2015-08-21 04:24:30 +00:00
|
|
|
package schema1
|
2014-11-22 03:29:08 +00:00
|
|
|
|
|
|
|
import (
|
|
|
|
"encoding/json"
|
2015-08-21 04:50:15 +00:00
|
|
|
"fmt"
|
2014-11-22 03:29:08 +00:00
|
|
|
|
2020-08-24 11:18:39 +00:00
|
|
|
"github.com/distribution/distribution/v3"
|
|
|
|
"github.com/distribution/distribution/v3/manifest"
|
2015-01-28 22:54:09 +00:00
|
|
|
"github.com/docker/libtrust"
|
2016-12-17 00:28:34 +00:00
|
|
|
"github.com/opencontainers/go-digest"
|
2014-11-22 03:29:08 +00:00
|
|
|
)
|
|
|
|
|
2015-02-20 00:47:13 +00:00
|
|
|
const (
|
2015-08-21 04:50:15 +00:00
|
|
|
// MediaTypeManifest specifies the mediaType for the current version. Note
|
|
|
|
// that for schema version 1, the the media is optionally "application/json".
|
|
|
|
MediaTypeManifest = "application/vnd.docker.distribution.manifest.v1+json"
|
|
|
|
// MediaTypeSignedManifest specifies the mediatype for current SignedManifest version
|
|
|
|
MediaTypeSignedManifest = "application/vnd.docker.distribution.manifest.v1+prettyjws"
|
|
|
|
// MediaTypeManifestLayer specifies the media type for manifest layers
|
|
|
|
MediaTypeManifestLayer = "application/vnd.docker.container.image.rootfs.diff+x-gtar"
|
2015-02-20 00:47:13 +00:00
|
|
|
)
|
|
|
|
|
2022-11-02 21:05:45 +00:00
|
|
|
// SchemaVersion provides a pre-initialized version structure for this
|
|
|
|
// packages version of the manifest.
|
|
|
|
var SchemaVersion = manifest.Versioned{
|
|
|
|
SchemaVersion: 1,
|
|
|
|
}
|
2014-11-22 03:29:08 +00:00
|
|
|
|
2015-08-21 04:50:15 +00:00
|
|
|
func init() {
|
|
|
|
schema1Func := func(b []byte) (distribution.Manifest, distribution.Descriptor, error) {
|
|
|
|
sm := new(SignedManifest)
|
|
|
|
err := sm.UnmarshalJSON(b)
|
|
|
|
if err != nil {
|
|
|
|
return nil, distribution.Descriptor{}, err
|
|
|
|
}
|
|
|
|
|
|
|
|
desc := distribution.Descriptor{
|
2022-11-29 21:59:06 +00:00
|
|
|
MediaType: MediaTypeSignedManifest,
|
2015-08-21 04:50:15 +00:00
|
|
|
Digest: digest.FromBytes(sm.Canonical),
|
|
|
|
Size: int64(len(sm.Canonical)),
|
|
|
|
}
|
|
|
|
return sm, desc, err
|
|
|
|
}
|
2016-01-18 18:26:45 +00:00
|
|
|
err := distribution.RegisterManifestSchema(MediaTypeSignedManifest, schema1Func)
|
2015-08-21 04:50:15 +00:00
|
|
|
if err != nil {
|
|
|
|
panic(fmt.Sprintf("Unable to register manifest: %s", err))
|
|
|
|
}
|
|
|
|
err = distribution.RegisterManifestSchema("", schema1Func)
|
|
|
|
if err != nil {
|
|
|
|
panic(fmt.Sprintf("Unable to register manifest: %s", err))
|
|
|
|
}
|
2016-01-18 17:59:50 +00:00
|
|
|
err = distribution.RegisterManifestSchema("application/json", schema1Func)
|
2015-08-21 04:50:15 +00:00
|
|
|
if err != nil {
|
|
|
|
panic(fmt.Sprintf("Unable to register manifest: %s", err))
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// FSLayer is a container struct for BlobSums defined in an image manifest
|
|
|
|
type FSLayer struct {
|
|
|
|
// BlobSum is the tarsum of the referenced filesystem image layer
|
|
|
|
BlobSum digest.Digest `json:"blobSum"`
|
|
|
|
}
|
|
|
|
|
|
|
|
// History stores unstructured v1 compatibility information
|
|
|
|
type History struct {
|
|
|
|
// V1Compatibility is the raw v1 compatibility information
|
|
|
|
V1Compatibility string `json:"v1Compatibility"`
|
|
|
|
}
|
|
|
|
|
2014-11-22 03:29:08 +00:00
|
|
|
// Manifest provides the base accessible fields for working with V2 image
|
|
|
|
// format in the registry.
