vbatts/cri-o
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

move code supporting push, pull, and inspect to libkpod and libkpod/image

Browse source 
Signed-off-by: Ryan Cole <rcyoalne@gmail.com>
This commit is contained in:
Ryan Cole 2017-07-23 19:01:37 -04:00
parent 2c1fd1ad3f
commit 14864f820e
16 changed files with 319 additions and 269 deletions
Download patch file Download diff file Expand all files Collapse all files

60
libkpod/common/common.go Normal file
View file

@ -0,0 +1,60 @@
package common
import (
"io"
cp "github.com/containers/image/copy"
"github.com/containers/image/types"
)
// GetCopyOptions constructs a new containers/image/copy.Options{} struct from the given parameters
func GetCopyOptions(reportWriter io.Writer, signaturePolicyPath string, srcDockerRegistry, destDockerRegistry *DockerRegistryOptions, signing SigningOptions) *cp.Options {
if srcDockerRegistry == nil {
srcDockerRegistry = &DockerRegistryOptions{}
}
if destDockerRegistry == nil {
destDockerRegistry = &DockerRegistryOptions{}
}
srcContext := srcDockerRegistry.GetSystemContext(signaturePolicyPath)
destContext := destDockerRegistry.GetSystemContext(signaturePolicyPath)
return &cp.Options{
RemoveSignatures: signing.RemoveSignatures,
SignBy: signing.SignBy,
ReportWriter: reportWriter,
SourceCtx: srcContext,
DestinationCtx: destContext,
}
}
// GetSystemContext Constructs a new containers/image/types.SystemContext{} struct from the given signaturePolicy path
func GetSystemContext(signaturePolicyPath string) *types.SystemContext {
sc := &types.SystemContext{}
if signaturePolicyPath != "" {
sc.SignaturePolicyPath = signaturePolicyPath
}
return sc
}
// CopyStringStringMap deep copies a map[string]string and returns the result
func CopyStringStringMap(m map[string]string) map[string]string {
n := map[string]string{}
for k, v := range m {
n[k] = v
}
return n
}
// IsTrue determines whether the given string equals "true"
func IsTrue(str string) bool {
return str == "true"
}
// IsFalse determines whether the given string equals "false"
func IsFalse(str string) bool {
return str == "false"
}
// IsValidBool determines whether the given string equals "true" or "false"
func IsValidBool(str string) bool {
return IsTrue(str) || IsFalse(str)
}

33
libkpod/common/dockerRegistryOptions.go Normal file
View file

@ -0,0 +1,33 @@
package common
import "github.com/containers/image/types"
// DockerRegistryOptions encapsulates settings that affect how we connect or
// authenticate to a remote registry.
type DockerRegistryOptions struct {
// DockerRegistryCreds is the user name and password to supply in case
// we need to pull an image from a registry, and it requires us to
// authenticate.
DockerRegistryCreds *types.DockerAuthConfig
// DockerCertPath is the location of a directory containing CA
// certificates which will be used to verify the registry's certificate
// (all files with names ending in ".crt"), and possibly client
// certificates and private keys (pairs of files with the same name,
// except for ".cert" and ".key" suffixes).
DockerCertPath string
// DockerInsecureSkipTLSVerify turns off verification of TLS
// certificates and allows connecting to registries without encryption.
DockerInsecureSkipTLSVerify bool
}
// GetSystemContext constructs a new system context from the given signaturePolicy path and the
// values in the DockerRegistryOptions
func (o DockerRegistryOptions) GetSystemContext(signaturePolicyPath string) *types.SystemContext {
sc := &types.SystemContext{
SignaturePolicyPath: signaturePolicyPath,
DockerAuthConfig: o.DockerRegistryCreds,
DockerCertPath: o.DockerCertPath,
DockerInsecureSkipTLSVerify: o.DockerInsecureSkipTLSVerify,
}
return sc
}

10
libkpod/common/signingOptions.go Normal file
View file

@ -0,0 +1,10 @@
package common
// SigningOptions encapsulates settings that control whether or not we strip or
// add signatures to images when writing them.
type SigningOptions struct {
// RemoveSignatures directs us to remove any signatures which are already present.
RemoveSignatures bool
// SignBy is a key identifier of some kind, indicating that a signature should be generated using the specified private key and stored with the image.
SignBy string
}

49
libkpod/container.go
View file

@ -2,6 +2,7 @@ package libkpod
import (
cstorage "github.com/containers/storage"
"github.com/pkg/errors"
)
// FindContainer searches for a container with the given name or ID in the given store
@ -46,3 +47,51 @@ func GetContainerRwSize(store cstorage.Store, containerID string) (int64, error)
}
return lstore.DiffSize(layer.Parent, layer.ID)
}
// GetContainerRootFsSize gets the size of the container's root filesystem
// A container FS is split into two parts. The first is the top layer, a
// mutable layer, and the rest is the RootFS: the set of immutable layers
// that make up the image on which the container is based
func GetContainerRootFsSize(store cstorage.Store, containerID string) (int64, error) {
ctrStore, err := store.ContainerStore()
if err != nil {
return 0, err
}
container, err := ctrStore.Get(containerID)
if err != nil {
return 0, err
}
lstore, err := store.LayerStore()
if err != nil {
return 0, err
}
// Ignore the size of the top layer. The top layer is a mutable RW layer
// and is not considered a part of the rootfs
rwLayer, err := lstore.Get(container.LayerID)
if err != nil {
return 0, err
}
layer, err := lstore.Get(rwLayer.Parent)
if err != nil {
return 0, err
}
size := int64(0)
for layer.Parent != "" {
layerSize, err := lstore.DiffSize(layer.Parent, layer.ID)
if err != nil {
return size, errors.Wrapf(err, "getting diffsize of layer %q and its parent %q", layer.ID, layer.Parent)
}
size += layerSize
layer, err = lstore.Get(layer.Parent)
if err != nil {
return 0, err
}
}
// Get the size of the last layer. Has to be outside of the loop
// because the parent of the last layer is "", andlstore.Get("")
// will return an error
layerSize, err := lstore.DiffSize(layer.Parent, layer.ID)
return size + layerSize, err
}

