From 562e58d09d6386a9d59d9cbcdbcde752607ed2b1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Wed, 17 Jan 2024 22:56:47 +0100 Subject: [PATCH 1/2] Fix an invalid digest value in tests MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Miloslav Trmač --- internal/manifest/testdata/oci1.index.zstd-selection.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/manifest/testdata/oci1.index.zstd-selection.json b/internal/manifest/testdata/oci1.index.zstd-selection.json index a55e6b4a3..c6b53a477 100644 --- a/internal/manifest/testdata/oci1.index.zstd-selection.json +++ b/internal/manifest/testdata/oci1.index.zstd-selection.json @@ -52,7 +52,7 @@ }, { "mediaType": "application/vnd.oci.image.manifest.v1+json", - "digest": "sha256:gggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggg", + "digest": "sha256:0000000000000000000000000000000000000000000000000000000000000000", "size": 772, "annotations": { "io.github.containers.compression.zstd": "true" From b71a3e3a3d2d407265590270282cce5567620634 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Wed, 17 Jan 2024 23:02:58 +0100 Subject: [PATCH 2/2] Stop using deprecated digest.Digest.Hex MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Should not change behavior. Signed-off-by: Miloslav Trmač --- docker/internal/tarfile/writer.go | 12 ++++++------ docker/registries_d.go | 4 ++-- internal/image/docker_schema2.go | 2 +- manifest/docker_schema1.go | 2 +- manifest/docker_schema2.go | 2 +- manifest/oci.go | 2 +- oci/layout/oci_delete_test.go | 4 ++-- oci/layout/oci_transport.go | 2 +- ostree/ostree_dest.go | 16 ++++++++-------- ostree/ostree_src.go | 6 +++--- sif/src.go | 2 +- storage/storage_dest.go | 8 ++++---- storage/storage_test.go | 4 ++-- tarball/tarball_src.go | 2 +- 14 files changed, 34 insertions(+), 34 deletions(-) diff --git a/docker/internal/tarfile/writer.go b/docker/internal/tarfile/writer.go index 3c3f62008..883c06117 100644 --- a/docker/internal/tarfile/writer.go +++ b/docker/internal/tarfile/writer.go @@ -164,7 +164,7 @@ func (w *Writer) writeLegacyMetadataLocked(layerDescriptors []manifest.Schema2De return fmt.Errorf("marshaling layer config: %w", err) } delete(layerConfig, "layer_id") - layerID := digest.Canonical.FromBytes(b).Hex() + layerID := digest.Canonical.FromBytes(b).Encoded() layerConfig["id"] = layerID configBytes, err := json.Marshal(layerConfig) @@ -309,10 +309,10 @@ func (w *Writer) Close() error { // NOTE: This is an internal implementation detail, not a format property, and can change // any time. func (w *Writer) configPath(configDigest digest.Digest) (string, error) { - if err := configDigest.Validate(); err != nil { // digest.Digest.Hex() panics on failure, and could possibly result in unexpected paths, so validate explicitly. + if err := configDigest.Validate(); err != nil { // digest.Digest.Encoded() panics on failure, and could possibly result in unexpected paths, so validate explicitly. return "", err } - return configDigest.Hex() + ".json", nil + return configDigest.Encoded() + ".json", nil } // physicalLayerPath returns a path we choose for storing a layer with the specified digest @@ -320,15 +320,15 @@ func (w *Writer) configPath(configDigest digest.Digest) (string, error) { // NOTE: This is an internal implementation detail, not a format property, and can change // any time. func (w *Writer) physicalLayerPath(layerDigest digest.Digest) (string, error) { - if err := layerDigest.Validate(); err != nil { // digest.Digest.Hex() panics on failure, and could possibly result in unexpected paths, so validate explicitly. + if err := layerDigest.Validate(); err != nil { // digest.Digest.Encoded() panics on failure, and could possibly result in unexpected paths, so validate explicitly. return "", err } - // Note that this can't be e.g. filepath.Join(l.Digest.Hex(), legacyLayerFileName); due to the way + // Note that this can't be e.g. filepath.Join(l.Digest.Encoded(), legacyLayerFileName); due to the way // writeLegacyMetadata constructs layer IDs differently from inputinfo.Digest values (as described // inside it), most of the layers would end up in subdirectories alone without any metadata; (docker load) // tries to load every subdirectory as an image and fails if the config is missing. So, keep the layers // in the root of the tarball. - return layerDigest.Hex() + ".tar", nil + return layerDigest.Encoded() + ".tar", nil } type tarFI struct { diff --git a/docker/registries_d.go b/docker/registries_d.go index e0fccf713..3619c3bae 100644 --- a/docker/registries_d.go +++ b/docker/registries_d.go @@ -288,10 +288,10 @@ func (ns registryNamespace) signatureTopLevel(write bool) string { // base is not nil from the caller // NOTE: Keep this in sync with docs/signature-protocols.md! func lookasideStorageURL(base lookasideStorageBase, manifestDigest digest.Digest, index int) (*url.URL, error) { - if err := manifestDigest.Validate(); err != nil { // digest.Digest.Hex() panics on failure, and could possibly result in a path with ../, so validate explicitly. + if err := manifestDigest.Validate(); err != nil { // digest.Digest.Encoded() panics on failure, and could possibly result in a path with ../, so validate explicitly. return nil, err } sigURL := *base - sigURL.Path = fmt.Sprintf("%s@%s=%s/signature-%d", sigURL.Path, manifestDigest.Algorithm(), manifestDigest.Hex(), index+1) + sigURL.Path = fmt.Sprintf("%s@%s=%s/signature-%d", sigURL.Path, manifestDigest.Algorithm(), manifestDigest.Encoded(), index+1) return &sigURL, nil } diff --git a/internal/image/docker_schema2.go b/internal/image/docker_schema2.go index c3234c377..01219e391 100644 --- a/internal/image/docker_schema2.go +++ b/internal/image/docker_schema2.go @@ -366,7 +366,7 @@ func v1IDFromBlobDigestAndComponents(blobDigest digest.Digest, others ...string) if err := blobDigest.Validate(); err != nil { return "", err } - parts := append([]string{blobDigest.Hex()}, others...) + parts := append([]string{blobDigest.Encoded()}, others...) v1IDHash := sha256.Sum256([]byte(strings.Join(parts, " "))) return hex.EncodeToString(v1IDHash[:]), nil } diff --git a/manifest/docker_schema1.go b/manifest/docker_schema1.go index 7c8160426..222aa896e 100644 --- a/manifest/docker_schema1.go +++ b/manifest/docker_schema1.go @@ -342,5 +342,5 @@ func (m *Schema1) ImageID(diffIDs []digest.Digest) (string, error) { if err != nil { return "", err } - return digest.FromBytes(image).Hex(), nil + return digest.FromBytes(image).Encoded(), nil } diff --git a/manifest/docker_schema2.go b/manifest/docker_schema2.go index 23ab49cdf..818166834 100644 --- a/manifest/docker_schema2.go +++ b/manifest/docker_schema2.go @@ -295,7 +295,7 @@ func (m *Schema2) ImageID([]digest.Digest) (string, error) { if err := m.ConfigDescriptor.Digest.Validate(); err != nil { return "", err } - return m.ConfigDescriptor.Digest.Hex(), nil + return m.ConfigDescriptor.Digest.Encoded(), nil } // CanChangeLayerCompression