[release-5.26] Backport #2547
Merged
[release-5.26] Backport #2547
Commits on Aug 30, 2024
-
Fix TestOCI1IndexChooseInstanceByCompression on non-amd64
Setting SystemContext.ArchitectureChoice to "" does not mean "match any/the first platform"; it's the default behavior of SystemContext, and it means "choose for the current runtime architecture". (Originally discussed in containers#1789 (comment) ) I.e. on amd64 these two test cases are redundant with the first two instances above, and on other architectures (notably ARM) they cause failures. So just drop them. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
-
Use a reasonably unique context key type
This makes the test a tiny bit more realistic, and avoids a linter warning. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
-
Validate digests before using them
If doing it makes sense at all, it should happen before the values are used. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
-
Call .Validate() before digest.Hex() / digest.Encoded()
... to prevent panics if the value does not contain a :, or other unexpected values (e.g. a path traversal). Don't bother on paths where we computed the digest ourselves, or it is already trusted for other reasons. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
-
Refactor the error handling path of saveStream
Use defer() to remove the temporary file, instead of duplicating the call. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
-
Refactor the error handling further
Use defer, a nested function, and early returns. Besides being a bit more directly related to what we want to achieve, this now does not call decompressed.Close() on a nil value if DecompressStream fails. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
-
Call .Validate() before digest.Digest.String() if necessary
... to prevent unexpected behavior on invalid values. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
-
Validate the tags returned by a registry
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
-
Don't abort listing tags when we encounter a digest
Per containers/skopeo#2346, that happens in the wild. Signed-off-by: Miloslav Trmač <mitr@redhat.com> Signed-off-by: tomsweeneyredhat <tsweeney@redhat.com>
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.