Check pre-existing signatures

bitoku · bitoku · commit 1ccc00ba6eff · 2025-09-03T13:17:11.000Z
diff --git a/image/oci/layout/oci_dest.go b/image/oci/layout/oci_dest.go
@@ -8,6 +8,7 @@ import (
 	"fmt"
 	"io"
 	"io/fs"
+	"maps"
 	"os"
 	"path/filepath"
 	"runtime"
@@ -19,6 +20,7 @@ import (
 	"github.com/sirupsen/logrus"
 	"go.podman.io/image/v5/internal/imagedestination/impl"
 	"go.podman.io/image/v5/internal/imagedestination/stubs"
+	"go.podman.io/image/v5/internal/iolimits"
 	"go.podman.io/image/v5/internal/private"
 	"go.podman.io/image/v5/internal/putblobdigest"
 	"go.podman.io/image/v5/internal/signature"
@@ -336,7 +338,7 @@ func (d *ociImageDestination) PutSignaturesWithFormat(ctx context.Context, signa
 		instanceDigest = &d.manifestDigest
 	}
 
-	sigstoreSignatures := []signature.Sigstore{}
+	var sigstoreSignatures []signature.Sigstore
 	for _, sig := range signatures {
 		if sigstoreSig, ok := sig.(signature.Sigstore); ok {
 			sigstoreSignatures = append(sigstoreSignatures, sigstoreSig)
@@ -356,11 +358,28 @@ func (d *ociImageDestination) PutSignaturesWithFormat(ctx context.Context, signa
 func (d *ociImageDestination) putSignaturesToSigstoreAttachment(ctx context.Context, signatures []signature.Sigstore, manifestDigest digest.Digest) error {
 	var signConfig imgspecv1.Image // Most fields empty by default
 
-	signManifest := manifest.OCI1FromComponents(imgspecv1.Descriptor{
-		MediaType: imgspecv1.MediaTypeImageConfig,
-		Digest:    "", // We will fill this in later.
-		Size:      0,
-	}, nil)
+	signManifest, err := d.ref.getSigstoreAttachmentManifest(manifestDigest, &d.index, d.sharedBlobDir)
+	if err != nil {
+		return err
+	}
+	if signManifest == nil {
+		signManifest = manifest.OCI1FromComponents(imgspecv1.Descriptor{
+			MediaType: imgspecv1.MediaTypeImageConfig,
+			Digest:    "", // We will fill this in later.
+			Size:      0,
+		}, nil)
+		signConfig.RootFS.Type = "layers"
+	} else {
+		logrus.Debugf("Fetching sigstore attachment config %s", signManifest.Config.Digest.String())
+		configBlob, err := d.ref.getOCIDescriptorContents(signManifest.Config, iolimits.MaxConfigBodySize, d.sharedBlobDir)
+		if err != nil {
+			return err
+		}
+		if err := json.Unmarshal(configBlob, &signConfig); err != nil {
+			return fmt.Errorf("parsing sigstore attachment config %s in %s: %w", signManifest.Config.Digest.String(),
+				d.ref.StringWithinTransport(), err)
+		}
+	}
 
 	desc, err := d.getDescriptor(&manifestDigest)
 	if err != nil {
@@ -375,7 +394,14 @@ func (d *ociImageDestination) putSignaturesToSigstoreAttachment(ctx context.Cont
 		payloadBlob := sig.UntrustedPayload()
 		annotations := sig.UntrustedAnnotations()
 
-		sigDesc, err := d.putBlobBytesAsOCI(ctx, payloadBlob, mimeType, private.PutBlobOptions{
+		// Skip if the signature is already on the registry.
+		if slices.ContainsFunc(signManifest.Layers, func(layer imgspecv1.Descriptor) bool {
+			return layerMatchesSigstoreSignature(layer, mimeType, payloadBlob, annotations)
+		}) {
+			continue
+		}
+
+		signDesc, err := d.putBlobBytesAsOCI(ctx, payloadBlob, mimeType, private.PutBlobOptions{
 			Cache:      none.NoCache,
 			IsConfig:   false,
 			EmptyLayer: false,
@@ -384,10 +410,10 @@ func (d *ociImageDestination) putSignaturesToSigstoreAttachment(ctx context.Cont
 		if err != nil {
 			return err
 		}
-		sigDesc.Annotations = annotations
-		signManifest.Layers = append(signManifest.Layers, sigDesc)
-		signConfig.RootFS.DiffIDs = append(signConfig.RootFS.DiffIDs, sigDesc.Digest)
-		logrus.Debugf("Adding new signature, digest %s", sigDesc.Digest.String())
+		signDesc.Annotations = annotations
+		signManifest.Layers = append(signManifest.Layers, signDesc)
+		signConfig.RootFS.DiffIDs = append(signConfig.RootFS.DiffIDs, signDesc.Digest)
+		logrus.Debugf("Adding new signature, digest %s", signDesc.Digest.String())
 	}
 
