-
Notifications
You must be signed in to change notification settings - Fork 374
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix skopeo copy can't decrypt to docker-daemon image #1604
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -143,13 +143,26 @@ func (m *manifestOCI1) UpdatedImageNeedsLayerDiffIDs(options types.ManifestUpdat | |
// if the combination of CompressionOperation and CompressionAlgorithm specified | ||
// in one or more options.LayerInfos items indicates that a layer is compressed using | ||
// an algorithm that is not allowed in OCI. | ||
func (m *manifestOCI1) UpdatedImage(ctx context.Context, options types.ManifestUpdateOptions) (types.Image, error) { | ||
func (m *manifestOCI1) UpdatedImage(ctx context.Context, options types.ManifestUpdateOptions) (image types.Image, retErr error) { | ||
copy := manifestOCI1{ // NOTE: This is not a deep copy, it still shares slices etc. | ||
src: m.src, | ||
configBlob: m.configBlob, | ||
m: manifest.OCI1Clone(m.m), | ||
} | ||
|
||
manifestTmp := m | ||
defer func() { | ||
if retErr != nil { | ||
m = manifestTmp | ||
} | ||
}() | ||
Comment on lines
+153
to
+158
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I don’t understand at all what this is intended to do. |
||
|
||
// No conversion required, update manifest | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This comment is not correct an this place. |
||
if options.LayerInfos != nil { | ||
if err := copy.m.UpdateLayerInfos(options.LayerInfos); err != nil { | ||
return nil, err | ||
} | ||
} | ||
converted, err := convertManifestIfRequiredWithUpdate(ctx, options, map[string]manifestConvertFn{ | ||
manifest.DockerV2Schema2MediaType: copy.convertToManifestSchema2Generic, | ||
manifest.DockerV2Schema1MediaType: copy.convertToManifestSchema1, | ||
|
@@ -162,13 +175,6 @@ func (m *manifestOCI1) UpdatedImage(ctx context.Context, options types.ManifestU | |
if converted != nil { | ||
return converted, nil | ||
} | ||
|
||
// No conversion required, update manifest | ||
if options.LayerInfos != nil { | ||
if err := copy.m.UpdateLayerInfos(options.LayerInfos); err != nil { | ||
return nil, err | ||
} | ||
} | ||
// Ignore options.EmbeddedDockerReference: it may be set when converting from schema1, but we really don't care. | ||
|
||
return memoryImageFromManifest(©), nil | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As mentioned previously, this would break one-step ”convert to OCI and encrypt”.
We need to split that, and do the decryption MIME type changes before format conversions, and encryption MIME type changes after format conversions.