image/directory: store blobs with digest algorithm prefix

lsm5 · lsm5 · commit 7f1e5e42bfce · 2025-11-26T09:53:52.000-05:00
When storing blobs with non-canonical digest algorithms (e.g., sha512),
store the blob under the provided digest algorithm with an algorithm
prefix (e.g., "sha512-abc" instead of just "abc").

SHA256 (canonical) digests continue to be stored without a prefix for
backward compatibility.

Signed-off-by: Lokesh Mandvekar &lt;lsm5@redhat.com&gt;
diff --git a/image/directory/directory_dest.go b/image/directory/directory_dest.go
@@ -151,7 +151,8 @@ func (d *dirImageDestination) PutBlobWithOptions(ctx context.Context, stream io.
 		}
 	}()
 
-	digester, stream := putblobdigest.DigestIfCanonicalUnknown(stream, inputInfo)
+	digester, stream := putblobdigest.DigestIfUnknown(stream, inputInfo)
+
 	// TODO: This can take quite some time, and should ideally be cancellable using ctx.Done().
 	size, err := io.Copy(blobFile, stream)
 	if err != nil {
diff --git a/image/directory/directory_src.go b/image/directory/directory_src.go
@@ -26,7 +26,7 @@ type dirImageSource struct {
 
 // newImageSource returns an ImageSource reading from an existing directory.
 // The caller must call .Close() on the returned ImageSource.
-func newImageSource(ref dirReference) private.ImageSource {
+func newImageSource(ref dirReference) (private.ImageSource, error) {
 	s := &dirImageSource{
 		PropertyMethodsInitialize: impl.PropertyMethods(impl.Properties{
 			HasThreadSafeGetBlob: false,
@@ -36,7 +36,7 @@ func newImageSource(ref dirReference) private.ImageSource {
 		ref: ref,
 	}
 	s.Compat = impl.AddCompat(s)
-	return s
+	return s, nil
 }
 
 // Reference returns the reference used to set up this source, _as specified by the user_
diff --git a/image/directory/directory_transport.go b/image/directory/directory_transport.go
@@ -146,7 +146,7 @@ func (ref dirReference) NewImage(ctx context.Context, sys *types.SystemContext)
 // NewImageSource returns a types.ImageSource for this reference.
 // The caller must call .Close() on the returned ImageSource.
 func (ref dirReference) NewImageSource(ctx context.Context, sys *types.SystemContext) (types.ImageSource, error) {
-	return newImageSource(ref), nil
+	return newImageSource(ref)
 }
 
 // NewImageDestination returns a types.ImageDestination for this reference.
@@ -172,12 +172,19 @@ func (ref dirReference) manifestPath(instanceDigest *digest.Digest) (string, err
 }
 
 // layerPath returns a path for a layer tarball within a directory using our conventions.
-func (ref dirReference) layerPath(digest digest.Digest) (string, error) {
-	if err := digest.Validate(); err != nil { // digest.Digest.Encoded() panics on failure, and could possibly result in a path with ../, so validate explicitly.
+func (ref dirReference) layerPath(d digest.Digest) (string, error) {
+	if err := d.Validate(); err != nil { // digest.Digest.Encoded() panics on failure, and could possibly result in a path with ../, so validate explicitly.
 		return "", err
 	}
-	// FIXME: Should we keep the digest identification?
-	return filepath.Join(ref.path, digest.Encoded()), nil
+
+	var filename string
+	if d.Algorithm() == digest.Canonical {
+		filename = d.Encoded()
+	} else {
+		filename = d.Algorithm().String() + "-" + d.Encoded()
+	}
+
+	return filepath.Join(ref.path, filename), nil
 }
 
 // signaturePath returns a path for a signature within a directory using our conventions.
diff --git a/image/directory/directory_transport_test.go b/image/directory/directory_transport_test.go
@@ -209,14 +209,21 @@ func TestReferenceManifestPath(t *testing.T) {
 }
 
 func TestReferenceLayerPath(t *testing.T) {
-	const hex = "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef"
+	const hex256 = "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef"
+	const hex512 = "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef"
 
 	ref, tmpDir := refToTempDir(t)
 	dirRef, ok := ref.(dirReference)
 	require.True(t, ok)
-	res, err := dirRef.layerPath("sha256:" + hex)
+
+	res, err := dirRef.layerPath("sha256:" + hex256)
+	require.NoError(t, err)
+	assert.Equal(t, tmpDir+"/"+hex256, res)
+
+	res, err = dirRef.layerPath("sha512:" + hex512)
 	require.NoError(t, err)
-	assert.Equal(t, tmpDir+"/"+hex, res)
+	assert.Equal(t, tmpDir+"/sha512-"+hex512, res)
+
 	_, err = dirRef.layerPath(digest.Digest("sha256:../hello"))
 	assert.Error(t, err)
 }

Original file line number	Diff line number	Diff line change
`@@ -151,7 +151,8 @@ func (d *dirImageDestination) PutBlobWithOptions(ctx context.Context, stream io.`
`151`	`151`	`}`
`152`	`152`	`}()`
`153`	`153`
`154`		`- digester, stream := putblobdigest.DigestIfCanonicalUnknown(stream, inputInfo)`
	`154`	`+ digester, stream := putblobdigest.DigestIfUnknown(stream, inputInfo)`
	`155`	`+`
`155`	`156`	`// TODO: This can take quite some time, and should ideally be cancellable using ctx.Done().`
`156`	`157`	`size, err := io.Copy(blobFile, stream)`
`157`	`158`	`if err != nil {`