Further fixes for unicode handling in manifests

We were occasionally trying to compute schema 2 version 1 signatures on the *unicode* representation, which was failing the signature check. This PR adds a new wrapper type called `Bytes`, which all manifests must take in, and which handles the unicodes vs encoded utf-8 stuff in a central location. This PR also adds a test for the manifest that was breaking in production.
2019-01-08 20:49:00 -05:00 · 2019-01-08 20:49:00 -05:00 · 171c7e5238
commit 171c7e5238
parent 05fa2bcbe0
28 changed files with 275 additions and 106 deletions
--- a/workers/tagbackfillworker.py
+++ b/workers/tagbackfillworker.py
@ -19,6 +19,7 @@ from image.docker.schema1 import (DockerSchema1Manifest, ManifestException, Mani
                                  DOCKER_SCHEMA1_SIGNED_MANIFEST_CONTENT_TYPE)

 from workers.worker import Worker
+from util.bytes import Bytes
 from util.log import logfile_path
 from util.migrate.allocator import yield_random_entries

@ -33,7 +34,7 @@ class BrokenManifest(ManifestInterface):
  """
  def __init__(self, digest, payload):
    self._digest = digest
-    self._payload = payload
+    self._payload = Bytes.for_string_or_unicode(payload)

  @property
  def digest(self):
--- a/workers/test/test_tagbackfillworker.py
+++ b/workers/test/test_tagbackfillworker.py
@ -142,7 +142,8 @@ def test_manifestbackfillworker_mislinked_manifest(clear_rows, initialized_db):
  builder.add_layer(tag_v30.image.storage.content_checksum, '{"id": "foo"}')
  manifest = builder.build(docker_v2_signing_key)

-  mislinked_manifest = TagManifest.create(json_data=manifest.bytes, digest=manifest.digest,
+  mislinked_manifest = TagManifest.create(json_data=manifest.bytes.as_encoded_str(),
+                                          digest=manifest.digest,
                                          tag=tag_v50)

  # Backfill the manifest and ensure its proper content checksum was linked.
@ -176,7 +177,8 @@ def test_manifestbackfillworker_mislinked_invalid_manifest(clear_rows, initializ
  builder.add_layer('sha256:deadbeef', '{"id": "foo"}')
  manifest = builder.build(docker_v2_signing_key)

-  broken_manifest = TagManifest.create(json_data=manifest.bytes, digest=manifest.digest,
+  broken_manifest = TagManifest.create(json_data=manifest.bytes.as_encoded_str(),
+                                       digest=manifest.digest,
                                       tag=tag_v50)

  # Backfill the manifest and ensure it is marked as broken.
@ -208,9 +210,9 @@ def test_manifestbackfillworker_repeat_digest(clear_rows, initialized_db):
  builder.add_layer('sha256:deadbeef', '{"id": "foo"}')
  manifest = builder.build(docker_v2_signing_key)

-  manifest_1 = TagManifest.create(json_data=manifest.bytes, digest=manifest.digest,
+  manifest_1 = TagManifest.create(json_data=manifest.bytes.as_encoded_str(), digest=manifest.digest,
                                  tag=tag_v30)
-  manifest_2 = TagManifest.create(json_data=manifest.bytes, digest=manifest.digest,
+  manifest_2 = TagManifest.create(json_data=manifest.bytes.as_encoded_str(), digest=manifest.digest,
                                  tag=tag_v50)

  # Backfill "both" manifests and ensure both are pointed to by a single resulting row.