From 312fb65b4c0bc70197ffb4233b947a9c0e685594 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Mon, 29 Nov 2021 15:26:21 +0100 Subject: [PATCH] Consolidate reading messages, and checking for support, into a helper MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Miloslav Trmač --- copy/copy.go | 43 ++++++++++--------------------------------- copy/sign.go | 27 +++++++++++++++++++++++++++ 2 files changed, 37 insertions(+), 33 deletions(-) diff --git a/copy/copy.go b/copy/copy.go index 0a41b5f014..8139debcae 100644 --- a/copy/copy.go +++ b/copy/copy.go @@ -395,23 +395,11 @@ func (c *copier) copyMultipleImages(ctx context.Context, policyContext *signatur } updatedList := originalList.Clone() - // Read and/or clear the set of signatures for this list. - var sigs [][]byte - if options.RemoveSignatures { - sigs = [][]byte{} - } else { - c.Printf("Getting image list signatures\n") - s, err := unparsedToplevel.Signatures(ctx) - if err != nil { - return nil, perrors.Wrap(err, "reading signatures") - } - sigs = s - } - if len(sigs) != 0 { - c.Printf("Checking if image list destination supports signatures\n") - if err := c.dest.SupportsSignatures(ctx); err != nil { - return nil, perrors.Wrapf(err, "Can not copy signatures to %s", transports.ImageName(c.dest.Reference())) - } + sigs, err := c.sourceSignatures(ctx, unparsedToplevel, options, + "Getting image list signatures", + "Checking if image list destination supports signatures") + if err != nil { + return nil, err } // If the destination is a digested reference, make a note of that, determine what digest value we're @@ -639,22 +627,11 @@ func (c *copier) copyOneImage(ctx context.Context, policyContext *signature.Poli return nil, "", "", err } - var sigs [][]byte - if options.RemoveSignatures { - sigs = [][]byte{} - } else { - c.Printf("Getting image source signatures\n") - s, err := src.Signatures(ctx) - if err != nil { - return nil, "", "", perrors.Wrap(err, "reading signatures") - } - sigs = s - } - if len(sigs) != 0 { - c.Printf("Checking if image destination supports signatures\n") - if err := c.dest.SupportsSignatures(ctx); err != nil { - return nil, "", "", perrors.Wrapf(err, "Can not copy signatures to %s", transports.ImageName(c.dest.Reference())) - } + sigs, err := c.sourceSignatures(ctx, src, options, + "Getting image source signatures", + "Checking if image destination supports signatures") + if err != nil { + return nil, "", "", err } // Determine if we're allowed to modify the manifest. diff --git a/copy/sign.go b/copy/sign.go index 08e0c6c761..93fd93ce23 100644 --- a/copy/sign.go +++ b/copy/sign.go @@ -1,14 +1,41 @@ package copy import ( + "context" "fmt" "github.com/containers/image/v5/docker/reference" "github.com/containers/image/v5/signature" "github.com/containers/image/v5/transports" + "github.com/containers/image/v5/types" perrors "github.com/pkg/errors" ) +// sourceSignatures returns signatures from unparsedSource based on options, +// and verifies that they can be used (to avoid copying a large image when we +// can tell in advance that it would ultimately fail) +func (c *copier) sourceSignatures(ctx context.Context, unparsed types.UnparsedImage, options *Options, + gettingSignaturesMessage, checkingDestMessage string) ([][]byte, error) { + var sigs [][]byte + if options.RemoveSignatures { + sigs = [][]byte{} + } else { + c.Printf("%s\n", gettingSignaturesMessage) + s, err := unparsed.Signatures(ctx) + if err != nil { + return nil, perrors.Wrap(err, "reading signatures") + } + sigs = s + } + if len(sigs) != 0 { + c.Printf("%s\n", checkingDestMessage) + if err := c.dest.SupportsSignatures(ctx); err != nil { + return nil, perrors.Wrapf(err, "Can not copy signatures to %s", transports.ImageName(c.dest.Reference())) + } + } + return sigs, nil +} + // createSignature creates a new signature of manifest using keyIdentity. func (c *copier) createSignature(manifest []byte, keyIdentity string, passphrase string, identity reference.Named) ([]byte, error) { mech, err := signature.NewGPGSigningMechanism()