
} }

1
pkg/tarsum/tarsum.go
View file

@ -122,6 +122,7 @@ type tHashConfig struct {
} }
var ( var (
// NOTE: DO NOT include MD5 or SHA1, which are considered insecure.
standardHashConfigs = map[string]tHashConfig{ standardHashConfigs = map[string]tHashConfig{
"sha256": {name: "sha256", hash: crypto.SHA256}, "sha256": {name: "sha256", hash: crypto.SHA256},
"sha512": {name: "sha512", hash: crypto.SHA512}, "sha512": {name: "sha512", hash: crypto.SHA512},

12
pkg/tarsum/versioning.go
View file

@ -22,6 +22,18 @@ const (
VersionDev VersionDev
) )
// VersionLabelForChecksum returns the label for the given tarsum
// checksum, i.e., everything before the first `+` character in
// the string or an empty string if no label separator is found.
func VersionLabelForChecksum(checksum string) string {
// Checksums are in the form: {versionLabel}+{hashID}:{hex}
sepIndex := strings.Index(checksum, "+")
if sepIndex < 0 {
return ""
}
return checksum[:sepIndex]
}
// Get a list of all known tarsum Version // Get a list of all known tarsum Version
func GetVersions() []Version { func GetVersions() []Version {
v := []Version{} v := []Version{}