Add manifestlist validation

Signed-off-by: zhouhao <[email protected]>

Author: zhouhao

image/image.go

@@ -79,14 +79,26 @@ func validate(w walker, refs []string, out *log.Logger) error {
 			return err
 		}
 
-		m, err := findManifest(w, d)
-		if err != nil {
-			return err
+		if d.MediaType == validRefMediaTypes[0] {
+			m, err := findManifest(w, d)
+			if err != nil {
+				return err
+			}
+
+			if err := m.validate(w); err != nil {
+				return err
+			}
+		} else {
+			ml, err := findManifestList(w, d)
+			if ml != nil {
+				if err := ml.validate(w); err != nil {
+					return err
+				}
+			} else if err != nil {
+				return err
+			}
 		}
 
-		if err := m.validate(w); err != nil {
-			return err
-		}
 		if out != nil {
 			out.Printf("reference %q: OK", ref)
 		}
@@ -129,7 +141,7 @@ func unpack(w walker, dest, refName string) error {
 		return err
 	}
 
-	if err = m.validate(w); err != nil {
+	if err := m.validate(w); err != nil {
 		return err
 	}
 
@@ -171,7 +183,7 @@ func createRuntimeBundle(w walker, dest, refName, rootfs string) error {
 		return err
 	}
 
-	if err = m.validate(w); err != nil {
+	if err := m.validate(w); err != nil {
 		return err
 	}
 

image/image_test.go

@@ -110,6 +110,23 @@ var (
     "mediaType": "application/vnd.oci.image.manifest.v1+json",
     "schemaVersion": 2
 }
+ `
+	manifestlistStr = `{
+    "schemaVersion": 2,
+    "mediaType": "application/vnd.oci.image.manifest.list.v1+json",
+    "manifests": [
+    {
+      "mediaType": "application/vnd.oci.image.manifest.v1+json",
+      "size": "<manifest_size>",
+      "digest": "<manifest_digest>",      
+      "platform": {
+          "architecture": "ppc64le",
+          "os": "linux"
+      }
+    }
+  ],
+  "annotations": null
+} 
  `
 )
 
@@ -119,12 +136,13 @@ type tarContent struct {
 }
 
 type imageLayout struct {
-	rootDir  string
-	layout   string
-	ref      string
-	manifest string
-	config   string
-	tarList  []tarContent
+	rootDir      string
+	layout       string
+	ref          string
+	manifest     string
+	manifestlist string
+	config       string
+	tarList      []tarContent
 }
 
 func TestValidateLayout(t *testing.T) {
@@ -135,11 +153,12 @@ func TestValidateLayout(t *testing.T) {
 	defer os.RemoveAll(root)
 
 	il := imageLayout{
-		rootDir:  root,
-		layout:   layoutStr,
-		ref:      refTag,
-		manifest: manifestStr,
-		config:   configStr,
+		rootDir:      root,
+		layout:       layoutStr,
+		ref:          refTag,
+		manifest:     manifestStr,
+		manifestlist: manifestlistStr,
+		config:       configStr,
 		tarList: []tarContent{
 			tarContent{&tar.Header{Name: "test", Size: 4, Mode: 0600}, []byte("test")},
 		},
@@ -195,6 +214,12 @@ func createImageLayoutBundle(il imageLayout) error {
 		return err
 	}
 
+	// create manifestlist blob file
+	desc, err = createManifestListFile(il.rootDir, il.manifestlist)
+	if err != nil {
+		return err
+	}
+
 	return createRefFile(il.rootDir, il.ref, desc)
 }
 
@@ -238,6 +263,23 @@ func createManifestFile(root, str string) (descriptor, error) {
 	return createHashedBlob(name)
 }
 
+
+func createManifestListFile(root, str string) (descriptor, error) {
+	name := filepath.Join(root, "blobs", "sha256", "test-manifestlist")
+	f, err := os.Create(name)
+	if err != nil {
+		return descriptor{}, err
+	}
+	defer f.Close()
+
+	_, err = io.Copy(f, bytes.NewBuffer([]byte(str)))
+	if err != nil {
+		return descriptor{}, err
+	}
+
+	return createHashedBlob(name)
+}
+
 func createConfigFile(root, config string) (descriptor, error) {
 	name := filepath.Join(root, "blobs", "sha256", "test-config")
 	f, err := os.Create(name)

image/manifest_list.go

@@ -0,0 +1,83 @@
+// Copyright 2016 The Linux Foundation
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package image
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+
+	"github.com/opencontainers/image-spec/schema"
+	"github.com/opencontainers/image-spec/specs-go/v1"
+	"github.com/pkg/errors"
+)
+
+type manifestlist struct {
+	Manifests []ManifestDescriptor `json:"manifests"`
+}
+type ManifestDescriptor struct {
+	Manifest descriptor
+}
+
+func findManifestList(w walker, d *descriptor) (*manifestlist, error) {
+	var ml manifestlist
+	mlpath := filepath.Join("blobs", d.algo(), d.hash())
+
+	switch err := w.walk(func(path string, info os.FileInfo, r io.Reader) error {
+		if info.IsDir() || filepath.Clean(path) != mlpath {
+			return nil
+		}
+
+		buf, err := ioutil.ReadAll(r)
+		if err != nil {
+			return errors.Wrapf(err, "%s: error reading manifestlist", path)
+		}
+
+		if err := schema.MediaTypeManifestList.Validate(bytes.NewReader(buf)); err != nil {
+			return errors.Wrapf(err, "%s: manifestlist validation failed", path)
+		}
+
+		if err := json.Unmarshal(buf, &ml); err != nil {
+			return err
+		}
+
+		if len(ml.Manifests) == 0 {
+			return fmt.Errorf("%s: no manifests found", path)
+		}
+
+		return errEOW
+	}); err {
+	case nil:
+		return nil, nil
+	case errEOW:
+		return &ml, nil
+	default:
+		return nil, err
+	}
+}
+
+func (ml *manifestlist) validate(w walker) error {
+	for _, d := range ml.Manifests {
+		if err := d.Manifest.validate(w, []string{v1.MediaTypeImageManifest}); err != nil {
+			return errors.Wrap(err, "Manifest validation failed")
+		}
+	}
+
+	return nil
+}