1. docker
  2. Commit 514be385f7451df8bbf9e1a7bb015e3baec406f1
Browse code

Support push and pull of sha256

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)

Derek McGowan authored on 2015/03/12 00:17:48
Showing 3 changed files
Dockerfile
History View file @ 514be38
... ... 
@@ -108,7 +108,7 @@ RUN go get golang.org/x/tools/cmd/cover
108 108 
 RUN gem install --no-rdoc --no-ri fpm --version 1.3.2
109 109
110 110 
 # Install registry
111 
-ENV REGISTRY_COMMIT b4cc5e3ecc2e9f4fa0e95d94c389e1d79e902486
111 
+ENV REGISTRY_COMMIT 0c130dff5baf3168f2c85630c6d2344b81261269
112 112 
 RUN set -x \
113 113 
 	&& git clone https://github.com/docker/distribution.git /go/src/github.com/docker/distribution \
114 114 
 	&& (cd /go/src/github.com/docker/distribution && git checkout -q $REGISTRY_COMMIT) \
graph/pull.go
History View file @ 514be38
... ... 
@@ -11,11 +11,11 @@ import (
11 11 
 	"time"
12 12
13 13 
 	log "github.com/Sirupsen/logrus"
14 
+	"github.com/docker/distribution/digest"
14 15 
 	"github.com/docker/docker/engine"
15 16 
 	"github.com/docker/docker/image"
16 17 
 	"github.com/docker/docker/pkg/common"
17 18 
 	"github.com/docker/docker/pkg/progressreader"
18 
-	"github.com/docker/docker/pkg/tarsum"
19 19 
 	"github.com/docker/docker/registry"
20 20 
 	"github.com/docker/docker/utils"
21 21 
 )
... ... 
@@ -375,6 +375,7 @@ func WriteStatus(requestedTag string, out io.Writer, sf *utils.StreamFormatter,
375 375 
 type downloadInfo struct {
376 376 
 	imgJSON    []byte
377 377 
 	img        *image.Image
378 
+	digest     digest.Digest
378 379 
 	tmpFile    *os.File
379 380 
 	length     int64
380 381 
 	downloaded bool
... ... 
@@ -429,7 +430,7 @@ func (s *TagStore) pullV2Repository(eng *engine.Engine, r *registry.Session, out
429 429
430 430 
 func (s *TagStore) pullV2Tag(eng *engine.Engine, r *registry.Session, out io.Writer, endpoint *registry.Endpoint, repoInfo *registry.RepositoryInfo, tag string, sf *utils.StreamFormatter, parallel bool, auth *registry.RequestAuthorization) (bool, error) {
431 431 
 	log.Debugf("Pulling tag from V2 registry: %q", tag)
432 
-	manifestBytes, digest, err := r.GetV2ImageManifest(endpoint, repoInfo.RemoteName, tag, auth)
432 
+	manifestBytes, manifestDigest, err := r.GetV2ImageManifest(endpoint, repoInfo.RemoteName, tag, auth)
433 433 
 	if err != nil {
434 434 
 		return false, err
435 435 
 	}
... ... 
@@ -468,11 +469,12 @@ func (s *TagStore) pullV2Tag(eng *engine.Engine, r *registry.Session, out io.Wri
468 468 
 			continue
469 469 
 		}
470 470
471 
-		chunks := strings.SplitN(sumStr, ":", 2)
472 
-		if len(chunks) < 2 {
473 
-			return false, fmt.Errorf("expected 2 parts in the sumStr, got %#v", chunks)
471 
+		dgst, err := digest.ParseDigest(sumStr)
472 
+		if err != nil {
473 
+			return false, err
474 474 
 		}
475 
-		sumType, checksum := chunks[0], chunks[1]
475 
+		downloads[i].digest = dgst
476 
+
476 477 
 		out.Write(sf.FormatProgress(common.TruncateID(img.ID), "Pulling fs layer", nil))
477 478
478 479 
 		downloadFunc := func(di *downloadInfo) error {
... ... 
@@ -493,20 +495,19 @@ func (s *TagStore) pullV2Tag(eng *engine.Engine, r *registry.Session, out io.Wri
493 493 
 					return err
494 494 
 				}
495 495
496 
-				r, l, err := r.GetV2ImageBlobReader(endpoint, repoInfo.RemoteName, sumType, checksum, auth)
496 
+				r, l, err := r.GetV2ImageBlobReader(endpoint, repoInfo.RemoteName, di.digest.Algorithm(), di.digest.Hex(), auth)
497 497 
 				if err != nil {
498 498 
 					return err
499 499 
 				}
500 500 
 				defer r.Close()
501 501
502 
-				// Wrap the reader with the appropriate TarSum reader.
503 
-				tarSumReader, err := tarsum.NewTarSumForLabel(r, true, sumType)
502 
+				verifier, err := digest.NewDigestVerifier(di.digest)
504 503 
 				if err != nil {
505 
-					return fmt.Errorf("unable to wrap image blob reader with TarSum: %s", err)