224
libkpod/containerData.go Normal file
View file

@ -0,0 +1,224 @@
package libkpod
import (
"encoding/json"
"time"
"k8s.io/apimachinery/pkg/fields"
pb "k8s.io/kubernetes/pkg/kubelet/api/v1alpha1/runtime"
"github.com/containers/storage"
"github.com/kubernetes-incubator/cri-o/cmd/kpod/docker"
"github.com/kubernetes-incubator/cri-o/libkpod/common"
"github.com/kubernetes-incubator/cri-o/libkpod/driver"
libkpodimage "github.com/kubernetes-incubator/cri-o/libkpod/image"
"github.com/kubernetes-incubator/cri-o/oci"
"github.com/kubernetes-incubator/cri-o/pkg/annotations"
"github.com/opencontainers/image-spec/specs-go/v1"
specs "github.com/opencontainers/runtime-spec/specs-go"
"github.com/pkg/errors"
)
// ContainerData handles the data used when inspecting a container
type ContainerData struct {
ID string
Name string
LogPath string
Labels fields.Set
Annotations fields.Set
State *oci.ContainerState
Metadata *pb.ContainerMetadata
BundlePath string
StopSignal string
Type string `json:"type"`
FromImage string `json:"image,omitempty"`
FromImageID string `json:"image-id"`
MountPoint string `json:"mountpoint,omitempty"`
MountLabel string
Mounts []specs.Mount
AppArmorProfile string
ImageAnnotations map[string]string `json:"annotations,omitempty"`
ImageCreatedBy string `json:"created-by,omitempty"`
OCIv1 v1.Image `json:"ociv1,omitempty"`
Docker docker.V2Image `json:"docker,omitempty"`
SizeRw uint `json:"SizeRw,omitempty"`
SizeRootFs uint `json:"SizeRootFs,omitempty"`
Args []string
ResolvConfPath string
HostnamePath string
HostsPath string
GraphDriver driverData
}
type driverData struct {
Name string
Data map[string]string
}
// GetContainerData gets the ContainerData for a container with the given name in the given store.
// If size is set to true, it will also determine the size of the container
func GetContainerData(store storage.Store, name string, size bool) (*ContainerData, error) {
ctr, err := inspectContainer(store, name)
if err != nil {
return nil, errors.Wrapf(err, "error reading build container %q", name)
}
cid, err := libkpodimage.GetContainerCopyData(store, name)
if err != nil {
return nil, errors.Wrapf(err, "error reading container image data")
}
config, err := store.FromContainerDirectory(ctr.ID(), "config.json")
if err != nil {
return nil, err
}
var m specs.Spec
if err = json.Unmarshal(config, &m); err != nil {
return nil, err
}
driverName, err := driver.GetDriverName(store)
if err != nil {
return nil, err
}
topLayer, err := GetContainerTopLayerID(store, ctr.ID())
if err != nil {
return nil, err
}
driverMetadata, err := driver.GetDriverMetadata(store, topLayer)
if err != nil {
return nil, err
}
data := &ContainerData{
ID: ctr.ID(),
Name: ctr.Name(),
LogPath: ctr.LogPath(),
Labels: ctr.Labels(),
Annotations: ctr.Annotations(),
State: ctr.State(),
Metadata: ctr.Metadata(),
BundlePath: ctr.BundlePath(),
StopSignal: ctr.GetStopSignal(),
Args: m.Process.Args,
Type: cid.Type,
FromImage: cid.FromImage,
FromImageID: cid.FromImageID,
MountPoint: cid.MountPoint,
ImageAnnotations: cid.ImageAnnotations,
ImageCreatedBy: cid.ImageCreatedBy,
OCIv1: cid.OCIv1,
Docker: cid.Docker,
GraphDriver: driverData{
Name: driverName,
Data: driverMetadata,
},
MountLabel: m.Linux.MountLabel,
Mounts: m.Mounts,
AppArmorProfile: m.Process.ApparmorProfile,
ResolvConfPath: "",
HostnamePath: "",
HostsPath: "",
}
if size {
sizeRootFs, err := GetContainerRootFsSize(store, data.ID)
if err != nil {
return nil, errors.Wrapf(err, "error reading size for container %q", name)
}
data.SizeRootFs = uint(sizeRootFs)
sizeRw, err := GetContainerRwSize(store, data.ID)
if err != nil {
return nil, errors.Wrapf(err, "error reading RWSize for container %q", name)
}
data.SizeRw = uint(sizeRw)
}
return data, nil
}
// Get an oci.Container and update its status
func inspectContainer(store storage.Store, container string) (*oci.Container, error) {
ociCtr, err := getOCIContainer(store, container)
if err != nil {
return nil, err
}
// call oci.New() to get the runtime
runtime, err := getOCIRuntime(store, container)
if err != nil {
return nil, err
}
// call runtime.UpdateStatus()
err = runtime.UpdateStatus(ociCtr)
if err != nil {
return nil, err
}
return ociCtr, nil
}
// get an oci.Container instance for a given container ID
func getOCIContainer(store storage.Store, container string) (*oci.Container, error) {
ctr, err := FindContainer(store, container)
if err != nil {
return nil, err
}
config, err := store.FromContainerDirectory(ctr.ID, "config.json")
if err != nil {
return nil, err
}
var m specs.Spec
if err = json.Unmarshal(config, &m); err != nil {
return nil, err
}
labels := make(map[string]string)
err = json.Unmarshal([]byte(m.Annotations[annotations.Labels]), &labels)
if len(m.Annotations[annotations.Labels]) > 0 && err != nil {
return nil, err
}
name := ctr.Names[0]
var metadata pb.ContainerMetadata
err = json.Unmarshal([]byte(m.Annotations[annotations.Metadata]), &metadata)
if len(m.Annotations[annotations.Metadata]) > 0 && err != nil {
return nil, err
}
tty := common.IsTrue(m.Annotations[annotations.TTY])
stdin := common.IsTrue(m.Annotations[annotations.Stdin])
stdinOnce := common.IsTrue(m.Annotations[annotations.StdinOnce])
containerPath, err := store.ContainerRunDirectory(ctr.ID)
if err != nil {
return nil, err
}
containerDir, err := store.ContainerDirectory(ctr.ID)
if err != nil {
return nil, err
}
img, _ := m.Annotations[annotations.Image]
kubeAnnotations := make(map[string]string)
err = json.Unmarshal([]byte(m.Annotations[annotations.Annotations]), &kubeAnnotations)
if len(m.Annotations[annotations.Annotations]) > 0 && err != nil {
return nil, err
}
created := time.Time{}
if len(m.Annotations[annotations.Created]) > 0 {
created, err = time.Parse(time.RFC3339Nano, m.Annotations[annotations.Created])
if err != nil {
return nil, err
}
}
// create a new OCI Container. kpod currently doesn't deal with pod sandboxes, so the fields for netns, privileged, and trusted are left empty
return oci.NewContainer(ctr.ID, name, containerPath, m.Annotations[annotations.LogPath], nil, labels, kubeAnnotations, img, &metadata, ctr.ImageID, tty, stdin, stdinOnce, false, false, containerDir, created, m.Annotations["org.opencontainers.image.stopSignal"])
}
func getOCIRuntime(store storage.Store, container string) (*oci.Runtime, error) {
// TODO: Move server default config out of server so that it can be used instead of this
return oci.New("/usr/bin/runc", "", "runtime", "/usr/local/libexec/crio/conmon", []string{"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"}, "cgroupfs")
}

