Skip to content

Commit 37624b0

Browse files
wkingwking
committed
image: Port to go-digest
Outsource this stuff to avoid duplication of effort. newDescriptor was returning just the hex and createHashedBlob (its only consumer) was fixing that (by the "Normalize the hashed digest" comment) so it didn't have to split the hash (Hex) back off. But that seems confusing to me, so I've fixed newDescriptor to create a non-busted digest which we split back apart in createHashedBlob. Signed-off-by: W. Trevor King <[email protected]>
1 parent ad0de71 commit 37624b0

File tree

3 files changed

+29
-29
lines changed

3 files changed

+29
-29
lines changed

image/descriptor.go

Lines changed: 9 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -15,15 +15,14 @@
1515
package image
1616

1717
import (
18-
"crypto/sha256"
19-
"encoding/hex"
2018
"encoding/json"
2119
"fmt"
2220
"io"
2321
"os"
2422
"path/filepath"
2523
"strings"
2624

25+
"github.com/opencontainers/go-digest"
2726
"github.com/pkg/errors"
2827
)
2928

@@ -116,15 +115,18 @@ func (d *descriptor) validate(w walker, mts []string) error {
116115
}
117116

118117
func (d *descriptor) validateContent(r io.Reader) error {
119-
h := sha256.New()
120-
n, err := io.Copy(h, r)
118+
parsed, err := digest.Parse(d.Digest)
121119
if err != nil {
122-
return errors.Wrap(err, "error generating hash")
120+
return err
123121
}
124122

125-
digest := "sha256:" + hex.EncodeToString(h.Sum(nil))
123+
verifier := parsed.Verifier()
124+
n, err := io.Copy(verifier, r)
125+
if err != nil {
126+
return errors.Wrap(err, "error generating hash")
127+
}
126128

127-
if digest != d.Digest {
129+
if !verifier.Verified() {
128130
return errors.New("digest mismatch")
129131
}
130132

image/image_test.go

Lines changed: 10 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -18,8 +18,6 @@ import (
1818
"archive/tar"
1919
"bytes"
2020
"compress/gzip"
21-
"crypto/sha256"
22-
"fmt"
2321
"io"
2422
"io/ioutil"
2523
"os"
@@ -28,6 +26,7 @@ import (
2826
"strings"
2927
"testing"
3028

29+
"github.com/opencontainers/go-digest"
3130
"github.com/opencontainers/image-spec/specs-go/v1"
3231
)
3332

@@ -295,14 +294,16 @@ func createHashedBlob(name string) (descriptor, error) {
295294
return descriptor{}, err
296295
}
297296

298-
// Rename the file to hashed-digest name.
299-
err = os.Rename(name, filepath.Join(filepath.Dir(name), desc.Digest))
297+
parsed, err := digest.Parse(desc.Digest)
300298
if err != nil {
301299
return descriptor{}, err
302300
}
303301

304-
//Normalize the hashed digest.
305-
desc.Digest = "sha256:" + desc.Digest
302+
// Rename the file to hashed-digest name.
303+
err = os.Rename(name, filepath.Join(filepath.Dir(name), parsed.Hex()))
304+
if err != nil {
305+
return descriptor{}, err
306+
}
306307

307308
return desc, nil
308309
}
@@ -314,15 +315,14 @@ func newDescriptor(name string) (descriptor, error) {
314315
}
315316
defer file.Close()
316317

317-
// generate sha256 hash
318-
hash := sha256.New()
319-
size, err := io.Copy(hash, file)
318+
digester := digest.SHA256.Digester()
319+
size, err := io.Copy(digester.Hash(), file)
320320
if err != nil {
321321
return descriptor{}, err
322322
}
323323

324324
return descriptor{
325-
Digest: fmt.Sprintf("%x", hash.Sum(nil)),
325+
Digest: digester.Digest().String(),
326326
Size: size,
327327
}, nil
328328
}

image/manifest_test.go

Lines changed: 10 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -18,14 +18,14 @@ import (
1818
"archive/tar"
1919
"bytes"
2020
"compress/gzip"
21-
"crypto/sha256"
22-
"fmt"
2321
"io"
2422
"io/ioutil"
2523
"os"
2624
"path/filepath"
2725
"strings"
2826
"testing"
27+
28+
"github.com/opencontainers/go-digest"
2929
)
3030

3131
func TestUnpackLayerDuplicateEntries(t *testing.T) {
@@ -90,26 +90,25 @@ func TestUnpackLayer(t *testing.T) {
9090
gw.Close()
9191
f.Close()
9292

93-
// generate sha256 hash
94-
h := sha256.New()
93+
digester := digest.SHA256.Digester()
9594
file, err := os.Open(tarfile)
9695
if err != nil {
9796
t.Fatal(err)
9897
}
9998
defer file.Close()
100-
_, err = io.Copy(h, file)
99+
_, err = io.Copy(digester.Hash(), file)
101100
if err != nil {
102101
t.Fatal(err)
103102
}
104-
err = os.Rename(tarfile, filepath.Join(tmp1, "blobs", "sha256", fmt.Sprintf("%x", h.Sum(nil))))
103+
err = os.Rename(tarfile, filepath.Join(tmp1, "blobs", "sha256", digester.Digest().Hex()))
105104
if err != nil {
106105
t.Fatal(err)
107106
}
108107

109108
testManifest := manifest{
110109
Layers: []descriptor{descriptor{
111110
MediaType: "application/vnd.oci.image.layer.v1.tar+gzip",
112-
Digest: fmt.Sprintf("sha256:%s", fmt.Sprintf("%x", h.Sum(nil))),
111+
Digest: digester.Digest().String(),
113112
}},
114113
}
115114
err = testManifest.unpack(newPathWalker(tmp1), filepath.Join(tmp1, "rootfs"))
@@ -151,26 +150,25 @@ func TestUnpackLayerRemovePartialyUnpackedFile(t *testing.T) {
151150
gw.Close()
152151
f.Close()
153152

154-
// generate sha256 hash
155-
h := sha256.New()
153+
digester := digest.SHA256.Digester()
156154
file, err := os.Open(tarfile)
157155
if err != nil {
158156
t.Fatal(err)
159157
}
160158
defer file.Close()
161-
_, err = io.Copy(h, file)
159+
_, err = io.Copy(digester.Hash(), file)
162160
if err != nil {
163161
t.Fatal(err)
164162
}
165-
err = os.Rename(tarfile, filepath.Join(tmp1, "blobs", "sha256", fmt.Sprintf("%x", h.Sum(nil))))
163+
err = os.Rename(tarfile, filepath.Join(tmp1, "blobs", "sha256", digester.Digest().Hex()))
166164
if err != nil {
167165
t.Fatal(err)
168166
}
169167

170168
testManifest := manifest{
171169
Layers: []descriptor{descriptor{
172170
MediaType: "application/vnd.oci.image.layer.v1.tar+gzip",
173-
Digest: fmt.Sprintf("sha256:%s", fmt.Sprintf("%x", h.Sum(nil))),
171+
Digest: digester.Digest().String(),
174172
}},
175173
}
176174
err = testManifest.unpack(newPathWalker(tmp1), filepath.Join(tmp1, "rootfs"))

0 commit comments

Comments
 (0)