Skip to content

Commit 21e4e35

Browse files
lsm5lsm5
committed
image/storage: allow building container images with --digest
Allow the user to specify non-Canonical digest algorithm via `supporteddigests.TmpDigestForNewObjects()` instead of hardcoded `digest.Canonical` references. Without --digest or with --digest=sha256, behavior remains unchanged (SHA256 is the default). Tested with a scratch built image. Signed-off-by: Lokesh Mandvekar <lsm5@redhat.com>
1 parent d346c06 commit 21e4e35

File tree

1 file changed

+9
-8
lines changed

1 file changed

+9
-8
lines changed

image/storage/storage_dest.go

Lines changed: 9 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -37,6 +37,7 @@ import (
3737
"go.podman.io/storage/pkg/chunked"
3838
"go.podman.io/storage/pkg/chunked/toc"
3939
"go.podman.io/storage/pkg/ioutils"
40+
supporteddigests "go.podman.io/storage/pkg/supported-digests"
4041
)
4142

4243
var (
@@ -288,7 +289,7 @@ func (s *storageImageDestination) putBlobToPendingFile(stream io.Reader, blobinf
288289
}
289290
defer decompressed.Close()
290291

291-
diffID := digest.Canonical.Digester()
292+
diffID := supporteddigests.TmpDigestForNewObjects().Digester()
292293
// Copy the data to the file.
293294
// TODO: This can take quite some time, and should ideally be cancellable using context.Context.
294295
_, err = io.Copy(diffID.Hash(), decompressed)
@@ -856,7 +857,7 @@ func (s *storageImageDestination) computeID(m manifest.Manifest) (string, error)
856857
}
857858
// ordinaryImageID is a digest of a config, which is a JSON value.
858859
// To avoid the risk of collisions, start the input with @ so that the input is not a valid JSON.
859-
tocImageID := digest.FromString("@With TOC:" + tocIDInput).Encoded()
860+
tocImageID := supporteddigests.TmpDigestForNewObjects().FromString("@With TOC:" + tocIDInput).Encoded()
860861
logrus.Debugf("Ordinary storage image ID %s; a layer was looked up by TOC, so using image ID %s", ordinaryImageID, tocImageID)
861862
return tocImageID, nil
862863
}
@@ -1070,7 +1071,7 @@ func layerID(parentID string, trusted trustedLayerIdentityData) string {
10701071
if parentID == "" && !mustHash {
10711072
return component
10721073
}
1073-
return digest.Canonical.FromString(parentID + "+" + component).Encoded()
1074+
return supporteddigests.TmpDigestForNewObjects().FromString(parentID + "+" + component).Encoded()
10741075
}
10751076

10761077
// createNewLayer creates a new layer newLayerID for (index, trusted) on top of parentLayer (which may be "").
@@ -1488,13 +1489,13 @@ func (s *storageImageDestination) CommitWithOptions(ctx context.Context, options
14881489
imgOptions.BigData = append(imgOptions.BigData, storage.ImageBigDataOption{
14891490
Key: s.lockProtected.configDigest.String(),
14901491
Data: v,
1491-
Digest: digest.Canonical.FromBytes(v),
1492+
Digest: supporteddigests.TmpDigestForNewObjects().FromBytes(v),
14921493
})
14931494
}
14941495
// Set up to save the options.UnparsedToplevel's manifest if it differs from
14951496
// the per-platform one, which is saved below.
14961497
if !bytes.Equal(toplevelManifest, s.manifest) {
1497-
manifestDigest, err := manifest.Digest(toplevelManifest)
1498+
manifestDigest, err := manifest.DigestWithAlgorithm(toplevelManifest, supporteddigests.TmpDigestForNewObjects())
14981499
if err != nil {
14991500
return fmt.Errorf("digesting top-level manifest: %w", err)
15001501
}
@@ -1530,7 +1531,7 @@ func (s *storageImageDestination) CommitWithOptions(ctx context.Context, options
15301531
imgOptions.BigData = append(imgOptions.BigData, storage.ImageBigDataOption{
15311532
Key: "signatures",
15321533
Data: s.signatures,
1533-
Digest: digest.Canonical.FromBytes(s.signatures),
1534+
Digest: supporteddigests.TmpDigestForNewObjects().FromBytes(s.signatures),
15341535
})
15351536
}
15361537
for instanceDigest, signatures := range s.signatureses {
@@ -1541,7 +1542,7 @@ func (s *storageImageDestination) CommitWithOptions(ctx context.Context, options
15411542
imgOptions.BigData = append(imgOptions.BigData, storage.ImageBigDataOption{
15421543
Key: key,
15431544
Data: signatures,
1544-
Digest: digest.Canonical.FromBytes(signatures),
1545+
Digest: supporteddigests.TmpDigestForNewObjects().FromBytes(signatures),
15451546
})
15461547
}
15471548

@@ -1643,7 +1644,7 @@ func (s *storageImageDestination) CommitWithOptions(ctx context.Context, options
16431644

16441645
// PutManifest writes the manifest to the destination.
16451646
func (s *storageImageDestination) PutManifest(ctx context.Context, manifestBlob []byte, instanceDigest *digest.Digest) error {
1646-
digest, err := manifest.Digest(manifestBlob)
1647+
digest, err := manifest.DigestWithAlgorithm(manifestBlob, supporteddigests.TmpDigestForNewObjects())
16471648
if err != nil {
16481649
return err
16491650
}

0 commit comments

Comments
 (0)