5
libkpod/driver/driver.go
View file

@ -2,11 +2,13 @@ package driver
import cstorage "github.com/containers/storage"
type DriverData struct {
// Data handles the data for a storage driver
type Data struct {
Name string
Data map[string]string
}
// GetDriverName returns the name of the driver for the given store
func GetDriverName(store cstorage.Store) (string, error) {
driver, err := store.GraphDriver()
if err != nil {
@ -15,6 +17,7 @@ func GetDriverName(store cstorage.Store) (string, error) {
return driver.String(), nil
}
// GetDriverMetadata returns the metadata regarding the driver for the layer in the given store
func GetDriverMetadata(store cstorage.Store, layerID string) (map[string]string, error) {
driver, err := store.GraphDriver()
if err != nil {

459
libkpod/image/CopyRef.go Normal file
View file

@ -0,0 +1,459 @@
package image
import (
"bytes"
"encoding/json"
"io"
"io/ioutil"
"os"
"path/filepath"
"time"
"github.com/Sirupsen/logrus"
"github.com/containers/image/docker/reference"
"github.com/containers/image/image"
is "github.com/containers/image/storage"
"github.com/containers/image/types"
"github.com/containers/storage"
"github.com/containers/storage/pkg/archive"
"github.com/docker/docker/pkg/ioutils"
"github.com/kubernetes-incubator/cri-o/cmd/kpod/docker"
digest "github.com/opencontainers/go-digest"
specs "github.com/opencontainers/image-spec/specs-go"
"github.com/opencontainers/image-spec/specs-go/v1"
"github.com/pkg/errors"
)
// CopyRef handles image references used for copying images to/from remotes
type CopyRef struct {
store storage.Store
compression archive.Compression
name reference.Named
names []string
layerID string
addHistory bool
oconfig []byte
dconfig []byte
created time.Time
createdBy string
annotations map[string]string
preferredManifestType string
exporting bool
}
type copySource struct {
path string
ref *CopyRef
store storage.Store
layerID string
names []string
addHistory bool
compression archive.Compression
config []byte
configDigest digest.Digest
manifest []byte
manifestType string
exporting bool
}
// NewImage creates a new image from the given system context
func (c *CopyRef) NewImage(sc *types.SystemContext) (types.Image, error) {
src, err := c.NewImageSource(sc, nil)
if err != nil {
return nil, err
}
return image.FromSource(src)
}
func selectManifestType(preferred string, acceptable, supported []string) string {
selected := preferred
for _, accept := range acceptable {
if preferred == accept {
return preferred
}
for _, support := range supported {
if accept == support {
selected = accept
}
}
}
return selected
}
// NewImageSource creates a new image source from the given system context and manifest
func (c *CopyRef) NewImageSource(sc *types.SystemContext, manifestTypes []string) (src types.ImageSource, err error) {
// Decide which type of manifest and configuration output we're going to provide.
supportedManifestTypes := []string{v1.MediaTypeImageManifest, docker.V2S2MediaTypeManifest}
manifestType := selectManifestType(c.preferredManifestType, manifestTypes, supportedManifestTypes)
// If it's not a format we support, return an error.
if manifestType != v1.MediaTypeImageManifest && manifestType != docker.V2S2MediaTypeManifest {
return nil, errors.Errorf("no supported manifest types (attempted to use %q, only know %q and %q)",
manifestType, v1.MediaTypeImageManifest, docker.V2S2MediaTypeManifest)
}
// Start building the list of layers using the read-write layer.
layers := []string{}
layerID := c.layerID
layer, err := c.store.Layer(layerID)
if err != nil {
return nil, errors.Wrapf(err, "unable to read layer %q", layerID)
}
// Walk the list of parent layers, prepending each as we go.
for layer != nil {
layers = append(append([]string{}, layerID), layers...)
layerID = layer.Parent
if layerID == "" {
err = nil
break
}
layer, err = c.store.Layer(layerID)
if err != nil {
return nil, errors.Wrapf(err, "unable to read layer %q", layerID)
}
}
logrus.Debugf("layer list: %q", layers)
// Make a temporary directory to hold blobs.
path, err := ioutil.TempDir(os.TempDir(), "kpod")
if err != nil {
return nil, err
}
logrus.Debugf("using %q to hold temporary data", path)
defer func() {
if src == nil {
err2 := os.RemoveAll(path)
if err2 != nil {
logrus.Errorf("error removing %q: %v", path, err)
}
}
}()
// Build fresh copies of the configurations so that we don't mess with the values in the Builder
// object itself.
oimage := v1.Image{}
err = json.Unmarshal(c.oconfig, &oimage)
if err != nil {
return nil, err
}
dimage := docker.V2Image{}
err = json.Unmarshal(c.dconfig, &dimage)
if err != nil {
return nil, err
}
// Start building manifests.
omanifest := v1.Manifest{
Versioned: specs.Versioned{
SchemaVersion: 2,
},
Config: v1.Descriptor{
MediaType: v1.MediaTypeImageConfig,
},
Layers: []v1.Descriptor{},
Annotations: c.annotations,
}
dmanifest := docker.V2S2Manifest{
V2Versioned: docker.V2Versioned{
SchemaVersion: 2,
MediaType: docker.V2S2MediaTypeManifest,
},
Config: docker.V2S2Descriptor{
MediaType: docker.V2S2MediaTypeImageConfig,
},
Layers: []docker.V2S2Descriptor{},
}
oimage.RootFS.Type = docker.TypeLayers
oimage.RootFS.DiffIDs = []digest.Digest{}
dimage.RootFS = &docker.V2S2RootFS{}
dimage.RootFS.Type = docker.TypeLayers
dimage.RootFS.DiffIDs = []digest.Digest{}
// Extract each layer and compute its digests, both compressed (if requested) and uncompressed.
for _, layerID := range layers {
omediaType := v1.MediaTypeImageLayer
dmediaType := docker.V2S2MediaTypeUncompressedLayer
// Figure out which media type we want to call this. Assume no compression.
if c.compression != archive.Uncompressed {
switch c.compression {
case archive.Gzip:
omediaType = v1.MediaTypeImageLayerGzip
dmediaType = docker.V2S2MediaTypeLayer
logrus.Debugf("compressing layer %q with gzip", layerID)
case archive.Bzip2:
// Until the image specs define a media type for bzip2-compressed layers, even if we know
// how to decompress them, we can't try to compress layers with bzip2.
return nil, errors.New("media type for bzip2-compressed layers is not defined")
default:
logrus.Debugf("compressing layer %q with unknown compressor(?)", layerID)
}
}
// If we're not re-exporting the data, just fake up layer and diff IDs for the manifest.
if !c.exporting {
fakeLayerDigest := digest.NewDigestFromHex(digest.Canonical.String(), layerID)
// Add a note in the manifest about the layer. The blobs should be identified by their
// possibly-compressed blob digests, but just use the layer IDs here.
olayerDescriptor := v1.Descriptor{
MediaType: omediaType,
Digest: fakeLayerDigest,
Size: -1,
}
omanifest.Layers = append(omanifest.Layers, olayerDescriptor)
dlayerDescriptor := docker.V2S2Descriptor{
MediaType: dmediaType,
Digest: fakeLayerDigest,
Size: -1,
}
dmanifest.Layers = append(dmanifest.Layers, dlayerDescriptor)
// Add a note about the diffID, which should be uncompressed digest of the blob, but
// just use the layer ID here.
oimage.RootFS.DiffIDs = append(oimage.RootFS.DiffIDs, fakeLayerDigest)
dimage.RootFS.DiffIDs = append(dimage.RootFS.DiffIDs, fakeLayerDigest)
continue
}
// Start reading the layer.
rc, err := i.store.Diff("", layerID, nil)
if err != nil {
return nil, errors.Wrapf(err, "error extracting layer %q", layerID)
}
defer rc.Close()
