From e20645c0505bb445ddb5fe827f3f4d2dbc413ff4 Mon Sep 17 00:00:00 2001 From: Milos Gajdos Date: Fri, 28 Feb 2025 07:20:48 -0800 Subject: [PATCH 1/2] Enable MD5 check on GCS driver Apparently you can upload 0-size content wihtout GCS reportin any errors back to you. This is something a lot of our users experienced and reported. See here for at least one example: github.com/distribution/distribution/issues/3018 This sets tbe MD5 sum on the uploaded content which should rectify things according to the docs: https://pkg.go.dev/cloud.google.com/go/storage#ObjectAttrs Signed-off-by: Milos Gajdos --- registry/storage/driver/gcs/gcs.go | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/registry/storage/driver/gcs/gcs.go b/registry/storage/driver/gcs/gcs.go index 9676f7a09..4b4477331 100644 --- a/registry/storage/driver/gcs/gcs.go +++ b/registry/storage/driver/gcs/gcs.go @@ -14,6 +14,7 @@ package gcs import ( "bytes" "context" + "crypto/md5" "encoding/json" "errors" "fmt" @@ -425,6 +426,10 @@ func (d *driver) putContent(ctx context.Context, obj *storage.ObjectHandle, cont if _, err := bytes.NewReader(content).WriteTo(wc); err != nil { return err } + h := md5.New() + h.Write(content) + wc.MD5 = h.Sum(nil) + return wc.Close() } From 7884c71297db23046eca9080479aad2c04c79375 Mon Sep 17 00:00:00 2001 From: Milos Gajdos Date: Sat, 1 Mar 2025 07:35:41 -0800 Subject: [PATCH 2/2] Add code comment Adding a code comment that explains setting MD5 Sum field. Signed-off-by: Milos Gajdos --- registry/storage/driver/gcs/gcs.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/registry/storage/driver/gcs/gcs.go b/registry/storage/driver/gcs/gcs.go index 4b4477331..968decee3 100644 --- a/registry/storage/driver/gcs/gcs.go +++ b/registry/storage/driver/gcs/gcs.go @@ -426,6 +426,10 @@ func (d *driver) putContent(ctx context.Context, obj *storage.ObjectHandle, cont if _, err := bytes.NewReader(content).WriteTo(wc); err != nil { return err } + // NOTE(milosgajdos): Apparently it's posisble to to upload 0-byte content to GCS. + // Setting MD5 on the Writer helps to prevent presisting that data. + // If set, the uploaded data is rejected if its MD5 hash does not match this field. + // See: https://pkg.go.dev/cloud.google.com/go/storage#ObjectAttrs h := md5.New() h.Write(content) wc.MD5 = h.Sum(nil)