Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
6.8 KiB
OCI Content Descriptors
An OCI image consists of several different components, arranged in a Merkle Directed Acyclic Graph (DAG). References between components in the graph are expressed through Content Descriptors. A Content Descriptor (or simply Descriptor) describes the disposition of the targeted content. A Content Descriptor includes the type of the content, a content identifier (digest), and the byte-size of the raw content.
Descriptors SHOULD be embedded in other formats to securely reference external content.
Other formats SHOULD use descriptors to securely reference external content.
This section defines the application/vnd.oci.descriptor.v1+json
media type.
Properties
A descriptor consists of a set of properties encapsulated in key-value fields.
The following fields contain the primary properties that constitute a Descriptor:
-
mediaType
stringThis REQUIRED property contains the media type of the referenced content. Values MUST comply with RFC 6838, including the naming requirements in its section 4.2.
The OCI image specification defines several of its own MIME types for resources defined in the specification.
-
digest
stringThis REQUIRED property is the digest of the targeted content, conforming to the requirements outlined in Digests and Verification. Retrieved content SHOULD be verified against this digest when consumed via untrusted sources.
-
size
int64This REQUIRED property specifies the size, in bytes, of the raw content. This property exists so that a client will have an expected size for the content before processing. If the length of the retrieved content does not match the specified length, the content SHOULD NOT be trusted.
-
urls
array of stringsThis OPTIONAL property specifies a list of URIs from which this object MAY be downloaded. Each entry MUST conform to RFC 3986. Entries SHOULD use the
http
andhttps
schemes, as defined in RFC 7230. -
annotations
string-string mapThis OPTIONAL property contains arbitrary metadata for this descriptor. This OPTIONAL property MUST use the annotation rules.
Reserved
The following field keys are reserved and MUST NOT be used by other specifications.
-
data
stringThis key is RESERVED for future versions of the specification.
All other fields may be included in other OCI specifications. Extended Descriptor field additions proposed in other OCI specifications SHOULD first be considered for addition into this specification.
Digests and Verification
The digest property of a Descriptor acts as a content identifier, enabling content addressability. It uniquely identifies content by taking a collision-resistant hash of the bytes. If the identifier can be communicated in a secure manner, one can retrieve the content from an insecure source, calculate the digest independently, and be certain that the correct content was obtained.
The value of the digest property, the digest string, is a serialized hash result, consisting of an algorithm portion and a hex portion. The algorithm identifies the methodology used to calculate the digest; the hex portion is the lowercase hex-encoded result of the hash.
The digest string MUST match the following grammar:
digest := algorithm ":" hex
algorithm := /[a-z0-9_+.-]+/
hex := /[a-f0-9]+/
Some example digest strings include the following:
digest | description |
---|---|
sha256:6c3c624b58dbbcd3c0dd82b4c53f04194d1247c6eebdaab7c610cf7d66709b3b | Common sha256 based digest |
Before consuming content targeted by a descriptor from untrusted sources, the byte content SHOULD be verified against the digest. Before calculating the digest, the size of the content SHOULD be verified to reduce hash collision space. Heavy processing before calculating a hash SHOULD be avoided. Implementations MAY employ some canonicalization of the underlying content to ensure stable content identifiers.
Algorithms
While the algorithm component of the digest does allow one to utilize a wide variety of algorithms, compliant implementations SHOULD use SHA-256.
Let's use a simple example in pseudo-code to demonstrate a digest calculation:
A digest is calculated by the following pseudo-code, where H
is the selected hash algorithm, identified by string <alg>
:
let ID(C) = Descriptor.digest
let C = <bytes>
let D = '<alg>:' + EncodeHex(H(C))
let verified = ID(C) == D
Above, we define the content identifier as ID(C)
, extracted from the Descriptor.digest
field.
Content C
is a string of bytes.
Function H
returns the hash of C
in bytes and is passed to function EncodeHex
to obtain the digest.
The result verified
is true if ID(C)
is equal to D
, confirming that C
is the content identified by D
.
After verification, the following is true:
D == ID(C) == '<alg>:' + EncodeHex(H(C))
The digest is confirmed as the content identifier by independently calculating the digest.
SHA-256
SHA-256 is a collision-resistant hash function, chosen for ubiquity, reasonable size and secure characteristics. Implementations MUST implement SHA-256 digest verification for use in descriptors.
Examples
The following example describes a Manifest with a content identifier of "sha256:5b0bcabd1ed22e9fb1310cf6c2dec7cdef19f0ad69efa1f392e94a4333501270" and a size of 7682 bytes:
{
"mediaType": "application/vnd.oci.image.manifest.v1+json",
"size": 7682,
"digest": "sha256:5b0bcabd1ed22e9fb1310cf6c2dec7cdef19f0ad69efa1f392e94a4333501270"
}
In the following example, the descriptor indicates that the referenced manifest is retrievable from a particular URL:
{
"mediaType": "application/vnd.oci.image.manifest.v1+json",
"size": 7682,
"digest": "sha256:5b0bcabd1ed22e9fb1310cf6c2dec7cdef19f0ad69efa1f392e94a4333501270",
"urls": [
"https://example.com/example-manifest"
]
}