- consumeAndLogOutputs
- assertSkopeoSucceeds
- assertSkopeoFails
- runCommandWithInput
All of these allow running commands as one-liners with no call-site
error handling, making tests much more readable.
Also modifies TestNoNeedAuthToPrivateRegistryV2ImageNotFound to use
check.Matches instead of manual strings.Contains conditions, which is
shorter and more consistent with the assertSkopeo... calls.
Primarily, make it actually work; reading into a non-zero-capacity but
zero-length slice would just return 0, the goroutine would terminate,
and even the producer of the output could fail with EPIPE/SIGPIPE.
Also make the logged output readable, converting it into a string
instead of a series of hexadecimal byte values.
This will be used also by non-signing tests.
No code changes besides removing the initial capital letter in the
function name; this is a separate commit only to make reviewing of
future changes to this function easier.
/skopeo.1 was a generated file before #35; now this path is not used
(replaced by man1/skopeo.1); if the generated file is left around, it is
obsolete (and confusingly empty). Remove it from .gitignore to nudge
developers like me to clean up.
This does not really go into why duplicate layers can happen or why it
is worth supporting that; the code originates from
504e67b867 ,
which does not explain either.
This will allow us to cleanly move genericImage into a separate package.
This costs an extra pointer, but also allows us to rely on the type
system and drop handling "certainly impossible" errors, worth it just
for this simplification anyway.
Add support to mark images for deletion from repository
Requires:
* V2 API and schema
* registry configured to allow deletes
* run registry garbage collection to free up disk space
Signed-off-by: Jhon Honce <jhonce@redhat.com>
Implement a client to the chunked API, instead of the nonexistent
one-shot API (per
2a4deee441
).
Adds a FIXME to DELETE the pending upload on failure; the uploads are
supposed to time out so this is not immediately critical.
Fixes#64 .
PolicyContext is intended to be the primary API for skopeo/signature:
supply a policy and an image, and ask specific, well-defined
(preferably yes/no) questions.
Using the canonical minimized format of Docker references introduces too
many ambiguities.
This also removes some validation of the scope string, but all that was
really doing was rejecting completely invalid input like uppercase.
Sadly it is not qutie obvious that we can detect and reject mistakes like
using "busybox" as a scope instead of the correct
"docker.io/library/busybox". Perhaps require at least one dot or port
number in the host name?
To support verification of signatures when more than one key, or more
than one identity, are accepted, have verifyAndExtract signature accept
callbacks (in a struct so that they are explicitly named).
verifyAndExtractSignature now also validates the manifest digest. It is
intended to become THE SINGLE PLACE where untrusted signature blobs
have signatures verified, are validated against other expectations, and
parsed, and converted into internal data structures available to other
code.
Also:
- Modifies VerifyDockerManifestSignature to use utils.ManifestMatchesDigest.
- Adds a test for Docker reference mismatch in VerifyDockerManifestSignature.
(The key was one-time-generated in a temporary directory,
and is, intentionally, not available.)
This is not conceptually related to the rest of the PR, just adding a
missing case to the test, except that the added fixture will be reused
in a prSignedBy test.
As opposed to callers just calling utils.ManifestDigest(), this is
a forward-compatible interface, allowing other digest algorithms to
be added in the future.
Right now, we only support SHA-256, so the underlying implementation
does not change anything.
