Validate digest in repo for pull by digest #44327
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Ah, still need to revert 1f21c4d |
thaJeztah
force-pushed
the
ghsa-ambiguous-pull-by-digest_master
branch
from
ab18022
to
0697ba1
Compare
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
|
Looks only on Windows (ran it locally on Linux, and that worked). |
|
Ah, never mind; we don't build the registry on Windows (we don't run docker-in-docker, and it's not in the Dockerfile.windows). |
|
Interesting; it seems like in Jenkins we are running a registry; maybe it's installed on those machines; let me check that. #44326 (comment) |
Nevermind, I was looking at the wrong results; it's failing on rootless (not Windows), so no registry on Windows in 20.10 either |
This comment was marked as outdated.
This comment was marked as outdated.
|
doh! |
thaJeztah
force-pushed
the
ghsa-ambiguous-pull-by-digest_master
branch
3 times, most recently
from
dac6e1c
to
b83ebbf
Compare
This reverts commit 1f21c4d. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This is accomplished by storing the distribution source in the content labels. If the distribution source is not found then we check to the registry to see if the digest exists in the repo, if it does exist then the puller will use it. Signed-off-by: Brian Goff <cpuguy83@gmail.com> Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- On Windows, we don't build and run a local test registry (we're not running docker-in-docker), so we need to skip this test. - On rootless, networking doesn't support this (currently) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
thaJeztah
force-pushed
the
ghsa-ambiguous-pull-by-digest_master
branch
from
b83ebbf
to
4f43cb6
Compare
|
@cpuguy83 @tianon @tonistiigi ptal |
|
CI is happy; I'm bringing these in |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Upstreaming the patch for GHSA-vjgr-4595-fc6r to master.
This is a rebase and squash of https://github.com/moby/moby-ghsa-vjgr-4595-fc6r/pull/3
This is accomplished by storing the distribution source in the content labels. If the distribution source is not found then we check to the registry to see if the digest exists in the repo, if it does exist then the puller will use it.
- Description for the changelog
- A picture of a cute animal (not mandatory but encouraged)