Add index validation

zhouhao · zhouhao · commit ca603fcbfce8 · 2017-07-20T14:34:57.000+08:00
Signed-off-by: zhouhao &lt;zhouhao@cn.fujitsu.com&gt;
diff --git a/image/descriptor.go b/image/descriptor.go
@@ -25,12 +25,14 @@ import (
 	"github.com/pkg/errors"
 )
 
+const indexPath = "index.json"
+
 func listReferences(w walker) (map[string]*v1.Descriptor, error) {
 	refs := make(map[string]*v1.Descriptor)
 	var index v1.Index
 
 	if err := w.walk(func(path string, info os.FileInfo, r io.Reader) error {
-		if info.IsDir() || filepath.Clean(path) != "index.json" {
+		if info.IsDir() || filepath.Clean(path) != indexPath {
 			return nil
 		}
 
@@ -56,7 +58,7 @@ func findDescriptor(w walker, name string) (*v1.Descriptor, error) {
 	var index v1.Index
 
 	switch err := w.walk(func(path string, info os.FileInfo, r io.Reader) error {
-		if info.IsDir() || filepath.Clean(path) != "index.json" {
+		if info.IsDir() || filepath.Clean(path) != indexPath {
 			return nil
 		}
 
diff --git a/image/image.go b/image/image.go
@@ -92,14 +92,44 @@ func validate(w walker, refs []string, out *log.Logger) error {
 			return err
 		}
 
-		m, err := findManifest(w, d)
-		if err != nil {
-			return err
+		if d.MediaType == validRefMediaTypes[0] {
+			m, err := findManifest(w, d)
+			if err != nil {
+				return err
+			}
+
+			if err := m.validate(w); err != nil {
+				return err
+			}
 		}
 
-		if err := m.validate(w); err != nil {
-			return err
+		if d.MediaType == validRefMediaTypes[1] {
+			index, err := findIndex(w, d)
+			if err != nil {
+				return err
+			}
+
+			if err := validateIndex(index, w); err != nil {
+				return err
+			}
+
+			if len(index.Manifests) == 0 {
+				fmt.Println("warning: no manifests found")
+				return nil
+			}
+
+			for _, manifest := range index.Manifests {
+				m, err := findManifest(w, &(manifest.Descriptor))
+				if err != nil {
+					return err
+				}
+
+				if err := m.validate(w); err != nil {
+					return err
+				}
+			}
 		}
+
 		if out != nil {
 			out.Printf("reference %q: OK", ref)
 		}
@@ -147,16 +177,51 @@ func unpack(w walker, dest, refName string) error {
 		return err
 	}
 
-	m, err := findManifest(w, ref)
-	if err != nil {
-		return err
+	if ref.MediaType == validRefMediaTypes[0] {
+		m, err := findManifest(w, ref)
+		if err != nil {
+			return err
+		}
+
+		if err := m.validate(w); err != nil {
+			return err
+		}
+
+		return m.unpack(w, dest)
 	}
 
-	if err = m.validate(w); err != nil {
-		return err
+	if ref.MediaType == validRefMediaTypes[1] {
+		index, err := findIndex(w, ref)
+		if err != nil {
+			return err
+		}
+
+		if err := validateIndex(index, w); err != nil {
+			return err
+		}
+
+		if len(index.Manifests) == 0 {
+			fmt.Println("warning: no manifests found")
+			return nil
+		}
+
+		for _, manifest := range index.Manifests {
+			m, err := findManifest(w, &(manifest.Descriptor))
+			if err != nil {
+				return err
+			}
+
+			if err := m.validate(w); err != nil {
+				return err
+			}
+
+			if err := m.unpack(w, dest); err != nil {
+				return err
+			}
+		}
 	}
 
-	return m.unpack(w, dest)
+	return nil
 }
 
 // CreateRuntimeBundleLayout walks through the file tree given by src and
@@ -199,15 +264,54 @@ func createRuntimeBundle(w walker, dest, refName, rootfs string) error {
 		return err
 	}
 
-	m, err := findManifest(w, ref)
-	if err != nil {
-		return err
+	if ref.MediaType == validRefMediaTypes[0] {
+		m, err := findManifest(w, ref)
+		if err != nil {
+			return err
+		}
+
+		if err := m.validate(w); err != nil {
+			return err
+		}
+
+		return createRuntimebundle(w, m, dest, rootfs)
 	}
 
