Add GetBlobRaw

This is needed for my "registry frontend for containers-storage"
project, but should also be useful in general as we've discussed
moving checksum verification into callers. Then there's no
need for a driver etc.

Signed-off-by: Colin Walters <[email protected]>

Author: cgwalters

src/imageproxy.rs

@@ -411,12 +411,7 @@ impl ImageProxy {
                 });
             }
             let fdret = match (fdret, reply.pipeid) {
-                (Some(fd), n) => {
-                    if n == 0 {
-                        return Err(Error::Other("got fd but no pipeid".into()));
-                    }
-                    Some((fd, n))
-                }
+                (Some(fd), n) => Some((fd, n)),
                 (None, n) => {
                     if n != 0 {
                         return Err(Error::Other(format!("got no fd with pipeid {}", n).into()));
@@ -458,6 +453,7 @@ impl ImageProxy {
     #[instrument]
     async fn finish_pipe(&self, pipeid: u32) -> Result<()> {
         tracing::debug!("closing pipe");
+        debug_assert!(pipeid > 0);
         let (r, fd) = self.impl_request("FinishPipe", [pipeid]).await?;
         if fd.is_some() {
             return Err(Error::Other("Unexpected fd in finish_pipe reply".into()));
@@ -496,6 +492,9 @@ impl ImageProxy {
 
     async fn read_all_fd(&self, fd: Option<(OwnedFd, u32)>) -> Result<Vec<u8>> {
         let (fd, pipeid) = fd.ok_or_else(|| Error::Other("Missing fd from reply".into()))?;
+        if pipeid == 0 {
+            return Err(Error::Other("got fd but no pipeid".into()));
+        }
         let fd = tokio::fs::File::from_std(std::fs::File::from(fd));
         let mut fd = tokio::io::BufReader::new(fd);
         let mut r = Vec::new();
@@ -570,12 +569,33 @@ impl ImageProxy {
             vec![img.0.into(), digest.to_string().into(), size.into()];
         let (_bloblen, fd) = self.impl_request::<i64, _, _>("GetBlob", args).await?;
         let (fd, pipeid) = fd.ok_or_else(|| Error::new_other("Missing fd from reply"))?;
+        if pipeid == 0 {
+            return Err(Error::Other("got fd but no pipeid".into()));
+        }
         let fd = tokio::fs::File::from_std(std::fs::File::from(fd));
         let fd = tokio::io::BufReader::new(fd);
         let finish = Box::pin(self.finish_pipe(pipeid));
         Ok((fd, finish))
     }
 
+    /// Fetch a blob identified by e.g. `sha256:<digest>`; does not perform
+    /// any verification that the blob matches the digest. The size of the
+    /// blob and a pipe file descriptor are returned.
+    #[instrument]
+    pub async fn get_raw_blob(
+        &self,
+        img: &OpenedImage,
+        digest: &Digest,
+    ) -> Result<(u64, tokio::fs::File)> {
+        tracing::debug!("fetching blob");
+        let args: Vec<serde_json::Value> = vec![img.0.into(), digest.to_string().into()];
+        let (bloblen, fd) = self.impl_request::<u64, _, _>("GetRawBlob", args).await?;
+        let (fd, pipeid) = fd.ok_or_else(|| Error::new_other("Missing fd from reply"))?;
+        debug_assert_eq!(pipeid, 0);
+        let fd = tokio::fs::File::from_std(std::fs::File::from(fd));
+        Ok((bloblen, fd))
+    }
+
     /// Fetch a descriptor. The requested size and digest are verified (by the proxy process).
     #[instrument]
     pub async fn get_descriptor(