forked from openshift/origin
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathcontainer_image_downloader.go
70 lines (59 loc) · 2.01 KB
/
container_image_downloader.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
package signature
import (
"context"
"crypto/sha256"
"fmt"
"time"
"github.com/containers/image/docker"
"github.com/golang/glog"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
imagev1 "github.com/openshift/api/image/v1"
imageapi "github.com/openshift/origin/pkg/image/apis/image"
)
type containerImageSignatureDownloader struct {
ctx context.Context
timeout time.Duration
}
func NewContainerImageSignatureDownloader(ctx context.Context, timeout time.Duration) SignatureDownloader {
return &containerImageSignatureDownloader{
ctx: ctx,
timeout: timeout,
}
}
type GetSignaturesError struct {
error
}
func (s *containerImageSignatureDownloader) DownloadImageSignatures(image *imagev1.Image) ([]imagev1.ImageSignature, error) {
reference, err := docker.ParseReference("//" + image.DockerImageReference)
if err != nil {
return nil, err
}
source, err := reference.NewImageSource(nil, nil)
if err != nil {
// In case we fail to talk to registry to get the image metadata (private
// registry, internal registry, etc...), do not fail with error to avoid
// spamming logs.
glog.V(4).Infof("Failed to get %q: %v", image.DockerImageReference, err)
return []imagev1.ImageSignature{}, nil
}
defer source.Close()
ctx, cancel := context.WithTimeout(s.ctx, s.timeout)
defer cancel()
signatures, err := source.GetSignatures(ctx)
if err != nil {
glog.V(4).Infof("Failed to get signatures for %v due to: %v", source.Reference(), err)
return []imagev1.ImageSignature{}, GetSignaturesError{err}
}
ret := []imagev1.ImageSignature{}
for _, blob := range signatures {
sig := imagev1.ImageSignature{Type: imageapi.ImageSignatureTypeAtomicImageV1}
// This will use the name of the image (sha256:xxxx) and the SHA256 of the
// signature itself as the signature name has to be unique for each
// signature.
sig.Name = imageapi.JoinImageStreamImage(image.Name, fmt.Sprintf("%x", sha256.Sum256(blob)))
sig.Content = blob
sig.CreationTimestamp = metav1.Now()
ret = append(ret, sig)
}
return ret, nil
}