|
|
|
|
type Manifest struct {
|
2015-08-21 04:24:30 +00:00
|
|
|
manifest.Versioned
|
2014-11-22 03:29:08 +00:00
|
|
|
|
|
|
|
// Name is the name of the image's repository
|
|
|
|
Name string `json:"name"`
|
|
|
|
|
|
|
|
// Tag is the tag of the image specified by this manifest
|
|
|
|
Tag string `json:"tag"`
|
|
|
|
|
|
|
|
// Architecture is the host architecture on which this image is intended to
|
|
|
|
// run
|
|
|
|
Architecture string `json:"architecture"`
|
|
|
|
|
|
|
|
// FSLayers is a list of filesystem layer blobSums contained in this image
|
|
|
|
FSLayers []FSLayer `json:"fsLayers"`
|
|
|
|
|
|
|
|
// History is a list of unstructured historical data for v1 compatibility
|
2015-01-03 01:54:01 +00:00
|
|
|
History []History `json:"history"`
|
2014-11-22 03:29:08 +00:00
|
|
|
}
|
|
|
|
|
2014-11-26 20:52:52 +00:00
|
|
|
// SignedManifest provides an envelope for a signed image manifest, including
|
2015-08-21 04:50:15 +00:00
|
|
|
// the format sensitive raw bytes.
|
2014-11-22 03:29:08 +00:00
|
|
|
type SignedManifest struct {
|
|
|
|
Manifest
|
|
|
|
|
2015-08-21 04:50:15 +00:00
|
|
|
// Canonical is the canonical byte representation of the ImageManifest,
|
|
|
|
// without any attached signatures. The manifest byte
|
2014-12-02 01:10:33 +00:00
|
|
|
// representation cannot change or it will have to be re-signed.
|
2015-08-21 04:50:15 +00:00
|
|
|
Canonical []byte `json:"-"`
|
|
|
|
|
|
|
|
// all contains the byte representation of the Manifest including signatures
|
2016-02-10 23:20:39 +00:00
|
|
|
// and is returned by Payload()
|
2015-08-21 04:50:15 +00:00
|
|
|
all []byte
|
2014-11-22 03:29:08 +00:00
|
|
|
}
|
|
|
|
|
2015-08-21 04:50:15 +00:00
|
|
|
// UnmarshalJSON populates a new SignedManifest struct from JSON data.
|
2014-11-26 20:52:52 +00:00
|
|
|
func (sm *SignedManifest) UnmarshalJSON(b []byte) error {
|
2019-02-05 00:01:04 +00:00
|
|
|
sm.all = make([]byte, len(b))
|
2015-08-21 04:50:15 +00:00
|
|
|
// store manifest and signatures in all
|
|
|
|
copy(sm.all, b)
|
2015-09-15 04:12:33 +00:00
|
|
|
|
2015-08-21 04:50:15 +00:00
|
|
|
jsig, err := libtrust.ParsePrettySignature(b, "signatures")
|
2015-09-15 04:12:33 +00:00
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
2015-08-21 04:50:15 +00:00
|
|
|
// Resolve the payload in the manifest.
