Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[22.06 backport] Validate digest in repo for pull by digest #44328

Merged
merged 3 commits into from Oct 21, 2022
Merged

[22.06 backport] Validate digest in repo for pull by digest #44328

merged 3 commits into from Oct 21, 2022

Conversation

thaJeztah
Copy link
Member

@thaJeztah thaJeztah commented Oct 19, 2022
edited

Upstreaming the patch for GHSA-vjgr-4595-fc6r to master.

This is a rebase and squash of https://github.com/moby/moby-ghsa-vjgr-4595-fc6r/pull/3

This is accomplished by storing the distribution source in the content labels. If the distribution source is not found then we check to the registry to see if the digest exists in the repo, if it does exist then the puller will use it.

- Description for the changelog

- A picture of a cute animal (not mandatory but encouraged)

@thaJeztah thaJeztah added this to the 22.06.0 milestone Oct 19, 2022
@thaJeztah thaJeztah mentioned this pull request Oct 19, 2022
Closed
@thaJeztah thaJeztah force-pushed the 22.06_backport_ghsa-ambiguous-pull-by-digest branch 2 times, most recently from 0f6561b to 5c60d13 Compare October 20, 2022 20:58
thaJeztah and others added 3 commits October 21, 2022 01:50
@thaJeztah
Revert "testutil/registry: remove unused WithStdout(), WithStErr() opts"
b4c4be1 
This reverts commit 1f21c4d.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 92eca90)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
@cpuguy83 @thaJeztah
Validate digest in repo for pull by digest
727c4fd 
This is accomplished by storing the distribution source in the content
labels. If the distribution source is not found then we check to the
registry to see if the digest exists in the repo, if it does exist then
the puller will use it.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 27530ef)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
@thaJeztah
skip TestImagePullStoredfDigestForOtherRepo() on Windows and rootless
c0be73f 
- On Windows, we don't build and run a local  test registry (we're not running
  docker-in-docker), so we need to skip this test.
- On rootless, networking doesn't support this (currently)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 4f43cb6)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
@thaJeztah thaJeztah force-pushed the 22.06_backport_ghsa-ambiguous-pull-by-digest branch from 5c60d13 to c0be73f Compare October 20, 2022 23:50
@thaJeztah
Copy link
Member Author

LOL.. of course

ERROR: failed to solve: pulling from host registry-1.docker.io failed with status code [manifests bullseye]: 503 Service Unavailable
Error: buildx bake failed with: ERROR: failed to solve: pulling from host registry-1.docker.io failed with status code [manifests bullseye]: 503 Service Unavailable

@thaJeztah thaJeztah marked this pull request as ready for review October 21, 2022 02:11
@thaJeztah
Copy link
Member Author

CI is happy; I'm bringing these in 👍

@thaJeztah thaJeztah merged commit 5202b5c into moby:22.06 Oct 21, 2022
@thaJeztah thaJeztah deleted the 22.06_backport_ghsa-ambiguous-pull-by-digest branch October 21, 2022 12:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
status/2-code-review
Projects
None yet
Milestone
23.0.0
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@thaJeztah @cpuguy83