returns true if we can compress/decompress layers with mimeType in the current image diff --git a/manifest/oci.go b/manifest/oci.go index 3cfd680d1..497cf476e 100644 --- a/manifest/oci.go +++ b/manifest/oci.go @@ -260,7 +260,7 @@ func (m *OCI1) ImageID(diffIDs []digest.Digest) (string, error) { if err := m.Config.Digest.Validate(); err != nil { return "", err } - return m.Config.Digest.Hex(), nil + return m.Config.Digest.Encoded(), nil } // CanChangeLayerCompression returns true if we can compress/decompress layers with mimeType in the current image diff --git a/oci/layout/oci_delete_test.go b/oci/layout/oci_delete_test.go index cf8d87867..8c88b4ffe 100644 --- a/oci/layout/oci_delete_test.go +++ b/oci/layout/oci_delete_test.go @@ -318,7 +318,7 @@ func loadFixture(t *testing.T, fixtureName string) string { func assertBlobExists(t *testing.T, blobsDir string, blobDigest string) { digest, err := digest.Parse(blobDigest) require.NoError(t, err) - blobPath := filepath.Join(blobsDir, digest.Algorithm().String(), digest.Hex()) + blobPath := filepath.Join(blobsDir, digest.Algorithm().String(), digest.Encoded()) _, err = os.Stat(blobPath) require.NoError(t, err) } @@ -326,7 +326,7 @@ func assertBlobExists(t *testing.T, blobsDir string, blobDigest string) { func assertBlobDoesNotExist(t *testing.T, blobsDir string, blobDigest string) { digest, err := digest.Parse(blobDigest) require.NoError(t, err) - blobPath := filepath.Join(blobsDir, digest.Algorithm().String(), digest.Hex()) + blobPath := filepath.Join(blobsDir, digest.Algorithm().String(), digest.Encoded()) _, err = os.Stat(blobPath) require.True(t, os.IsNotExist(err)) } diff --git a/oci/layout/oci_transport.go b/oci/layout/oci_transport.go index 1e26dc524..816dfa7a1 100644 --- a/oci/layout/oci_transport.go +++ b/oci/layout/oci_transport.go @@ -256,5 +256,5 @@ func (ref ociReference) blobPath(digest digest.Digest, sharedBlobDir string) (st } else { blobDir = filepath.Join(ref.dir, imgspecv1.ImageBlobsDir) } - return filepath.Join(blobDir, digest.Algorithm().String(), digest.Hex()), nil + return filepath.Join(blobDir, digest.Algorithm().String(), digest.Encoded()), nil } diff --git a/ostree/ostree_dest.go b/ostree/ostree_dest.go index 4c46b0707..951b5d098 100644 --- a/ostree/ostree_dest.go +++ b/ostree/ostree_dest.go @@ -164,7 +164,7 @@ func (d *ostreeImageDestination) PutBlobWithOptions(ctx context.Context, stream return private.UploadedBlob{}, err } - hash := blobDigest.Hex() + hash := blobDigest.Encoded() d.blobs[hash] = &blobToImport{Size: size, Digest: blobDigest, BlobPath: blobPath} return private.UploadedBlob{Digest: blobDigest, Size: size}, nil } @@ -282,8 +282,8 @@ func generateTarSplitMetadata(output *bytes.Buffer, file string) (digest.Digest, func (d *ostreeImageDestination) importBlob(selinuxHnd *C.struct_selabel_handle, repo *otbuiltin.Repo, blob *blobToImport) error { // TODO: This can take quite some time, and should ideally be cancellable using a context.Context. - ostreeBranch := fmt.Sprintf("ociimage/%s", blob.Digest.Hex()) - destinationPath := filepath.Join(d.tmpDirPath, blob.Digest.Hex(), "root") + ostreeBranch := fmt.Sprintf("ociimage/%s", blob.Digest.Encoded()) + destinationPath := filepath.Join(d.tmpDirPath, blob.Digest.Encoded(), "root") if err := ensureDirectoryExists(destinationPath); err != nil { return err } @@ -323,7 +323,7 @@ func (d *ostreeImageDestination) importBlob(selinuxHnd *C.struct_selabel_handle, } func (d *ostreeImageDestination) importConfig(repo *otbuiltin.Repo, blob *blobToImport) error { - ostreeBranch := fmt.Sprintf("ociimage/%s", blob.Digest.Hex()) + ostreeBranch := fmt.Sprintf("ociimage/%s", blob.Digest.Encoded()) destinationPath := filepath.Dir(blob.BlobPath) return d.ostreeCommit(repo, ostreeBranch, destinationPath, []string{fmt.Sprintf("docker.size=%d", blob.Size)}) @@ -348,10 +348,10 @@ func (d *ostreeImageDestination) TryReusingBlobWithOptions(ctx context.Context, d.repo = repo } - if err := info.Digest.Validate(); err != nil { // digest.Digest.Hex() panics on failure, so validate explicitly. + if err := info.Digest.Validate(); err != nil { // digest.Digest.Encoded() panics on failure, so validate explicitly. return false, private.ReusedBlob{}, err } - branch := fmt.Sprintf("ociimage/%s", info.Digest.Hex()) + branch := fmt.Sprintf("ociimage/%s", info.Digest.Encoded()) found, data, err := readMetadata(d.repo, branch, "docker.uncompressed_digest") if err != nil || !found { @@ -479,7 +479,7 @@ func (d *ostreeImageDestination) Commit(context.Context, types.UnparsedImage) er if err := layer.Digest.Validate(); err != nil { // digest.Digest.Encoded() panics on failure, so validate explicitly. return err } - hash := layer.Digest.Hex() + hash := layer.Digest.Encoded() if err = checkLayer(hash); err != nil { return err } @@ -488,7 +488,7 @@ func (d *ostreeImageDestination) Commit(context.Context, types.UnparsedImage) er if err := layer.BlobSum.Validate(); err != nil { // digest.Digest.Encoded() panics on failure, so validate explicitly. return err } - hash := layer.BlobSum.Hex() + hash := layer.BlobSum.Encoded() if err = checkLayer(hash); err != nil { return err } diff --git a/ostree/ostree_src.go b/ostree/ostree_src.go index 774f6f007..85a89f253 100644 --- a/ostree/ostree_src.go +++ b/ostree/ostree_src.go @@ -289,7 +289,7 @@ func (s *ostreeImageSource) GetBlob(ctx context.Context, info types.BlobInfo, ca if err := info.Digest.Validate(); err != nil { // digest.Digest.Encoded() panics on failure, so validate explicitly. return nil, -1, err } - blob := info.Digest.Hex() + blob := info.Digest.Encoded() // Ensure s.compressed is initialized. It is build by LayerInfosForCopy. if s.compressed == nil { @@ -301,7 +301,7 @@ func (s *ostreeImageSource) GetBlob(ctx context.Context, info types.BlobInfo, ca } compressedBlob, isCompressed := s.compressed[info.Digest] if isCompressed { - blob = compressedBlob.Hex() + blob = compressedBlob.Encoded() } branch := fmt.Sprintf("ociimage/%s", blob) @@ -424,7 +424,7 @@ func (s *ostreeImageSource) LayerInfosForCopy(ctx context.Context, instanceDiges layerBlobs := man.LayerInfos() for _, layerBlob := range layerBlobs { - branch := fmt.Sprintf("ociimage/%s", layerBlob.Digest.Hex()) + branch := fmt.Sprintf("ociimage/%s", layerBlob.Digest.Encoded()) found, uncompressedDigestStr, err := readMetadata(s.repo, branch, "docker.uncompressed_digest") if err != nil || !found { return nil, err diff --git a/sif/src.go b/sif/src.go index 261cfbe77..f8bf31034 100644 --- a/sif/src.go +++ b/sif/src.go @@ -111,7 +111,7 @@ func newImageSource(ctx context.Context, sys *types.SystemContext, ref sifRefere History: []imgspecv1.History{ { Created: &created, - CreatedBy: fmt.Sprintf("/bin/sh -c #(nop) ADD file:%s in %c", layerDigest.Hex(), os.PathSeparator), + CreatedBy: fmt.Sprintf("/bin/sh -c #(nop) ADD file:%s in %c", layerDigest.Encoded(), os.PathSeparator), Comment: "imported from SIF, uuid: " + sifImg.ID(), }, { diff --git a/storage/storage_dest.go b/storage/storage_dest.go index c09576d86..b84bb1fab 100644 --- a/storage/storage_dest.go +++ b/storage/storage_dest.go @@ -564,7 +564,7 @@ func (s *storageImageDestination) computeID(m manifest.Manifest) string { } // ordinaryImageID is a digest of a config, which is a JSON value. // To avoid the risk of collisions, start the input with @ so that the input is not a valid JSON. - tocImageID := digest.FromString("@With TOC:" + tocIDInput).Hex() + tocImageID := digest.FromString("@With TOC:" + tocIDInput).Encoded() logrus.Debugf("Ordinary storage image ID %s; a layer was looked up by TOC, so using image ID %s", ordinaryImageID, tocImageID) return tocImageID } @@ -651,11 +651,11 @@ func (s *storageImageDestination) singleLayerIDComponent(layerIndex int, blobDig defer s.lock.Unlock() if d, found := s.lockProtected.indexToTOCDigest[layerIndex]; found { - return "@TOC=" + d.Hex(), false // "@" is not a valid start of a digest.Digest, so this is unambiguous. + return "@TOC=" + d.Encoded(), false // "@" is not a valid start of a digest.Digest, so this is unambiguous. } if d, found := s.lockProtected.blobDiffIDs[blobDigest]; found { - return d.Hex(), true // This looks like chain IDs, and it uses the traditional value. + return d.Encoded(), true // This looks like chain IDs, and it uses the traditional value. } return "", false } @@ -731,7 +731,7 @@ func (s *storageImageDestination) commitLayer(index int, info addedLayerInfo, si id := layerIDComponent if !layerIDComponentStandalone || parentLayer != "" { - id = digest.Canonical.FromString(parentLayer + "+" + layerIDComponent).Hex() + id = digest.Canonical.FromString(parentLayer + "+" + layerIDComponent).Encoded() } if layer, err2 := s.imageRef.transport.store.Layer(id); layer != nil && err2 == nil { // There's already a layer that should have the right contents, just reuse it. diff --git a/storage/storage_test.go b/storage/storage_test.go index b0a07e507..662aa3fbf 100644 --- a/storage/storage_test.go +++ b/storage/storage_test.go @@ -437,8 +437,8 @@ func TestWriteRead(t *testing.T) { manifest = strings.ReplaceAll(manifest, "%ch", config.compressedDigest.String()) manifest = strings.ReplaceAll(manifest, "%ls", fmt.Sprintf("%d", layer.compressedSize)) manifest = strings.ReplaceAll(manifest, "%cs", fmt.Sprintf("%d", config.compressedSize)) - manifest = strings.ReplaceAll(manifest, "%li", layer.compressedDigest.Hex()) - manifest = strings.ReplaceAll(manifest, "%ci", config.compressedDigest.Hex()) + manifest = strings.ReplaceAll(manifest, "%li", layer.compressedDigest.Encoded()) + manifest = strings.ReplaceAll(manifest, "%ci", config.compressedDigest.Encoded()) t.Logf("this manifest is %q", manifest) err = dest.PutManifest(context.Background(), []byte(manifest), nil) require.NoError(t, err) diff --git a/tarball/tarball_src.go b/tarball/tarball_src.go index f2c161144..18d4cc2d2 100644 --- a/tarball/tarball_src.go +++ b/tarball/tarball_src.go @@ -117,7 +117,7 @@ func (r *tarballReference) NewImageSource(ctx context.Context, sys *types.System history = append(history, imgspecv1.History{ Created: &blobTime, - CreatedBy: fmt.Sprintf("/bin/sh -c #(nop) ADD file:%s in %c", diffID.Hex(), os.PathSeparator), + CreatedBy: fmt.Sprintf("/bin/sh -c #(nop) ADD file:%s in %c", diffID.Encoded(), os.PathSeparator), Comment: comment, }) // Use the mtime of the most recently modified file as the image's creation time.