*: switch from godep to glide

Signed-off-by: Antonio Murdaca <runcom@redhat.com>

vendor/github.com/containers/image/docker/docker_image_src.go

@@ -6,6 +6,8 @@ import (
 	"io/ioutil"
 	"mime"
 	"net/http"
+	"net/url"
+	"os"
 	"strconv"
 
 	"github.com/Sirupsen/logrus"
@@ -23,19 +25,30 @@ func (e errFetchManifest) Error() string {
 }
 
 type dockerImageSource struct {
-	ref dockerReference
-	c   *dockerClient
+	ref                        dockerReference
+	requestedManifestMIMETypes []string
+	c                          *dockerClient
+	// State
+	cachedManifest         []byte // nil if not loaded yet
+	cachedManifestMIMEType string // Only valid if cachedManifest != nil
 }
 
-// newImageSource creates a new ImageSource for the specified image reference and connection specification.
-func newImageSource(ref dockerReference, certPath string, tlsVerify bool) (*dockerImageSource, error) {
-	c, err := newDockerClient(ref.ref.Hostname(), certPath, tlsVerify)
+// newImageSource creates a new ImageSource for the specified image reference,
+// asking the backend to use a manifest from requestedManifestMIMETypes if possible.
+// nil requestedManifestMIMETypes means manifest.DefaultRequestedManifestMIMETypes.
+// The caller must call .Close() on the returned ImageSource.
+func newImageSource(ctx *types.SystemContext, ref dockerReference, requestedManifestMIMETypes []string) (*dockerImageSource, error) {
+	c, err := newDockerClient(ctx, ref, false)
 	if err != nil {
 		return nil, err
 	}
+	if requestedManifestMIMETypes == nil {
+		requestedManifestMIMETypes = manifest.DefaultRequestedManifestMIMETypes
+	}
 	return &dockerImageSource{
 		ref: ref,
-		c:   c,
+		requestedManifestMIMETypes: requestedManifestMIMETypes,
+		c: c,
 	}, nil
 }
 
@@ -45,6 +58,10 @@ func (s *dockerImageSource) Reference() types.ImageReference {
 	return s.ref
 }
 
+// Close removes resources associated with an initialized ImageSource, if any.
+func (s *dockerImageSource) Close() {
+}
+
 // simplifyContentType drops parameters from a HTTP media type (see https://tools.ietf.org/html/rfc7231#section-3.1.1.1)
 // Alternatively, an empty string is returned unchanged, and invalid values are "simplified" to an empty string.
 func simplifyContentType(contentType string) string {
@@ -58,32 +75,54 @@ func simplifyContentType(contentType string) string {
 	return mimeType
 }
 
-func (s *dockerImageSource) GetManifest(mimetypes []string) ([]byte, string, error) {
-	reference, err := s.ref.tagOrDigest()
+func (s *dockerImageSource) GetManifest() ([]byte, string, error) {
+	err := s.ensureManifestIsLoaded()
 	if err != nil {
 		return nil, "", err
 	}
+	return s.cachedManifest, s.cachedManifestMIMEType, nil
+}
+
+// ensureManifestIsLoaded sets s.cachedManifest and s.cachedManifestMIMEType
+//
+// ImageSource implementations are not required or expected to do any caching,
+// but because our signatures are “attached” to the manifest digest,
+// we need to ensure that the digest of the manifest returned by GetManifest
+// and used by GetSignatures are consistent, otherwise we would get spurious
+// signature verification failures when pulling while a tag is being updated.
+func (s *dockerImageSource) ensureManifestIsLoaded() error {
+	if s.cachedManifest != nil {
+		return nil
+	}
+
+	reference, err := s.ref.tagOrDigest()
+	if err != nil {
+		return err
+	}
 	url := fmt.Sprintf(manifestURL, s.ref.ref.RemoteName(), reference)
 	// TODO(runcom) set manifest version header! schema1 for now - then schema2 etc etc and v1
 	// TODO(runcom) NO, switch on the resulter manifest like Docker is doing
 	headers := make(map[string][]string)
-	headers["Accept"] = mimetypes
+	headers["Accept"] = s.requestedManifestMIMETypes
 	res, err := s.c.makeRequest("GET", url, headers, nil)
 	if err != nil {
-		return nil, "", err
+		return err
 	}
 	defer res.Body.Close()
 	manblob, err := ioutil.ReadAll(res.Body)
 	if err != nil {
-		return nil, "", err
+		return err
 	}
 	if res.StatusCode != http.StatusOK {
-		return nil, "", errFetchManifest{res.StatusCode, manblob}
+		return errFetchManifest{res.StatusCode, manblob}
 	}
 	// We might validate manblob against the Docker-Content-Digest header here to protect against transport errors.
-	return manblob, simplifyContentType(res.Header.Get("Content-Type")), nil
+	s.cachedManifest = manblob
+	s.cachedManifestMIMEType = simplifyContentType(res.Header.Get("Content-Type"))
+	return nil
 }
 
