mirror of
https://github.com/moby/moby.git
synced 2022-11-09 12:21:53 -05:00
65370be888
The trust code used to parse the console output of `docker push` to extract the digest, tag, and size information and determine what to sign. This is fragile and might give an attacker control over what gets signed if the attacker can find a way to influence what gets printed as part of the push output. This commit sends the push metadata out-of-band. It introduces an `Aux` field in JSONMessage that can carry application-specific data alongside progress updates. Instead of parsing formatted output, the client looks in this field to get the digest, size, and tag from the push. Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
87 lines
2.5 KiB
Go
87 lines
2.5 KiB
Go
package client
|
|
|
|
import (
|
|
"errors"
|
|
"fmt"
|
|
|
|
Cli "github.com/docker/docker/cli"
|
|
"github.com/docker/docker/pkg/jsonmessage"
|
|
flag "github.com/docker/docker/pkg/mflag"
|
|
"github.com/docker/docker/reference"
|
|
"github.com/docker/docker/registry"
|
|
"github.com/docker/engine-api/client"
|
|
"github.com/docker/engine-api/types"
|
|
)
|
|
|
|
// CmdPull pulls an image or a repository from the registry.
|
|
//
|
|
// Usage: docker pull [OPTIONS] IMAGENAME[:TAG|@DIGEST]
|
|
func (cli *DockerCli) CmdPull(args ...string) error {
|
|
cmd := Cli.Subcmd("pull", []string{"NAME[:TAG|@DIGEST]"}, Cli.DockerCommands["pull"].Description, true)
|
|
allTags := cmd.Bool([]string{"a", "-all-tags"}, false, "Download all tagged images in the repository")
|
|
addTrustedFlags(cmd, true)
|
|
cmd.Require(flag.Exact, 1)
|
|
|
|
cmd.ParseFlags(args, true)
|
|
remote := cmd.Arg(0)
|
|
|
|
distributionRef, err := reference.ParseNamed(remote)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
if *allTags && !reference.IsNameOnly(distributionRef) {
|
|
return errors.New("tag can't be used with --all-tags/-a")
|
|
}
|
|
|
|
if !*allTags && reference.IsNameOnly(distributionRef) {
|
|
distributionRef = reference.WithDefaultTag(distributionRef)
|
|
fmt.Fprintf(cli.out, "Using default tag: %s\n", reference.DefaultTag)
|
|
}
|
|
|
|
var tag string
|
|
switch x := distributionRef.(type) {
|
|
case reference.Canonical:
|
|
tag = x.Digest().String()
|
|
case reference.NamedTagged:
|
|
tag = x.Tag()
|
|
}
|
|
|
|
ref := registry.ParseReference(tag)
|
|
|
|
// Resolve the Repository name from fqn to RepositoryInfo
|
|
repoInfo, err := registry.ParseRepositoryInfo(distributionRef)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
authConfig := registry.ResolveAuthConfig(cli.configFile.AuthConfigs, repoInfo.Index)
|
|
requestPrivilege := cli.registryAuthenticationPrivilegedFunc(repoInfo.Index, "pull")
|
|
|
|
if isTrusted() && !ref.HasDigest() {
|
|
// Check if tag is digest
|
|
return cli.trustedPull(repoInfo, ref, authConfig, requestPrivilege)
|
|
}
|
|
|
|
return cli.imagePullPrivileged(authConfig, distributionRef.String(), "", requestPrivilege)
|
|
}
|
|
|
|
func (cli *DockerCli) imagePullPrivileged(authConfig types.AuthConfig, imageID, tag string, requestPrivilege client.RequestPrivilegeFunc) error {
|
|
|
|
encodedAuth, err := encodeAuthToBase64(authConfig)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
options := types.ImagePullOptions{
|
|
ImageID: imageID,
|
|
Tag: tag,
|
|
RegistryAuth: encodedAuth,
|
|
}
|
|
|
|
responseBody, err := cli.client.ImagePull(options, requestPrivilege)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
defer responseBody.Close()
|
|
|
|
return jsonmessage.DisplayJSONMessagesStream(responseBody, cli.out, cli.outFd, cli.isTerminalOut, nil)
|
|
}
|