-	if err = m.validate(w); err != nil {
-		return err
+	if ref.MediaType == validRefMediaTypes[1] {
+		index, err := findIndex(w, ref)
+		if err != nil {
+			return err
+		}
+
+		if err := validateIndex(index, w); err != nil {
+			return err
+		}
+
+		if len(index.Manifests) == 0 {
+			fmt.Println("warning: no manifests found")
+			return nil
+		}
+
+		for _, manifest := range index.Manifests {
+			m, err := findManifest(w, &(manifest.Descriptor))
+			if err != nil {
+				return err
+			}
+
+			if err := m.validate(w); err != nil {
+				return err
+			}
+
+			if err := createRuntimebundle(w, m, dest, rootfs); err != nil {
+				return err
+			}
+		}
 	}
 
+	return nil
+}
+
+func createRuntimebundle(w walker, m *manifest, dest, rootfs string) error {
 	c, err := findConfig(w, &m.Config)
 	if err != nil {
 		return err
diff --git a/image/index.go b/image/index.go
@@ -0,0 +1,70 @@
+// Copyright 2016 The Linux Foundation
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package image
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+
+	"github.com/opencontainers/image-spec/schema"
+	"github.com/opencontainers/image-spec/specs-go/v1"
+	"github.com/pkg/errors"
+)
+
+func findIndex(w walker, d *v1.Descriptor) (*v1.ImageIndex, error) {
+	var index v1.ImageIndex
+
+	switch err := w.walk(func(path string, info os.FileInfo, r io.Reader) error {
+		if info.IsDir() || filepath.Clean(path) != indexPath {
+			return nil
+		}
+
+		buf, err := ioutil.ReadAll(r)
+		if err != nil {
+			return errors.Wrapf(err, "%s: error reading index", path)
+		}
+
+		if err := schema.ValidatorMediaTypeImageIndex.Validate(bytes.NewReader(buf)); err != nil {
+			return errors.Wrapf(err, "%s: index validation failed", path)
+		}
+
+		if err := json.Unmarshal(buf, &index); err != nil {
+			return err
+		}
+
+		return errEOW
+	}); err {
+	case errEOW:
+		return &index, nil
+	case nil:
+		return nil, fmt.Errorf("index.json not found")
+	default:
+		return nil, err
+	}
+}
+
+func validateIndex(index *v1.ImageIndex, w walker) error {
+	for _, manifest := range index.Manifests {
+		if err := validateDescriptor(&manifest.Descriptor, w, []string{v1.MediaTypeImageManifest}); err != nil {
+			return errors.Wrap(err, "manifest validation failed")
+		}
+	}
+	return nil
+}

Original file line number	Diff line number	Diff line change
`@@ -25,12 +25,14 @@ import (`
`25`	`25`	`"github.com/pkg/errors"`
`26`	`26`	`)`
`27`	`27`
	`28`	`+const indexPath = "index.json"`
	`29`	`+`
`28`	`30`	`func listReferences(w walker) (map[string]*v1.Descriptor, error) {`
`29`	`31`	`refs := make(map[string]*v1.Descriptor)`
`30`	`32`	`var index v1.Index`
`31`	`33`
`32`	`34`	`if err := w.walk(func(path string, info os.FileInfo, r io.Reader) error {`
`33`		`- if info.IsDir() \|\| filepath.Clean(path) != "index.json" {`
	`35`	`+ if info.IsDir() \|\| filepath.Clean(path) != indexPath {`
`34`	`36`	`return nil`
`35`	`37`	`}`
`36`	`38`
`@@ -56,7 +58,7 @@ func findDescriptor(w walker, name string) (*v1.Descriptor, error) {`
`56`	`58`	`var index v1.Index`
`57`	`59`
`58`	`60`	`switch err := w.walk(func(path string, info os.FileInfo, r io.Reader) error {`
`59`		`- if info.IsDir() \|\| filepath.Clean(path) != "index.json" {`
	`61`	`+ if info.IsDir() \|\| filepath.Clean(path) != indexPath {`
`60`	`62`	`return nil`
`61`	`63`	`}`
`62`	`64`