+// GetBlob returns a stream for the specified blob, and the blob’s size (or -1 if unknown).
 func (s *dockerImageSource) GetBlob(digest string) (io.ReadCloser, int64, error) {
 	url := fmt.Sprintf(blobsURL, s.ref.ref.RemoteName(), digest)
 	logrus.Debugf("Downloading %s", url)
@@ -97,62 +136,152 @@ func (s *dockerImageSource) GetBlob(digest string) (io.ReadCloser, int64, error)
 	}
 	size, err := strconv.ParseInt(res.Header.Get("Content-Length"), 10, 64)
 	if err != nil {
-		size = 0
+		size = -1
 	}
 	return res.Body, size, nil
 }
 
 func (s *dockerImageSource) GetSignatures() ([][]byte, error) {
-	return [][]byte{}, nil
+	if s.c.signatureBase == nil { // Skip dealing with the manifest digest if not necessary.
+		return [][]byte{}, nil
+	}
+
+	if err := s.ensureManifestIsLoaded(); err != nil {
+		return nil, err
+	}
+	manifestDigest, err := manifest.Digest(s.cachedManifest)
+	if err != nil {
+		return nil, err
+	}
+
+	signatures := [][]byte{}
+	for i := 0; ; i++ {
+		url := signatureStorageURL(s.c.signatureBase, manifestDigest, i)
+		if url == nil {
+			return nil, fmt.Errorf("Internal error: signatureStorageURL with non-nil base returned nil")
+		}
+		signature, missing, err := s.getOneSignature(url)
+		if err != nil {
+			return nil, err
+		}
+		if missing {
+			break
+		}
+		signatures = append(signatures, signature)
+	}
+	return signatures, nil
 }
 
-func (s *dockerImageSource) Delete() error {
-	var body []byte
+// getOneSignature downloads one signature from url.
+// If it successfully determines that the signature does not exist, returns with missing set to true and error set to nil.
+func (s *dockerImageSource) getOneSignature(url *url.URL) (signature []byte, missing bool, err error) {
+	switch url.Scheme {
+	case "file":
+		logrus.Debugf("Reading %s", url.Path)
+		sig, err := ioutil.ReadFile(url.Path)
+		if err != nil {
+			if os.IsNotExist(err) {
+				return nil, true, nil
+			}
+			return nil, false, err
+		}
+		return sig, false, nil
+
+	case "http", "https":
+		logrus.Debugf("GET %s", url)
+		res, err := s.c.client.Get(url.String())
+		if err != nil {
+			return nil, false, err
+		}
+		defer res.Body.Close()
+		if res.StatusCode == http.StatusNotFound {
+			return nil, true, nil
+		} else if res.StatusCode != http.StatusOK {
+			return nil, false, fmt.Errorf("Error reading signature from %s: status %d", url.String(), res.StatusCode)
+		}
+		sig, err := ioutil.ReadAll(res.Body)
+		if err != nil {
+			return nil, false, err
+		}
+		return sig, false, nil
+
+	default:
+		return nil, false, fmt.Errorf("Unsupported scheme when reading signature from %s", url.String())
+	}
+}
+
+// deleteImage deletes the named image from the registry, if supported.
+func deleteImage(ctx *types.SystemContext, ref dockerReference) error {
+	c, err := newDockerClient(ctx, ref, true)
+	if err != nil {
+		return err
+	}
 
