Skip to content

Commit 4c05d60

Browse files
wkingwking
committed
image: Port to go-digest
Outsource this stuff to avoid duplication of effort. I have no idea why newDescriptor was returning just the hex and createHashedBlob (its only consumer) was fixing that (by the "Normalize the hashed digest" comment). But that is how the image tests have worked since they landed in e85687e (unit test for layout validation, 2016-09-22, opencontainers#4). This commit drops the "Normalization" hack and fixes newDescriptor to actually return a valid digest. Signed-off-by: W. Trevor King <[email protected]>
1 parent f9de2ee commit 4c05d60

File tree

3 files changed

+23
-28
lines changed

3 files changed

+23
-28
lines changed

image/descriptor.go

Lines changed: 9 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -15,15 +15,14 @@
1515
package image
1616

1717
import (
18-
"crypto/sha256"
19-
"encoding/hex"
2018
"encoding/json"
2119
"fmt"
2220
"io"
2321
"os"
2422
"path/filepath"
2523
"strings"
2624

25+
"github.com/opencontainers/go-digest"
2726
"github.com/pkg/errors"
2827
)
2928

@@ -116,15 +115,18 @@ func (d *descriptor) validate(w walker, mts []string) error {
116115
}
117116

118117
func (d *descriptor) validateContent(r io.Reader) error {
119-
h := sha256.New()
120-
n, err := io.Copy(h, r)
118+
parsed, err := digest.Parse(d.Digest)
121119
if err != nil {
122-
return errors.Wrap(err, "error generating hash")
120+
return err
123121
}
124122

125-
digest := "sha256:" + hex.EncodeToString(h.Sum(nil))
123+
verifier := parsed.Verifier()
124+
n, err := io.Copy(verifier, r)
125+
if err != nil {
126+
return errors.Wrap(err, "error generating hash")
127+
}
126128

127-
if digest != d.Digest {
129+
if !verifier.Verified() {
128130
return errors.New("digest mismatch")
129131
}
130132

image/image_test.go

Lines changed: 4 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -18,8 +18,6 @@ import (
1818
"archive/tar"
1919
"bytes"
2020
"compress/gzip"
21-
"crypto/sha256"
22-
"fmt"
2321
"io"
2422
"io/ioutil"
2523
"os"
@@ -28,6 +26,7 @@ import (
2826
"strings"
2927
"testing"
3028

29+
"github.com/opencontainers/go-digest"
3130
"github.com/opencontainers/image-spec/specs-go/v1"
3231
)
3332

@@ -304,9 +303,6 @@ func createHashedBlob(name string) (descriptor, error) {
304303
return descriptor{}, err
305304
}
306305

307-
//Normalize the hashed digest.
308-
desc.Digest = "sha256:" + desc.Digest
309-
310306
return desc, nil
311307
}
312308

@@ -317,15 +313,14 @@ func newDescriptor(name string) (descriptor, error) {
317313
}
318314
defer file.Close()
319315

320-
// generate sha256 hash
321-
hash := sha256.New()
322-
size, err := io.Copy(hash, file)
316+
digester := digest.SHA256.Digester()
317+
size, err := io.Copy(digester.Hash(), file)
323318
if err != nil {
324319
return descriptor{}, err
325320
}
326321

327322
return descriptor{
328-
Digest: fmt.Sprintf("%x", hash.Sum(nil)),
323+
Digest: digester.Digest().String(),
329324
Size: size,
330325
}, nil
331326
}

image/manifest_test.go

Lines changed: 10 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -18,14 +18,14 @@ import (
1818
"archive/tar"
1919
"bytes"
2020
"compress/gzip"
21-
"crypto/sha256"
22-
"fmt"
2321
"io"
2422
"io/ioutil"
2523
"os"
2624
"path/filepath"
2725
"strings"
2826
"testing"
27+
28+
"github.com/opencontainers/go-digest"
2929
)
3030

3131
func TestUnpackLayerDuplicateEntries(t *testing.T) {
@@ -90,26 +90,25 @@ func TestUnpackLayer(t *testing.T) {
9090
gw.Close()
9191
f.Close()
9292

93-
// generate sha256 hash
94-
h := sha256.New()
93+
digester := digest.SHA256.Digester()
9594
file, err := os.Open(tarfile)
9695
if err != nil {
9796
t.Fatal(err)
9897
}
9998
defer file.Close()
100-
_, err = io.Copy(h, file)
99+
_, err = io.Copy(digester.Hash(), file)
101100
if err != nil {
102101
t.Fatal(err)
103102
}
104-
err = os.Rename(tarfile, filepath.Join(tmp1, "blobs", "sha256", fmt.Sprintf("%x", h.Sum(nil))))
103+
err = os.Rename(tarfile, filepath.Join(tmp1, "blobs", "sha256", digester.Digest().Hex()))
105104
if err != nil {
106105
t.Fatal(err)
107106
}
108107

109108
testManifest := manifest{
110109
Layers: []descriptor{descriptor{
111110
MediaType: "application/vnd.oci.image.layer.v1.tar+gzip",
112-
Digest: fmt.Sprintf("sha256:%s", fmt.Sprintf("%x", h.Sum(nil))),
111+
Digest: digester.Digest().String(),
113112
}},
114113
}
115114
err = testManifest.unpack(newPathWalker(tmp1), filepath.Join(tmp1, "rootfs"))
@@ -151,26 +150,25 @@ func TestUnpackLayerRemovePartialyUnpackedFile(t *testing.T) {
151150
gw.Close()
152151
f.Close()
153152

154-
// generate sha256 hash
155-
h := sha256.New()
153+
digester := digest.SHA256.Digester()
156154
file, err := os.Open(tarfile)
157155
if err != nil {
158156
t.Fatal(err)
159157
}
160158
defer file.Close()
161-
_, err = io.Copy(h, file)
159+
_, err = io.Copy(digester.Hash(), file)
162160
if err != nil {
163161
t.Fatal(err)
164162
}
165-
err = os.Rename(tarfile, filepath.Join(tmp1, "blobs", "sha256", fmt.Sprintf("%x", h.Sum(nil))))
163+
err = os.Rename(tarfile, filepath.Join(tmp1, "blobs", "sha256", digester.Digest().Hex()))
166164
if err != nil {
167165
t.Fatal(err)
168166
}
169167

170168
testManifest := manifest{
171169
Layers: []descriptor{descriptor{
172170
MediaType: "application/vnd.oci.image.layer.v1.tar+gzip",
173-
Digest: fmt.Sprintf("sha256:%s", fmt.Sprintf("%x", h.Sum(nil))),
171+
Digest: digester.Digest().String(),
174172
}},
175173
}
176174
err = testManifest.unpack(newPathWalker(tmp1), filepath.Join(tmp1, "rootfs"))

0 commit comments

Comments
 (0)