Skip to content

Commit

Permalink
WIP: Enforce DiffID match
Browse files Browse the repository at this point in the history
wrong place, wrong logic(?)

Signed-off-by: Miloslav Trmač <[email protected]>
  • Loading branch information
mtrmac committed Nov 27, 2024
1 parent 0c7e91d commit 137b760
Showing 1 changed file with 15 additions and 0 deletions.
15 changes: 15 additions & 0 deletions storage/storage_dest.go
Original file line number Diff line number Diff line change
Expand Up @@ -993,12 +993,27 @@ func (s *storageImageDestination) createNewLayer(index int, layerDigest digest.D
return nil, err
}

// FIXME: Should we insist on UncompressedDigest being always set, and hard fail otherwise??
untrustedUncompressedDigest = d
// While the contents of the digest are untrusted, make sure at least the _format_ is valid,
// because we are going to write it to durable storage in expectedLayerDiffIDFlag .
if err := untrustedUncompressedDigest.Validate(); err != nil {
return nil, err
}
} else {
// FIXME: Clean up. Maybe the generic code can provide us the config earlier?
// FIXME: Always enforce this for all layers??!
d, err := s.untrustedLayerDiffID(index)
if err != nil {
if errors.Is(err, errUntrustedLayerDiffIDNotYetAvailable) {
logrus.Debugf("Skipping commit for layer %q, manifest not yet available", newLayerID)
return nil, nil
}
return nil, err
}
if diffOutput.UncompressedDigest != d {
return nil, fmt.Errorf("uncompressed digest inconsistency for layer %d: config %q vs. computed %q", index, d, diffOutput.UncompressedDigest)
}
}

flags := make(map[string]interface{})
Expand Down

0 comments on commit 137b760

Please sign in to comment.