// Set up to decompress the layer, in case it's coming out compressed. Due to implementation
// differences, the result may not match the digest the blob had when it was originally imported,
// so we have to recompute all of this anyway if we want to be sure the digests we use will be
// correct.
uncompressed, err := archive.DecompressStream(rc)
if err != nil {
return nil, errors.Wrapf(err, "error decompressing layer %q", layerID)
}
defer uncompressed.Close()
srcHasher := digest.Canonical.Digester()
reader := io.TeeReader(uncompressed, srcHasher.Hash())
// Set up to write the possibly-recompressed blob.
layerFile, err := os.OpenFile(filepath.Join(path, "layer"), os.O_CREATE|os.O_WRONLY, 0600)
if err != nil {
return nil, errors.Wrapf(err, "error opening file for layer %q", layerID)
}
destHasher := digest.Canonical.Digester()
counter := ioutils.NewWriteCounter(layerFile)
multiWriter := io.MultiWriter(counter, destHasher.Hash())
// Compress the layer, if we're compressing it.
writer, err := archive.CompressStream(multiWriter, c.compression)
if err != nil {
return nil, errors.Wrapf(err, "error compressing layer %q", layerID)
}
size, err := io.Copy(writer, reader)
if err != nil {
return nil, errors.Wrapf(err, "error storing layer %q to file", layerID)
}
writer.Close()
layerFile.Close()
if c.compression == archive.Uncompressed {
if size != counter.Count {
return nil, errors.Errorf("error storing layer %q to file: inconsistent layer size (copied %d, wrote %d)", layerID, size, counter.Count)
}
} else {
size = counter.Count
}
logrus.Debugf("layer %q size is %d bytes", layerID, size)
// Rename the layer so that we can more easily find it by digest later.
err = os.Rename(filepath.Join(path, "layer"), filepath.Join(path, destHasher.Digest().String()))
if err != nil {
return nil, errors.Wrapf(err, "error storing layer %q to file", layerID)
}
// Add a note in the manifest about the layer. The blobs are identified by their possibly-
// compressed blob digests.
olayerDescriptor := v1.Descriptor{
MediaType: omediaType,
Digest: destHasher.Digest(),
Size: size,
}
omanifest.Layers = append(omanifest.Layers, olayerDescriptor)
dlayerDescriptor := docker.V2S2Descriptor{
MediaType: dmediaType,
Digest: destHasher.Digest(),
Size: size,
}
dmanifest.Layers = append(dmanifest.Layers, dlayerDescriptor)
// Add a note about the diffID, which is always an uncompressed value.
oimage.RootFS.DiffIDs = append(oimage.RootFS.DiffIDs, srcHasher.Digest())
dimage.RootFS.DiffIDs = append(dimage.RootFS.DiffIDs, srcHasher.Digest())
}
if c.addHistory {
// Build history notes in the image configurations.
onews := v1.History{
Created: &c.created,
CreatedBy: c.createdBy,
Author: oimage.Author,
EmptyLayer: false,
}
oimage.History = append(oimage.History, onews)
dnews := docker.V2S2History{
Created: c.created,
CreatedBy: c.createdBy,
Author: dimage.Author,
EmptyLayer: false,
}
dimage.History = append(dimage.History, dnews)
}
// Encode the image configuration blob.
oconfig, err := json.Marshal(&oimage)
if err != nil {
return nil, err
}
logrus.Debugf("OCIv1 config = %s", oconfig)
// Add the configuration blob to the manifest.
omanifest.Config.Digest = digest.Canonical.FromBytes(oconfig)
omanifest.Config.Size = int64(len(oconfig))
omanifest.Config.MediaType = v1.MediaTypeImageConfig
// Encode the manifest.
omanifestbytes, err := json.Marshal(&omanifest)
if err != nil {
return nil, err
}
logrus.Debugf("OCIv1 manifest = %s", omanifestbytes)
// Encode the image configuration blob.
dconfig, err := json.Marshal(&dimage)
if err != nil {
return nil, err
}
logrus.Debugf("Docker v2s2 config = %s", dconfig)
// Add the configuration blob to the manifest.
dmanifest.Config.Digest = digest.Canonical.FromBytes(dconfig)
dmanifest.Config.Size = int64(len(dconfig))
dmanifest.Config.MediaType = docker.V2S2MediaTypeImageConfig
// Encode the manifest.
dmanifestbytes, err := json.Marshal(&dmanifest)
if err != nil {
return nil, err
}
logrus.Debugf("Docker v2s2 manifest = %s", dmanifestbytes)
// Decide which manifest and configuration blobs we'll actually output.
var config []byte
var manifest []byte
switch manifestType {
case v1.MediaTypeImageManifest:
manifest = omanifestbytes
config = oconfig
case docker.V2S2MediaTypeManifest:
manifest = dmanifestbytes
config = dconfig
default:
panic("unreachable code: unsupported manifest type")
}
src = &copySource{
path: path,
ref: c,
store: c.store,
layerID: c.layerID,
names: c.names,
addHistory: c.addHistory,
compression: c.compression,
config: config,
configDigest: digest.Canonical.FromBytes(config),
manifest: manifest,
manifestType: manifestType,
exporting: c.exporting,
}
return src, nil
}
// NewImageDestination creates a new image destination from the given system context
func (c *CopyRef) NewImageDestination(sc *types.SystemContext) (types.ImageDestination, error) {
return nil, errors.Errorf("can't write to a container")
}
// DockerReference gets the docker reference for the given CopyRef
func (c *CopyRef) DockerReference() reference.Named {
return c.name
}
// StringWithinTransport returns the first name of the copyRef
func (c *CopyRef) StringWithinTransport() string {
if len(c.names) > 0 {
return c.names[0]
}
return ""
}
// DeleteImage deletes an image in the CopyRef
func (c *CopyRef) DeleteImage(*types.SystemContext) error {
// we were never here
return nil
}
// PolicyConfigurationIdentity returns the policy configuration for the CopyRef
func (c *CopyRef) PolicyConfigurationIdentity() string {
return ""
}
// PolicyConfigurationNamespaces returns the policy configuration namespace for the CopyRef
func (c *CopyRef) PolicyConfigurationNamespaces() []string {
return nil
}
// Transport returns an ImageTransport for the given CopyRef
func (c *CopyRef) Transport() types.ImageTransport {
return is.Transport
}
func (cs *copySource) Close() error {
err := os.RemoveAll(cs.path)
if err != nil {
logrus.Errorf("error removing %q: %v", cs.path, err)
}
return err
}
func (cs *copySource) Reference() types.ImageReference {
return cs.ref
}
func (cs *copySource) GetSignatures() ([][]byte, error) {
return nil, nil
}
func (cs *copySource) GetTargetManifest(digest digest.Digest) ([]byte, string, error) {
return []byte{}, "", errors.Errorf("TODO")
}
func (cs *copySource) GetManifest() ([]byte, string, error) {
return cs.manifest, cs.manifestType, nil
}
func (cs *copySource) GetBlob(blob types.BlobInfo) (reader io.ReadCloser, size int64, err error) {
if blob.Digest == cs.configDigest {
logrus.Debugf("start reading config")
reader := bytes.NewReader(cs.config)
closer := func() error {
logrus.Debugf("finished reading config")
return nil
}
return ioutils.NewReadCloserWrapper(reader, closer), reader.Size(), nil
}
layerFile, err := os.OpenFile(filepath.Join(cs.path, blob.Digest.String()), os.O_RDONLY, 0600)
if err != nil {
logrus.Debugf("error reading layer %q: %v", blob.Digest.String(), err)
return nil, -1, err
}
size = -1
st, err := layerFile.Stat()
if err != nil {
logrus.Warnf("error reading size of layer %q: %v", blob.Digest.String(), err)
} else {
size = st.Size()
}
logrus.Debugf("reading layer %q", blob.Digest.String())
closer := func() error {
layerFile.Close()
logrus.Debugf("finished reading layer %q", blob.Digest.String())
return nil
}
return ioutils.NewReadCloserWrapper(layerFile, closer), size, nil
}