 	configBlob, err := json.Marshal(signConfig)
@@ -557,3 +583,18 @@ func indexExists(ref ociReference) bool {
 	}
 	return true
 }
+
+func layerMatchesSigstoreSignature(layer imgspecv1.Descriptor, mimeType string,
+	payloadBlob []byte, annotations map[string]string) bool {
+	if layer.MediaType != mimeType ||
+		layer.Size != int64(len(payloadBlob)) ||
+		// This is not quite correct, we should use the layer’s digest algorithm.
+		// But right now we don’t want to deal with corner cases like bad digest formats
+		// or unavailable algorithms; in the worst case we end up with duplicate signature
+		// entries.
+		layer.Digest.String() != digest.FromBytes(payloadBlob).String() ||
+		!maps.Equal(layer.Annotations, annotations) {
+		return false
+	}
+	return true
+}
diff --git a/image/oci/layout/oci_transport.go b/image/oci/layout/oci_transport.go
@@ -5,6 +5,7 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
+	"io"
 	"os"
 	"path/filepath"
 	"strings"
@@ -14,7 +15,8 @@ import (
 	"go.podman.io/image/v5/directory/explicitfilepath"
 	"go.podman.io/image/v5/docker/reference"
 	"go.podman.io/image/v5/internal/image"
-	"go.podman.io/image/v5/internal/manifest"
+	"go.podman.io/image/v5/internal/iolimits"
+	"go.podman.io/image/v5/manifest"
 	"go.podman.io/image/v5/oci/internal"
 	"go.podman.io/image/v5/transports"
 	"go.podman.io/image/v5/types"
@@ -310,3 +312,79 @@ func sigstoreAttachmentTag(d digest.Digest) (string, error) {
 	}
 	return strings.Replace(d.String(), ":", "-", 1) + ".sig", nil
 }
+
+func (ref ociReference) getSigstoreAttachmentManifest(d digest.Digest, idx *imgspecv1.Index, sharedBlobDir string) (*manifest.OCI1, error) {
+	signTag, err := sigstoreAttachmentTag(d)
+	if err != nil {
+		return nil, err
+	}
+	var signDesc *imgspecv1.Descriptor
+	for _, m := range idx.Manifests {
+		if m.Annotations[imgspecv1.AnnotationRefName] == signTag {
+			signDesc = &m
+			break
+		}
+	}
+	if signDesc == nil {
+		// No signature found
+		return nil, nil
+	}
+	blobReader, _, err := ref.getBlob(signDesc.Digest, sharedBlobDir)
+	if err != nil {
+		return nil, fmt.Errorf("failed to get Blob %s: %w", signTag, err)
+	}
+	defer blobReader.Close()
+	signBlob, err := iolimits.ReadAtMost(blobReader, iolimits.MaxManifestBodySize)
+	mimeType := manifest.GuessMIMEType(signBlob)
+	if mimeType != imgspecv1.MediaTypeImageManifest {
+		return nil, fmt.Errorf("unexpected MIME type for sigstore attachment manifest %s: %q",
+			signTag, mimeType)
+	}
+	res, err := manifest.OCI1FromManifest(signBlob)
+	if err != nil {
+		return nil, fmt.Errorf("parsing manifest %s: %w", signDesc.Digest, err)
+	}
+	return res, nil
+}
+
+func (ref ociReference) getBlob(d digest.Digest, sharedBlobDir string) (io.ReadCloser, int64, error) {
+	path, err := ref.blobPath(d, sharedBlobDir)
+	if err != nil {
+		return nil, 0, err
+	}
+
+	r, err := os.Open(path)
+	if err != nil {
+		return nil, 0, err
+	}
+	fi, err := r.Stat()
+	if err != nil {
+		return nil, 0, err
+	}
+	return r, fi.Size(), nil
+}
+
+func (ref ociReference) getOCIDescriptorContents(desc imgspecv1.Descriptor, maxSize int, sharedBlobDir string) ([]byte, error) {
+	if err := desc.Digest.Validate(); err != nil { // .Algorithm() might panic without this check
+		return nil, fmt.Errorf("invalid digest %q: %w", desc.Digest.String(), err)
+	}
+	digestAlgorithm := desc.Digest.Algorithm()
+	if !digestAlgorithm.Available() {
+		return nil, fmt.Errorf("invalid digest %q: unsupported digest algorithm %q", desc.Digest.String(), digestAlgorithm.String())
+	}
+
+	reader, _, err := ref.getBlob(desc.Digest, sharedBlobDir)
+	if err != nil {
+		return nil, err
+	}
+	defer reader.Close()
+	payload, err := iolimits.ReadAtMost(reader, maxSize)
+	if err != nil {
+		return nil, fmt.Errorf("reading blob %s in %s: %w", desc.Digest.String(), ref.image, err)
+	}
+	actualDigest := digestAlgorithm.FromBytes(payload)
+	if actualDigest != desc.Digest {
+		return nil, fmt.Errorf("digest mismatch, expected %q, got %q", desc.Digest.String(), actualDigest.String())
+	}
+	return payload, nil
+}