 	// When retrieving the digest from a registry >= 2.3 use the following header:
 	//   "Accept": "application/vnd.docker.distribution.manifest.v2+json"
 	headers := make(map[string][]string)
-	headers["Accept"] = []string{manifest.DockerV2Schema2MIMEType}
+	headers["Accept"] = []string{manifest.DockerV2Schema2MediaType}
 
-	reference, err := s.ref.tagOrDigest()
+	reference, err := ref.tagOrDigest()
 	if err != nil {
 		return err
 	}
-	getURL := fmt.Sprintf(manifestURL, s.ref.ref.RemoteName(), reference)
-	get, err := s.c.makeRequest("GET", getURL, headers, nil)
+	getURL := fmt.Sprintf(manifestURL, ref.ref.RemoteName(), reference)
+	get, err := c.makeRequest("GET", getURL, headers, nil)
 	if err != nil {
 		return err
 	}
 	defer get.Body.Close()
-	body, err = ioutil.ReadAll(get.Body)
+	manifestBody, err := ioutil.ReadAll(get.Body)
 	if err != nil {
 		return err
 	}
 	switch get.StatusCode {
 	case http.StatusOK:
 	case http.StatusNotFound:
-		return fmt.Errorf("Unable to delete %v. Image may not exist or is not stored with a v2 Schema in a v2 registry.", s.ref.ref)
+		return fmt.Errorf("Unable to delete %v. Image may not exist or is not stored with a v2 Schema in a v2 registry.", ref.ref)
 	default:
-		return fmt.Errorf("Failed to delete %v: %v (%v)", s.ref.ref, body, get.Status)
+		return fmt.Errorf("Failed to delete %v: %s (%v)", ref.ref, manifestBody, get.Status)
 	}
 
 	digest := get.Header.Get("Docker-Content-Digest")
-	deleteURL := fmt.Sprintf(manifestURL, s.ref.ref.RemoteName(), digest)
+	deleteURL := fmt.Sprintf(manifestURL, ref.ref.RemoteName(), digest)
 
 	// When retrieving the digest from a registry >= 2.3 use the following header:
 	//   "Accept": "application/vnd.docker.distribution.manifest.v2+json"
-	delete, err := s.c.makeRequest("DELETE", deleteURL, headers, nil)
+	delete, err := c.makeRequest("DELETE", deleteURL, headers, nil)
 	if err != nil {
 		return err
 	}
 	defer delete.Body.Close()
 
-	body, err = ioutil.ReadAll(delete.Body)
+	body, err := ioutil.ReadAll(delete.Body)
 	if err != nil {
 		return err
 	}
 	if delete.StatusCode != http.StatusAccepted {
-		return fmt.Errorf("Failed to delete %v: %v (%v)", deleteURL, body, delete.Status)
+		return fmt.Errorf("Failed to delete %v: %s (%v)", deleteURL, string(body), delete.Status)
+	}
+
+	if c.signatureBase != nil {
+		manifestDigest, err := manifest.Digest(manifestBody)
+		if err != nil {
+			return err
+		}
+
+		for i := 0; ; i++ {
+			url := signatureStorageURL(c.signatureBase, manifestDigest, i)
+			if url == nil {
+				return fmt.Errorf("Internal error: signatureStorageURL with non-nil base returned nil")
+			}
+			missing, err := c.deleteOneSignature(url)
+			if err != nil {
+				return err
+			}
+			if missing {
+				break
+			}
+		}
 	}
 
 	return nil