552
libkpod/image/copyData.go Normal file
View file

@ -0,0 +1,552 @@
package image
import (
"encoding/json"
"fmt"
"io/ioutil"
"os"
"path/filepath"
"runtime"
"time"
"github.com/containers/image/docker/reference"
is "github.com/containers/image/storage"
"github.com/containers/image/types"
"github.com/containers/storage"
"github.com/containers/storage/pkg/archive"
"github.com/docker/docker/pkg/ioutils"
"github.com/kubernetes-incubator/cri-o/cmd/kpod/docker"
"github.com/kubernetes-incubator/cri-o/libkpod/common"
digest "github.com/opencontainers/go-digest"
"github.com/opencontainers/image-spec/specs-go/v1"
ociv1 "github.com/opencontainers/image-spec/specs-go/v1"
"github.com/pkg/errors"
)
const (
// Package is used to identify working containers
Package = "kpod"
containerType = Package + " 0.0.1"
stateFile = Package + ".json"
// OCIv1ImageManifest is the MIME type of an OCIv1 image manifest,
// suitable for specifying as a value of the PreferredManifestType
// member of a CommitOptions structure. It is also the default.
OCIv1ImageManifest = v1.MediaTypeImageManifest
)
// CopyData stores the basic data used when copying a container or image
type CopyData struct {
store storage.Store
// Type is used to help identify a build container's metadata. It
// should not be modified.
Type string `json:"type"`
// FromImage is the name of the source image which was used to create
// the container, if one was used. It should not be modified.
FromImage string `json:"image,omitempty"`
// FromImageID is the ID of the source image which was used to create
// the container, if one was used. It should not be modified.
FromImageID string `json:"image-id"`
// Config is the source image's configuration. It should not be
// modified.
Config []byte `json:"config,omitempty"`
// Manifest is the source image's manifest. It should not be modified.
Manifest []byte `json:"manifest,omitempty"`
// Container is the name of the build container. It should not be modified.
Container string `json:"container-name,omitempty"`
// ContainerID is the ID of the build container. It should not be modified.
ContainerID string `json:"container-id,omitempty"`
// MountPoint is the last location where the container's root
// filesystem was mounted. It should not be modified.
MountPoint string `json:"mountpoint,omitempty"`
// ImageAnnotations is a set of key-value pairs which is stored in the
// image's manifest.
ImageAnnotations map[string]string `json:"annotations,omitempty"`
// ImageCreatedBy is a description of how this container was built.
ImageCreatedBy string `json:"created-by,omitempty"`
// Image metadata and runtime settings, in multiple formats.
OCIv1 v1.Image `json:"ociv1,omitempty"`
Docker docker.V2Image `json:"docker,omitempty"`
}
func (c *CopyData) initConfig() {
image := ociv1.Image{}
dimage := docker.V2Image{}
if len(c.Config) > 0 {
// Try to parse the image config. If we fail, try to start over from scratch
if err := json.Unmarshal(c.Config, &dimage); err == nil && dimage.DockerVersion != "" {
image, err = makeOCIv1Image(&dimage)
if err != nil {
image = ociv1.Image{}
}
} else {
if err := json.Unmarshal(c.Config, &image); err != nil {
if dimage, err = makeDockerV2S2Image(&image); err != nil {
dimage = docker.V2Image{}
}
}
}
c.OCIv1 = image
c.Docker = dimage
} else {
// Try to dig out the image configuration from the manifest
manifest := docker.V2S1Manifest{}
if err := json.Unmarshal(c.Manifest, &manifest); err == nil && manifest.SchemaVersion == 1 {
if dimage, err = makeDockerV2S1Image(manifest); err == nil {
if image, err = makeOCIv1Image(&dimage); err != nil {
image = ociv1.Image{}
}
}
}
c.OCIv1 = image
c.Docker = dimage
}
if len(c.Manifest) > 0 {
// Attempt to recover format-specific data from the manifest
v1Manifest := ociv1.Manifest{}
if json.Unmarshal(c.Manifest, &v1Manifest) == nil {
c.ImageAnnotations = v1Manifest.Annotations
}
}
c.fixupConfig()
}
func (c *CopyData) fixupConfig() {
if c.Docker.Config != nil {
// Prefer image-level settings over those from the container it was built from
c.Docker.ContainerConfig = *c.Docker.Config
}
c.Docker.Config = &c.Docker.ContainerConfig
c.Docker.DockerVersion = ""
now := time.Now().UTC()
if c.Docker.Created.IsZero() {
c.Docker.Created = now
}
if c.OCIv1.Created.IsZero() {
c.OCIv1.Created = &now
}
if c.OS() == "" {
c.SetOS(runtime.GOOS)
}
if c.Architecture() == "" {
c.SetArchitecture(runtime.GOARCH)
}
if c.WorkDir() == "" {
c.SetWorkDir(string(filepath.Separator))
}
}
// OS returns a name of the OS on which a container built using this image
//is intended to be run.
func (c *CopyData) OS() string {
return c.OCIv1.OS
}
// SetOS sets the name of the OS on which a container built using this image
// is intended to be run.
func (c *CopyData) SetOS(os string) {
c.OCIv1.OS = os
c.Docker.OS = os
}
// Architecture returns a name of the architecture on which a container built
// using this image is intended to be run.
func (c *CopyData) Architecture() string {
return c.OCIv1.Architecture
}
// SetArchitecture sets the name of the architecture on which ta container built
// using this image is intended to be run.
func (c *CopyData) SetArchitecture(arch string) {
c.OCIv1.Architecture = arch
c.Docker.Architecture = arch
}
