Merge pull request #262 from runcom/fixies

oci-image-tool: validate descriptors MediaType

Author: vbatts

image/config.go

@@ -26,28 +26,12 @@ import (
 	"strings"
 
 	"github.com/opencontainers/image-spec/schema"
+	"github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/pkg/errors"
 )
 
-type cfg struct {
-	User         string
-	Memory       int64
-	MemorySwap   int64
-	CPUShares    int64 `json:"CpuShares"`
-	ExposedPorts map[string]struct{}
-	Env          []string
-	Entrypoint   []string
-	Cmd          []string
-	Volumes      map[string]struct{}
-	WorkingDir   string
-}
-
-type config struct {
-	Architecture string `json:"architecture"`
-	OS           string `json:"os"`
-	Config       cfg    `json:"config"`
-}
+type config v1.Image
 
 func findConfig(w walker, d *descriptor) (*config, error) {
 	var c config

image/descriptor.go

@@ -73,7 +73,17 @@ func findDescriptor(w walker, name string) (*descriptor, error) {
 	}
 }
 
-func (d *descriptor) validate(w walker) error {
+func (d *descriptor) validate(w walker, mts []string) error {
+	var found bool
+	for _, mt := range mts {
+		if d.MediaType == mt {
+			found = true
+			break
+		}
+	}
+	if !found {
+		return fmt.Errorf("invalid descriptor MediaType %q", d.MediaType)
+	}
 	switch err := w.walk(func(path string, info os.FileInfo, r io.Reader) error {
 		if info.IsDir() {
 			return nil

image/image.go

@@ -20,6 +20,7 @@ import (
 	"os"
 	"path/filepath"
 
+	"github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/pkg/errors"
 )
 
@@ -43,14 +44,19 @@ func Validate(tarFile string, refs []string, out *log.Logger) error {
 	return validate(newTarWalker(f), refs, out)
 }
 
+var validRefMediaTypes = []string{
+	v1.MediaTypeImageManifest,
+	v1.MediaTypeImageManifestList,
+}
+
 func validate(w walker, refs []string, out *log.Logger) error {
 	for _, r := range refs {
 		ref, err := findDescriptor(w, r)
 		if err != nil {
 			return err
 		}
 
-		if err = ref.validate(w); err != nil {
+		if err = ref.validate(w, validRefMediaTypes); err != nil {
 			return err
 		}
 
@@ -97,7 +103,7 @@ func unpack(w walker, dest, refName string) error {
 		return err
 	}
 
-	if err = ref.validate(w); err != nil {
+	if err = ref.validate(w, validRefMediaTypes); err != nil {
 		return err
 	}
 
@@ -139,7 +145,7 @@ func createRuntimeBundle(w walker, dest, refName, rootfs string) error {
 		return err
 	}
 
-	if err = ref.validate(w); err != nil {
+	if err = ref.validate(w, validRefMediaTypes); err != nil {
 		return err
 	}
 

image/manifest.go

@@ -28,6 +28,7 @@ import (
 	"time"
 
 	"github.com/opencontainers/image-spec/schema"
+	"github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/pkg/errors"
 )
 
@@ -74,12 +75,12 @@ func findManifest(w walker, d *descriptor) (*manifest, error) {
 }
 
 func (m *manifest) validate(w walker) error {
-	if err := m.Config.validate(w); err != nil {
+	if err := m.Config.validate(w, []string{v1.MediaTypeImageConfig}); err != nil {
 		return errors.Wrap(err, "config validation failed")
 	}
 
 	for _, d := range m.Layers {
-		if err := d.validate(w); err != nil {
+		if err := d.validate(w, []string{v1.MediaTypeImageLayer}); err != nil {
 			return errors.Wrap(err, "layer validation failed")
 		}
 	}

schema/schema.go

@@ -14,15 +14,19 @@
 
 package schema
 
-import "net/http"
+import (
+	"net/http"
+
+	"github.com/opencontainers/image-spec/specs-go/v1"
+)
 
 // Media types for the OCI image formats
 const (
-	MediaTypeDescriptor   Validator     = `application/vnd.oci.descriptor.v1+json`
-	MediaTypeManifest     Validator     = `application/vnd.oci.image.manifest.v1+json`
-	MediaTypeManifestList Validator     = `application/vnd.oci.image.manifest.list.v1+json`
-	MediaTypeImageConfig  Validator     = `application/vnd.oci.image.config.v1+json`
-	MediaTypeImageLayer   unimplemented = `application/vnd.oci.image.layer.tar+gzip`
+	MediaTypeDescriptor   Validator     = v1.MediaTypeDescriptor
+	MediaTypeManifest     Validator     = v1.MediaTypeImageManifest
+	MediaTypeManifestList Validator     = v1.MediaTypeImageManifestList
+	MediaTypeImageConfig  Validator     = v1.MediaTypeImageConfig
+	MediaTypeImageLayer   unimplemented = v1.MediaTypeImageLayer
 )
 
 var (

specs-go/v1/config.go

@@ -35,7 +35,7 @@ type ImageConfig struct {
 	Env []string `json:"Env"`
 
 	// Entrypoint defines a list of arguments to use as the command to execute when the container starts.
-	EntryPoint []string `json:"EntryPoint"`
+	Entrypoint []string `json:"Entrypoint"`
 
 	// Cmd defines the default arguments to the entrypoint of the container.
 	Cmd []string `json:"Cmd"`

specs-go/v1/mediatype.go

@@ -24,9 +24,9 @@ const (
 	// MediaTypeImageManifestList specifies the mediaType for an image manifest list.
 	MediaTypeImageManifestList = "application/vnd.oci.image.manifest.list.v1+json"
 
-	// MediaTypeImageSerialization is the mediaType used for layers referenced by the manifest.
-	MediaTypeImageSerialization = "application/vnd.oci.image.layer.tar+gzip"
+	// MediaTypeImageLayer is the mediaType used for layers referenced by the manifest.
+	MediaTypeImageLayer = "application/vnd.oci.image.layer.tar+gzip"
 
-	// MediaTypeImageSerializationConfig specifies the mediaType for the image configuration.
-	MediaTypeImageSerializationConfig = "application/vnd.oci.image.config.v1+json"
+	// MediaTypeImageConfig specifies the mediaType for the image configuration.
+	MediaTypeImageConfig = "application/vnd.oci.image.config.v1+json"
 )