image: Port to go-digest

Outsource this stuff to avoid duplication of effort.

newDescriptor was returning just the hex and createHashedBlob (its
only consumer) was fixing that (by the "Normalize the hashed digest"
comment) so it didn't have to split the hash (Hex) back off.  But that
seems confusing to me, so I've fixed newDescriptor to create a
non-busted digest which we split back apart in createHashedBlob.

Signed-off-by: W. Trevor King <[email protected]>

Author: wking

image/descriptor.go

@@ -15,15 +15,14 @@
 package image
 
 import (
-	"crypto/sha256"
-	"encoding/hex"
 	"encoding/json"
 	"fmt"
 	"io"
 	"os"
 	"path/filepath"
 	"strings"
 
+	"github.com/opencontainers/go-digest"
 	"github.com/pkg/errors"
 )
 
@@ -116,19 +115,22 @@ func (d *descriptor) validate(w walker, mts []string) error {
 }
 
 func (d *descriptor) validateContent(r io.Reader) error {
-	h := sha256.New()
-	n, err := io.Copy(h, r)
+	parsed, err := digest.Parse(d.Digest)
 	if err != nil {
-		return errors.Wrap(err, "error generating hash")
+		return err
 	}
 
 	if n != d.Size {
 		return errors.New("size mismatch")
 	}
 
-	digest := "sha256:" + hex.EncodeToString(h.Sum(nil))
+	verifier := parsed.Verifier()
+	n, err := io.Copy(verifier, r)
+	if err != nil {
+		return errors.Wrap(err, "error generating hash")
+	}
 
-	if digest != d.Digest {
+	if !verifier.Verified() {
 		return errors.New("digest mismatch")
 	}
 

image/image_test.go

@@ -18,8 +18,6 @@ import (
 	"archive/tar"
 	"bytes"
 	"compress/gzip"
-	"crypto/sha256"
-	"fmt"
 	"io"
 	"io/ioutil"
 	"os"
@@ -28,6 +26,7 @@ import (
 	"strings"
 	"testing"
 
+	"github.com/opencontainers/go-digest"
 	"github.com/opencontainers/image-spec/specs-go/v1"
 )
 
@@ -298,14 +297,16 @@ func createHashedBlob(name string) (descriptor, error) {
 		return descriptor{}, err
 	}
 
-	// Rename the file to hashed-digest name.
-	err = os.Rename(name, filepath.Join(filepath.Dir(name), desc.Digest))
+	parsed, err := digest.Parse(desc.Digest)
 	if err != nil {
 		return descriptor{}, err
 	}
 
-	//Normalize the hashed digest.
-	desc.Digest = "sha256:" + desc.Digest
+	// Rename the file to hashed-digest name.
+	err = os.Rename(name, filepath.Join(filepath.Dir(name), parsed.Hex()))
+	if err != nil {
+		return descriptor{}, err
+	}
 
 	return desc, nil
 }
@@ -317,15 +318,14 @@ func newDescriptor(name string) (descriptor, error) {
 	}
 	defer file.Close()
 
-	// generate sha256 hash
-	hash := sha256.New()
-	size, err := io.Copy(hash, file)
+	digester := digest.SHA256.Digester()
+	size, err := io.Copy(digester.Hash(), file)
 	if err != nil {
 		return descriptor{}, err
 	}
 
 	return descriptor{
-		Digest: fmt.Sprintf("%x", hash.Sum(nil)),
+		Digest: digester.Digest().String(),
 		Size:   size,
 	}, nil
 }

image/manifest_test.go

@@ -18,14 +18,14 @@ import (
 	"archive/tar"
 	"bytes"
 	"compress/gzip"
-	"crypto/sha256"
-	"fmt"
 	"io"
 	"io/ioutil"
 	"os"
 	"path/filepath"
 	"strings"
 	"testing"
+
+	"github.com/opencontainers/go-digest"
 )
 
 func TestUnpackLayerDuplicateEntries(t *testing.T) {
@@ -90,26 +90,25 @@ func TestUnpackLayer(t *testing.T) {
 	gw.Close()
 	f.Close()
 
-	// generate sha256 hash
-	h := sha256.New()
+	digester := digest.SHA256.Digester()
 	file, err := os.Open(tarfile)
 	if err != nil {
 		t.Fatal(err)
 	}
 	defer file.Close()
-	_, err = io.Copy(h, file)
+	_, err = io.Copy(digester.Hash(), file)
 	if err != nil {
 		t.Fatal(err)
 	}
-	err = os.Rename(tarfile, filepath.Join(tmp1, "blobs", "sha256", fmt.Sprintf("%x", h.Sum(nil))))
+	err = os.Rename(tarfile, filepath.Join(tmp1, "blobs", "sha256", digester.Digest().Hex()))
 	if err != nil {
 		t.Fatal(err)
 	}
 
 	testManifest := manifest{
 		Layers: []descriptor{descriptor{
 			MediaType: "application/vnd.oci.image.layer.v1.tar+gzip",
-			Digest:    fmt.Sprintf("sha256:%s", fmt.Sprintf("%x", h.Sum(nil))),
+			Digest:    digester.Digest().String(),
 		}},
 	}
 	err = testManifest.unpack(newPathWalker(tmp1), filepath.Join(tmp1, "rootfs"))
@@ -151,26 +150,25 @@ func TestUnpackLayerRemovePartialyUnpackedFile(t *testing.T) {
 	gw.Close()
 	f.Close()
 
-	// generate sha256 hash
-	h := sha256.New()
+	digester := digest.SHA256.Digester()
 	file, err := os.Open(tarfile)
 	if err != nil {
 		t.Fatal(err)
 	}
 	defer file.Close()
-	_, err = io.Copy(h, file)
+	_, err = io.Copy(digester.Hash(), file)
 	if err != nil {
 		t.Fatal(err)
 	}
-	err = os.Rename(tarfile, filepath.Join(tmp1, "blobs", "sha256", fmt.Sprintf("%x", h.Sum(nil))))
+	err = os.Rename(tarfile, filepath.Join(tmp1, "blobs", "sha256", digester.Digest().Hex()))
 	if err != nil {
 		t.Fatal(err)
 	}
 
 	testManifest := manifest{
 		Layers: []descriptor{descriptor{
 			MediaType: "application/vnd.oci.image.layer.v1.tar+gzip",
-			Digest:    fmt.Sprintf("sha256:%s", fmt.Sprintf("%x", h.Sum(nil))),
+			Digest:    digester.Digest().String(),
 		}},
 	}
 	err = testManifest.unpack(newPathWalker(tmp1), filepath.Join(tmp1, "rootfs"))