-
Notifications
You must be signed in to change notification settings - Fork 57
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
RFC DO NOT MERGE: Store signatures in c/i/docker/daemon/extra #262
base: docker-1.12.6
Are you sure you want to change the base?
Conversation
Do not merge before containers/image#288 ! Note that this rebases containers/image fairly significantly, including some of the deps. Also I guess equivalent changes will need to happen in other branches as well. @runcom PTAL. |
RHEL system level integration testing for 6a760a64e46a1a4937ba92684cbb16b823b66e26- PASS Fedora system level integration testing for 6a760a64e46a1a4937ba92684cbb16b823b66e26- PASS |
6a760a6
to
357118e
Compare
RHEL system level integration testing for 357118e132dc7a8a3c30ea12215536c7449507e6- PASS Fedora system level integration testing for 357118e132dc7a8a3c30ea12215536c7449507e6- PASS |
357118e
to
419a747
Compare
RHEL system level integration testing for 419a747d71eec5c55bd5efa482e907a4ec950290- FAIL Fedora system level integration testing for 419a747d71eec5c55bd5efa482e907a4ec950290- FAIL |
419a747
to
f45b786
Compare
0641df3
to
0716787
Compare
0716787
to
dc39ceb
Compare
e640974
to
bfba127
Compare
bfba127
to
3022a47
Compare
Update dependencies to allow it to build. Also drop k8s and dependencies now that we do not import all containers/image transports. WARNING: This DOES NOT BUILD because it references sirupsen/logrus, not Sirupsen/logrus.
s/sirupsen/Sirupsen/g
Whether or not we are verifying signatures, download them and store them in docker/daemon/signatures. Note that this means that containers/image/docker is now involved on _every_ pull; failures of the c/i/docker client, or inability to download (possibly incorrectly configured but unused) signatures are now fatal. Alternatively, we could make the storing of signatures to c/i/d/d/s silently fail in such cases. WARNING: This DOES NOT BUILD because it references sirupsen/logrus, not Sirupsen/logrus.
s/sirupsen/Sirupsen/g
i.e. defer parsing of the manifest to obtain the config digest only after the signatures have been verified.
3022a47
to
3ae0ae5
Compare
Store signatures in
c/i/docker/daemon/extra
(containers/image#288).Whether or not we are verifying signatures, download them and store them in
docker/daemon/extra
.Note that this means that
containers/image/docker
is now involved on every pull; failures of thec/i/docker
client, or inability to download (possibly incorrectly configured but unused) signatures are now fatal.Alternatively, we could make the storing of signatures to extra silently fail in such cases.
This does not add any user of the signatures, though containers/image#288 shows how the signatures stored by this PR can be used to cryptographically authenticate the expected layer DiffID`s (a prerequisite for verifying extracted layers). See also containers/image#301 for a necessary policy scoping enhancement.
Affects only V2 pulls, and the information is stored only for schema2 images: for schema1 images the daemon itself is creating a new
config.json
in code, and thatconfig.json
cannot be directly authenticated. (We could do another schema1→schema2 conversion and then compare the results, but that’s tricky; let’s start by hoping that schema1 will die out quickly enough, and we can revisit this if necessary later).