Avoid potential connectivity related layer corruption in userspace convertor #289
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Avoid potential connectivity related layer corruption in userspace convertor
Add additional checks to prevent deduplicated layer commit files from having partial downloads leading to corrupted images.
Signed-off-by: Esteban [email protected]
What this PR does / why we need it:
This PR aims to remove an issue with the user space convertor accepting partial deduplicated commit files in the event that the puller suffers from connectivity issues. I encountered this situation specifically with a custom resolver, fetcher, etc but it should repro with the docker ones, either way this hardens that path and prevents any such issues from happening. The main goal is to verify the deduplicated commit layer before upload. Note that such failures would not necessarily lead to a corrupted image in the past, this would only happen if the layer in question is not required in a later commit step, if it is this would lead to an issue being thrown in a subsequent overlaybd-apply. This PR adds recoverability from that situation or allows for explicit failure avoiding corruption in case of running into the issue. The PR also adds general digest verification checks for the layer downloads.
Which issue(s) this PR fixes (optional, in
fixes #<issue number>(, fixes #<issue_number>, ...)
format, will close the issue(s) when PR gets merged):Fixes #
Please check the following list: