From f4ece018b468e97e693d94628d3aa82acbcb6dc4 Mon Sep 17 00:00:00 2001 From: Matej Vasek Date: Wed, 10 Feb 2021 00:47:01 +0100 Subject: Docker APIv2 push sends digest in response body Signed-off-by: Matej Vasek --- pkg/api/handlers/compat/images_push.go | 41 ++++++++++++++++++++++++++++------ test/apiv2/12-imagesMore.at | 18 +++++++++++++++ 2 files changed, 52 insertions(+), 7 deletions(-) diff --git a/pkg/api/handlers/compat/images_push.go b/pkg/api/handlers/compat/images_push.go index 34b53f34e..77d891546 100644 --- a/pkg/api/handlers/compat/images_push.go +++ b/pkg/api/handlers/compat/images_push.go @@ -1,6 +1,8 @@ package compat import ( + "fmt" + "io/ioutil" "net/http" "strings" @@ -19,6 +21,14 @@ import ( func PushImage(w http.ResponseWriter, r *http.Request) { decoder := r.Context().Value("decoder").(*schema.Decoder) runtime := r.Context().Value("runtime").(*libpod.Runtime) + + digestFile, err := ioutil.TempFile("", "digest.txt") + if err != nil { + utils.Error(w, "unable to create digest tempfile", http.StatusInternalServerError, errors.Wrap(err, "unable to create tempfile")) + return + } + defer digestFile.Close() + // Now use the ABI implementation to prevent us from having duplicate // code. imageEngine := abi.ImageEngine{Libpod: runtime} @@ -65,12 +75,13 @@ func PushImage(w http.ResponseWriter, r *http.Request) { password = authconf.Password } options := entities.ImagePushOptions{ - All: query.All, - Authfile: authfile, - Compress: query.Compress, - Format: query.Format, - Password: password, - Username: username, + All: query.All, + Authfile: authfile, + Compress: query.Compress, + Format: query.Format, + Password: password, + Username: username, + DigestFile: digestFile.Name(), } if _, found := r.URL.Query()["tlsVerify"]; found { options.SkipTLSVerify = types.NewOptionalBool(!query.TLSVerify) @@ -93,5 +104,21 @@ func PushImage(w http.ResponseWriter, r *http.Request) { return } - utils.WriteResponse(w, http.StatusOK, "") + digestBytes, err := ioutil.ReadAll(digestFile) + if err != nil { + utils.Error(w, "Something went wrong.", http.StatusInternalServerError, errors.Wrap(err, "failed to read digest tmp file")) + return + } + + tag := query.Tag + if tag == "" { + tag = "latest" + } + respData := struct { + Status string `json:"status"` + }{ + Status: fmt.Sprintf("%s: digest: %s size: null", tag, string(digestBytes)), + } + + utils.WriteJSON(w, http.StatusOK, &respData) } diff --git a/test/apiv2/12-imagesMore.at b/test/apiv2/12-imagesMore.at index fe6a271ce..4f3ddf925 100644 --- a/test/apiv2/12-imagesMore.at +++ b/test/apiv2/12-imagesMore.at @@ -3,6 +3,9 @@ # Tests for more image-related endpoints # +red='\e[31m' +nc='\e[0m' + podman pull -q $IMAGE t GET libpod/images/json 200 \ @@ -26,6 +29,17 @@ t GET libpod/images/$IMAGE/json 200 \ podman run -d --name registry -p 5000:5000 quay.io/libpod/registry:2.6 /entrypoint.sh /etc/docker/registry/config.yml wait_for_port localhost 5000 +# Push to local registry and check output +while read -r LINE +do + if echo "${LINE}" | jq --exit-status 'select( .status != null) | select ( .status | contains("digest: sha256:"))' &>/dev/null; then + GOT_DIGEST="1" + fi +done < <(curl -sL "http://$HOST:$PORT/images/localhost:5000/myrepo/push?tlsVerify=false&tag=mytag" -XPOST) +if [ -z "${GOT_DIGEST}" ] ; then + echo -e "${red}not ok: did not found digest in output${nc}" 1>&2; +fi + # Push to local registry t POST "images/localhost:5000/myrepo/push?tlsVerify=false&tag=mytag" '' 200 @@ -43,3 +57,7 @@ t DELETE libpod/images/$IMAGE 200 \ .ExitCode=0 t DELETE libpod/images/quay.io/libpod/registry:2.6 200 \ .ExitCode=0 + +if [ -z "${GOT_DIGEST}" ] ; then + exit 1; +fi -- cgit v1.2.3-54-g00ecf