github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-08-17 15:38:00 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #10925 from katexochen/p/fail-on-layer-pull

Browse Source 
genpolicy: fail when layer can't be processed
This commit is contained in:
Dan Mihai 2025-02-26 13:28:38 -08:00 committed by GitHub
commit cb382e1367
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/tools/genpolicy/src/registry.rs
View File

@ -11,7 +11,7 @@ use crate::policy;
use crate::utils::Config; use crate::utils::Config;
use crate::verity; use crate::verity;
use anyhow::{anyhow, Result}; use anyhow::{anyhow, bail, Result};
use docker_credential::{CredentialRetrievalError, DockerCredential}; use docker_credential::{CredentialRetrievalError, DockerCredential};
use fs2::FileExt; use fs2::FileExt;
use log::{debug, info, warn, LevelFilter}; use log::{debug, info, warn, LevelFilter};
@ -441,7 +441,7 @@ async fn get_verity_and_users(
if let Some(path) = layers_cache_file_path.as_ref() { if let Some(path) = layers_cache_file_path.as_ref() {
std::fs::remove_file(path)?; std::fs::remove_file(path)?;
} }
warn!("{error_message}"); bail!(error_message);
} }
Ok((verity_hash, passwd)) Ok((verity_hash, passwd))
} }

4
src/tools/genpolicy/src/registry_containerd.rs
View File

@ -10,7 +10,7 @@ use crate::registry::{
Container, DockerConfigLayer, ImageLayer, Container, DockerConfigLayer, ImageLayer,
}; };
use anyhow::{anyhow, Result}; use anyhow::{anyhow, bail, Result};
use containerd_client::{services::v1::GetImageRequest, with_namespace}; use containerd_client::{services::v1::GetImageRequest, with_namespace};
use docker_credential::{CredentialRetrievalError, DockerCredential}; use docker_credential::{CredentialRetrievalError, DockerCredential};
use k8s_cri::v1::{image_service_client::ImageServiceClient, AuthConfig}; use k8s_cri::v1::{image_service_client::ImageServiceClient, AuthConfig};
@ -354,7 +354,7 @@ async fn get_verity_and_users(
if let Some(path) = layers_cache_file_path.as_ref() { if let Some(path) = layers_cache_file_path.as_ref() {
std::fs::remove_file(path)?; std::fs::remove_file(path)?;
} }
warn!("{error_message}"); bail!(error_message);
} }
Ok((verity_hash, passwd)) Ok((verity_hash, passwd))
} }