504 
+					return err
506 505 
 				}
507 506
508 507 
 				if _, err := io.Copy(tmpFile, progressreader.New(progressreader.Config{
509 
-					In:        ioutil.NopCloser(tarSumReader),
508 
+					In:        ioutil.NopCloser(io.TeeReader(r, verifier)),
510 509 
 					Out:       out,
511 510 
 					Formatter: sf,
512 511 
 					Size:      int(l),
... ... 
@@ -519,8 +520,8 @@ func (s *TagStore) pullV2Tag(eng *engine.Engine, r *registry.Session, out io.Wri
519 519
520 520 
 				out.Write(sf.FormatProgress(common.TruncateID(img.ID), "Verifying Checksum", nil))
521 521
522 
-				if finalChecksum := tarSumReader.Sum(nil); !strings.EqualFold(finalChecksum, sumStr) {
523 
-					log.Infof("Image verification failed: checksum mismatch - expected %q but got %q", sumStr, finalChecksum)
522 
+				if !verifier.Verified() {
523 
+					log.Infof("Image verification failed: checksum mismatch for %q", di.digest.String())
524 524 
 					verified = false
525 525 
 				}
526 526
... ... 
@@ -604,8 +605,8 @@ func (s *TagStore) pullV2Tag(eng *engine.Engine, r *registry.Session, out io.Wri
604 604 
 		out.Write(sf.FormatStatus(utils.ImageReference(repoInfo.CanonicalName, tag), "The image you are pulling has been verified. Important: image verification is a tech preview feature and should not be relied on to provide security."))
605 605 
 	}
606 606
607 
-	if len(digest) > 0 {
608 
-		out.Write(sf.FormatStatus("", "Digest: %s", digest))
607 
+	if len(manifestDigest) > 0 {
608 
+		out.Write(sf.FormatStatus("", "Digest: %s", manifestDigest))
609 609 
 	}
610 610
611 611 
 	if utils.DigestReference(tag) {
graph/push.go
History View file @ 514be38
... ... 
@@ -2,6 +2,7 @@ package graph
2 2
3 3 
 import (
4 4 
 	"bytes"
5 
+	"crypto/sha256"
5 6 
 	"encoding/json"
6 7 
 	"errors"
7 8 
 	"fmt"
... ... 
@@ -13,11 +14,11 @@ import (
13 13 
 	"sync"
14 14
15 15 
 	log "github.com/Sirupsen/logrus"
16 
+	"github.com/docker/distribution/digest"
16 17 
 	"github.com/docker/docker/engine"
17 18 
 	"github.com/docker/docker/image"
18 19 
 	"github.com/docker/docker/pkg/common"
19 20 
 	"github.com/docker/docker/pkg/progressreader"
20 
-	"github.com/docker/docker/pkg/tarsum"
21 21 
 	"github.com/docker/docker/registry"
22 22 
 	"github.com/docker/docker/runconfig"
23 23 
 	"github.com/docker/docker/utils"
... ... 
@@ -466,24 +467,17 @@ func (s *TagStore) pushV2Image(r *registry.Session, img *image.Image, endpoint *
466 466 
 		os.Remove(tf.Name())
467 467 
 	}()
468 468
469 
-	ts, err := tarsum.NewTarSum(arch, true, tarsum.Version1)
469 
+	h := sha256.New()
470 
+	size, err := bufferToFile(tf, io.TeeReader(arch, h))
470 471 
 	if err != nil {
471 472 
 		return "", err
472 473 
 	}
473 
-	size, err := bufferToFile(tf, ts)
474 
-	if err != nil {
475 
-		return "", err
476 
-	}
477 
-	checksum := ts.Sum(nil)
478 
-	sumParts := strings.SplitN(checksum, ":", 2)
479 
-	if len(sumParts) < 2 {
480 
-		return "", fmt.Errorf("Invalid checksum: %s", checksum)
481 
-	}
474 
+	dgst := digest.NewDigest("sha256", h)
482 475
483 476 
 	// Send the layer
484 477 
 	log.Debugf("rendered layer for %s of [%d] size", img.ID, size)
485 478
486 
-	if err := r.PutV2ImageBlob(endpoint, imageName, sumParts[0], sumParts[1],
479 
+	if err := r.PutV2ImageBlob(endpoint, imageName, dgst.Algorithm(), dgst.Hex(),
487 480 
 		progressreader.New(progressreader.Config{
488 481 
 			In:        tf,
489 482 
 			Out:       out,
... ... 
@@ -497,7 +491,7 @@ func (s *TagStore) pushV2Image(r *registry.Session, img *image.Image, endpoint *
497 497 
 		return "", err
498 498 
 	}
499 499 
 	out.Write(sf.FormatProgress(common.TruncateID(img.ID), "Image successfully pushed", nil))
500 
-	return checksum, nil
500 
+	return dgst.String(), nil
501 501 
 }
502 502
503 503 
 // FIXME: Allow to interrupt current push when new push of same image is done.