// WorkDir returns the default working directory for running commands in a container
// built using this image.
func (c *CopyData) WorkDir() string {
return c.OCIv1.Config.WorkingDir
}
// SetWorkDir sets the location of the default working directory for running commands
// in a container built using this image.
func (c *CopyData) SetWorkDir(there string) {
c.OCIv1.Config.WorkingDir = there
c.Docker.Config.WorkingDir = there
}
// makeOCIv1Image builds the best OCIv1 image structure we can from the
// contents of the docker image structure.
func makeOCIv1Image(dimage *docker.V2Image) (ociv1.Image, error) {
config := dimage.Config
if config == nil {
config = &dimage.ContainerConfig
}
dimageCreatedTime := dimage.Created.UTC()
image := ociv1.Image{
Created: &dimageCreatedTime,
Author: dimage.Author,
Architecture: dimage.Architecture,
OS: dimage.OS,
Config: ociv1.ImageConfig{
User: config.User,
ExposedPorts: map[string]struct{}{},
Env: config.Env,
Entrypoint: config.Entrypoint,
Cmd: config.Cmd,
Volumes: config.Volumes,
WorkingDir: config.WorkingDir,
Labels: config.Labels,
},
RootFS: ociv1.RootFS{
Type: "",
DiffIDs: []digest.Digest{},
},
History: []ociv1.History{},
}
for port, what := range config.ExposedPorts {
image.Config.ExposedPorts[string(port)] = what
}
RootFS := docker.V2S2RootFS{}
if dimage.RootFS != nil {
RootFS = *dimage.RootFS
}
if RootFS.Type == docker.TypeLayers {
image.RootFS.Type = docker.TypeLayers
for _, id := range RootFS.DiffIDs {
image.RootFS.DiffIDs = append(image.RootFS.DiffIDs, digest.Digest(id.String()))
}
}
for _, history := range dimage.History {
historyCreatedTime := history.Created.UTC()
ohistory := ociv1.History{
Created: &historyCreatedTime,
CreatedBy: history.CreatedBy,
Author: history.Author,
Comment: history.Comment,
EmptyLayer: history.EmptyLayer,
}
image.History = append(image.History, ohistory)
}
return image, nil
}
// makeDockerV2S2Image builds the best docker image structure we can from the
// contents of the OCI image structure.
func makeDockerV2S2Image(oimage *ociv1.Image) (docker.V2Image, error) {
image := docker.V2Image{
V1Image: docker.V1Image{Created: oimage.Created.UTC(),
Author: oimage.Author,
Architecture: oimage.Architecture,
OS: oimage.OS,
ContainerConfig: docker.Config{
User: oimage.Config.User,
ExposedPorts: docker.PortSet{},
Env: oimage.Config.Env,
Entrypoint: oimage.Config.Entrypoint,
Cmd: oimage.Config.Cmd,
Volumes: oimage.Config.Volumes,
WorkingDir: oimage.Config.WorkingDir,
Labels: oimage.Config.Labels,
},
},
RootFS: &docker.V2S2RootFS{
Type: "",
DiffIDs: []digest.Digest{},
},
History: []docker.V2S2History{},
}
for port, what := range oimage.Config.ExposedPorts {
image.ContainerConfig.ExposedPorts[docker.Port(port)] = what
}
if oimage.RootFS.Type == docker.TypeLayers {
image.RootFS.Type = docker.TypeLayers
for _, id := range oimage.RootFS.DiffIDs {
d, err := digest.Parse(id.String())
if err != nil {
return docker.V2Image{}, err
}
image.RootFS.DiffIDs = append(image.RootFS.DiffIDs, d)
}
}
for _, history := range oimage.History {
dhistory := docker.V2S2History{
Created: history.Created.UTC(),
CreatedBy: history.CreatedBy,
Author: history.Author,
Comment: history.Comment,
EmptyLayer: history.EmptyLayer,
}
image.History = append(image.History, dhistory)
}
image.Config = &image.ContainerConfig
return image, nil
}
// makeDockerV2S1Image builds the best docker image structure we can from the
// contents of the V2S1 image structure.
func makeDockerV2S1Image(manifest docker.V2S1Manifest) (docker.V2Image, error) {
// Treat the most recent (first) item in the history as a description of the image.
if len(manifest.History) == 0 {
return docker.V2Image{}, errors.Errorf("error parsing image configuration from manifest")
}
dimage := docker.V2Image{}
err := json.Unmarshal([]byte(manifest.History[0].V1Compatibility), &dimage)
if err != nil {
return docker.V2Image{}, err
}
if dimage.DockerVersion == "" {
return docker.V2Image{}, errors.Errorf("error parsing image configuration from history")
}
// The DiffID list is intended to contain the sums of _uncompressed_ blobs, and these are most
// likely compressed, so leave the list empty to avoid potential confusion later on. We can
// construct a list with the correct values when we prep layers for pushing, so we don't lose.
// information by leaving this part undone.
rootFS := &docker.V2S2RootFS{
Type: docker.TypeLayers,
DiffIDs: []digest.Digest{},
}
// Build a filesystem history.
history := []docker.V2S2History{}
for i := range manifest.History {
h := docker.V2S2History{
Created: time.Now().UTC(),
Author: "",
CreatedBy: "",
Comment: "",
EmptyLayer: false,
}
dcompat := docker.V1Compatibility{}
if err2 := json.Unmarshal([]byte(manifest.History[i].V1Compatibility), &dcompat); err2 == nil {
h.Created = dcompat.Created.UTC()
h.Author = dcompat.Author
h.Comment = dcompat.Comment
if len(dcompat.ContainerConfig.Cmd) > 0 {
h.CreatedBy = fmt.Sprintf("%v", dcompat.ContainerConfig.Cmd)
}
h.EmptyLayer = dcompat.ThrowAway
}
// Prepend this layer to the list, because a v2s1 format manifest's list is in reverse order
// compared to v2s2, which lists earlier layers before later ones.
history = append([]docker.V2S2History{h}, history...)
}
dimage.RootFS = rootFS
dimage.History = history
return dimage, nil
}