|
|
|
|
bytes, err := jsig.Payload()
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
// sm.Canonical stores the canonical manifest JSON
|
2019-02-05 00:01:04 +00:00
|
|
|
sm.Canonical = make([]byte, len(bytes))
|
2015-08-21 04:50:15 +00:00
|
|
|
copy(sm.Canonical, bytes)
|
|
|
|
|
|
|
|
// Unmarshal canonical JSON into Manifest object
|
2022-11-26 12:15:07 +00:00
|
|
|
var mfst Manifest
|
|
|
|
if err := json.Unmarshal(sm.Canonical, &mfst); err != nil {
|
2014-11-22 03:29:08 +00:00
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
2022-11-26 12:15:07 +00:00
|
|
|
sm.Manifest = mfst
|
2015-08-21 04:50:15 +00:00
|
|
|
|
2014-11-22 03:29:08 +00:00
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2018-09-07 10:13:53 +00:00
|
|
|
// References returns the descriptors of this manifests references
|
2015-08-21 04:50:15 +00:00
|
|
|
func (sm SignedManifest) References() []distribution.Descriptor {
|
|
|
|
dependencies := make([]distribution.Descriptor, len(sm.FSLayers))
|
|
|
|
for i, fsLayer := range sm.FSLayers {
|
|
|
|
dependencies[i] = distribution.Descriptor{
|
|
|
|
MediaType: "application/vnd.docker.container.image.rootfs.diff+x-gtar",
|
|
|
|
Digest: fsLayer.BlobSum,
|
|
|
|
}
|
2015-01-28 22:54:09 +00:00
|
|
|
}
|
|
|
|
|
2015-08-21 04:50:15 +00:00
|
|
|
return dependencies
|
2015-01-28 22:54:09 +00:00
|
|
|
}
|
|
|
|
|
2014-11-22 03:29:08 +00:00
|
|
|
// MarshalJSON returns the contents of raw. If Raw is nil, marshals the inner
|
2014-12-02 01:10:33 +00:00
|
|
|
// contents. Applications requiring a marshaled signed manifest should simply
|
2015-01-02 21:21:29 +00:00
|
|
|
// use Raw directly, since the the content produced by json.Marshal will be
|
2014-12-02 01:10:33 +00:00
|
|
|
// compacted and will fail signature checks.
|
2014-11-26 20:52:52 +00:00
|
|
|
func (sm *SignedManifest) MarshalJSON() ([]byte, error) {
|
2015-08-21 04:50:15 +00:00
|
|
|
if len(sm.all) > 0 {
|
|
|
|
return sm.all, nil
|
2014-11-22 03:29:08 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// If the raw data is not available, just dump the inner content.
|
2014-11-26 20:52:52 +00:00
|
|
|
return json.Marshal(&sm.Manifest)
|
2014-11-22 03:29:08 +00:00
|
|
|
}
|
|
|
|
|
2015-08-21 04:50:15 +00:00
|
|
|
// Payload returns the signed content of the signed manifest.
|
|
|
|
func (sm SignedManifest) Payload() (string, []byte, error) {
|
2016-01-18 18:26:45 +00:00
|
|
|
return MediaTypeSignedManifest, sm.all, nil
|
2014-11-22 03:29:08 +00:00
|
|
|
}
|
|
|
|
|
2015-08-21 04:50:15 +00:00
|
|
|
// Signatures returns the signatures as provided by
|
|
|
|
// (*libtrust.JSONSignature).Signatures. The byte slices are opaque jws
|
|
|
|
// signatures.
|
|
|
|
func (sm *SignedManifest) Signatures() ([][]byte, error) {
|
|
|
|
jsig, err := libtrust.ParsePrettySignature(sm.all, "signatures")
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
// Resolve the payload in the manifest.
|
|
|
|
return jsig.Signatures()
|
2014-11-22 03:29:08 +00:00
|
|
|
}
|