// Annotations gets the anotations of the container or image
func (c *CopyData) Annotations() map[string]string {
return common.CopyStringStringMap(c.ImageAnnotations)
}
// Save the CopyData to disk
func (c *CopyData) Save() error {
buildstate, err := json.Marshal(c)
if err != nil {
return err
}
cdir, err := c.store.ContainerDirectory(c.ContainerID)
if err != nil {
return err
}
return ioutils.AtomicWriteFile(filepath.Join(cdir, stateFile), buildstate, 0600)
}
// GetContainerCopyData gets the copy data for a container
func GetContainerCopyData(store storage.Store, name string) (*CopyData, error) {
var data *CopyData
var err error
if name != "" {
data, err = openCopyData(store, name)
if os.IsNotExist(err) {
data, err = importCopyData(store, name, "")
}
}
if err != nil {
return nil, errors.Wrapf(err, "error reading build container")
}
if data == nil {
return nil, errors.Errorf("error finding build container")
}
return data, nil
}
// GetImageCopyData gets the copy data for an image
func GetImageCopyData(store storage.Store, image string) (*CopyData, error) {
if image == "" {
return nil, errors.Errorf("image name must be specified")
}
img, err := FindImage(store, image)
if err != nil {
return nil, errors.Wrapf(err, "error locating image %q for importing settings", image)
}
systemContext := common.GetSystemContext("")
data, err := ImportCopyDataFromImage(store, systemContext, img.ID, "", "")
if err != nil {
return nil, errors.Wrapf(err, "error reading image")
}
if data == nil {
return nil, errors.Errorf("error mocking up build configuration")
}
return data, nil
}
func importCopyData(store storage.Store, container, signaturePolicyPath string) (*CopyData, error) {
if container == "" {
return nil, errors.Errorf("container name must be specified")
}
c, err := store.Container(container)
if err != nil {
return nil, err
}
systemContext := common.GetSystemContext(signaturePolicyPath)
data, err := ImportCopyDataFromImage(store, systemContext, c.ImageID, container, c.ID)
if err != nil {
return nil, err
}
if data.FromImageID != "" {
if d, err2 := digest.Parse(data.FromImageID); err2 == nil {
data.Docker.Parent = docker.ID(d)
} else {
data.Docker.Parent = docker.ID(digest.NewDigestFromHex(digest.Canonical.String(), data.FromImageID))
}
}
if data.FromImage != "" {
data.Docker.ContainerConfig.Image = data.FromImage
}
err = data.Save()
if err != nil {
return nil, errors.Wrapf(err, "error saving CopyData state")
}
return data, nil
}
func openCopyData(store storage.Store, container string) (*CopyData, error) {
cdir, err := store.ContainerDirectory(container)
if err != nil {
return nil, err
}
buildstate, err := ioutil.ReadFile(filepath.Join(cdir, stateFile))
if err != nil {
return nil, err
}
c := &CopyData{}
err = json.Unmarshal(buildstate, &c)
if err != nil {
return nil, err
}
if c.Type != containerType {
return nil, errors.Errorf("container is not a %s container", Package)
}
c.store = store
c.fixupConfig()
return c, nil
}
// ImportCopyDataFromImage creates copy data for an image with the given parameters
func ImportCopyDataFromImage(store storage.Store, systemContext *types.SystemContext, imageID, containerName, containerID string) (*CopyData, error) {
manifest := []byte{}
config := []byte{}
imageName := ""
if imageID != "" {
ref, err := is.Transport.ParseStoreReference(store, "@"+imageID)
if err != nil {
return nil, errors.Wrapf(err, "no such image %q", "@"+imageID)
}
src, err2 := ref.NewImage(systemContext)
if err2 != nil {
return nil, errors.Wrapf(err2, "error instantiating image")
}
defer src.Close()
config, err = src.ConfigBlob()
if err != nil {
return nil, errors.Wrapf(err, "error reading image configuration")
}
manifest, _, err = src.Manifest()
if err != nil {
return nil, errors.Wrapf(err, "error reading image manifest")
}
if img, err3 := store.Image(imageID); err3 == nil {
if len(img.Names) > 0 {
imageName = img.Names[0]
}
}
}
data := &CopyData{
store: store,
Type: containerType,
FromImage: imageName,
FromImageID: imageID,
Config: config,
Manifest: manifest,
Container: containerName,
ContainerID: containerID,
ImageAnnotations: map[string]string{},
ImageCreatedBy: "",
}
data.initConfig()
return data, nil
}
// MakeImageRef converts a CopyData struct into a types.ImageReference
func (c *CopyData) MakeImageRef(manifestType string, compress archive.Compression, names []string, layerID string, historyTimestamp *time.Time) (types.ImageReference, error) {
var name reference.Named
if len(names) > 0 {
if parsed, err := reference.ParseNamed(names[0]); err == nil {
name = parsed
}
}
if manifestType == "" {
manifestType = OCIv1ImageManifest
}
oconfig, err := json.Marshal(&c.OCIv1)
if err != nil {
return nil, errors.Wrapf(err, "error encoding OCI-format image configuration")
}
dconfig, err := json.Marshal(&c.Docker)
if err != nil {
return nil, errors.Wrapf(err, "error encoding docker-format image configuration")
}
created := time.Now().UTC()
if historyTimestamp != nil {
created = historyTimestamp.UTC()
}
ref := &CopyRef{
store: c.store,
compression: compress,
name: name,
names: names,
layerID: layerID,
addHistory: false,
oconfig: oconfig,
dconfig: dconfig,
created: created,
createdBy: c.ImageCreatedBy,
annotations: c.ImageAnnotations,
preferredManifestType: manifestType,
exporting: true,
}
return ref, nil
}

2
libkpod/image/image.go
View file

@ -44,7 +44,7 @@ func Size(store storage.Store, img storage.Image) (int64, error) {
return imgSize, nil
}
// TopLayer returns the ID of the top layer of the image
// GetTopLayerID returns the ID of the top layer of the image
func GetTopLayerID(img storage.Image) (string, error) {
metadata, err := ParseMetadata(img)
if err != nil {

165
libkpod/image/imageData.go Normal file
View file

@ -0,0 +1,165 @@
package image
import (
"encoding/json"
"time"
"github.com/containers/storage"
"github.com/kubernetes-incubator/cri-o/libkpod/driver"
digest "github.com/opencontainers/go-digest"
ociv1 "github.com/opencontainers/image-spec/specs-go/v1"
"github.com/pkg/errors"
)
// ImageData handles the data used when inspecting a container
type ImageData struct {
ID string
Names []string
Digests []digest.Digest
Parent string
Comment string
Created *time.Time
Container string
ContainerConfig containerConfig
Author string
Config ociv1.ImageConfig
Architecture string
OS string
Size uint
VirtualSize uint
GraphDriver driver.Data
RootFS ociv1.RootFS
}
type containerConfig struct {
Hostname string
Domainname string
User string
AttachStdin bool
AttachStdout bool
AttachStderr bool
Tty bool
OpenStdin bool
StdinOnce bool
Env []string
Cmd []string
ArgsEscaped bool
Image digest.Digest
Volumes map[string]interface{}
WorkingDir string
Entrypoint []string
Labels interface{}
OnBuild []string
}
type rootFS struct {
Type string
Layers []string
}
// GetImageData gets the ImageData for a container with the given name in the given store.
func GetImageData(store storage.Store, name string) (*ImageData, error) {
img, err := FindImage(store, name)
if err != nil {
return nil, errors.Wrapf(err, "error reading image %q", name)
}
cid, err := GetImageCopyData(store, name)
if err != nil {
return nil, errors.Wrapf(err, "error reading image %q", name)
}
digests, err := getDigests(*img)
if err != nil {
return nil, err
}
var bigData interface{}
ctrConfig := containerConfig{}
container := ""
if len(digests) > 0 {
bd, err := store.ImageBigData(img.ID, string(digests[len(digests)-1]))
if err != nil {
return nil, err
}
err = json.Unmarshal(bd, &bigData)
if err != nil {
return nil, err
}
container = (bigData.(map[string]interface{})["container"]).(string)
cc, err := json.MarshalIndent((bigData.(map[string]interface{})["container_config"]).(map[string]interface{}), "", " ")
if err != nil {
return nil, err
}
err = json.Unmarshal(cc, &ctrConfig)
if err != nil {
return nil, err
}
}
driverName, err := driver.GetDriverName(store)
if err != nil {
return nil, err
}
topLayerID, err := GetTopLayerID(*img)
if err != nil {
return nil, err
}
driverMetadata, err := driver.GetDriverMetadata(store, topLayerID)
if err != nil {
return nil, err
}
lstore, err := store.LayerStore()
if err != nil {
return nil, err
}
layer, err := lstore.Get(topLayerID)
if err != nil {
return nil, err
}
size, err := lstore.DiffSize(layer.Parent, layer.ID)
if err != nil {
return nil, err
}
virtualSize, err := Size(store, *img)
if err != nil {
return nil, err
}
return &ImageData{
ID: img.ID,
Names: img.Names,
Digests: digests,
Parent: string(cid.Docker.Parent),
Comment: cid.OCIv1.History[0].Comment,
Created: cid.OCIv1.Created,
Container: container,
ContainerConfig: ctrConfig,
Author: cid.OCIv1.Author,
Config: cid.OCIv1.Config,
Architecture: cid.OCIv1.Architecture,
OS: cid.OCIv1.OS,
Size: uint(size),
VirtualSize: uint(virtualSize),
GraphDriver: driver.Data{
Name: driverName,
Data: driverMetadata,
},
RootFS: cid.OCIv1.RootFS,
}, nil
}
func getDigests(img storage.Image) ([]digest.Digest, error) {
metadata, err := ParseMetadata(img)
if err != nil {
return nil, err
}
digests := []digest.Digest{}
for _, blob := range metadata.Blobs {
digests = append(digests, blob.Digest)
}
return digests, nil
}