Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Refactor to make it clearer that we return the validated TOC value #1887

Merged
merged 3 commits into from Apr 16, 2024
Merged

Refactor to make it clearer that we return the validated TOC value #1887

merged 3 commits into from Apr 16, 2024

Conversation

mtrmac
Copy link
Collaborator

@mtrmac mtrmac commented Apr 13, 2024

Primarily, this ensures that the value in ApplyDiff’s DriverWithDifferOutput.TOCDigest is really exactly the value we used to validate the digest, by only reading it once and passing it around.

That’s to simplify auditing and make the relationship clear, but it should not change behavior.

Incidentally, this also should fix #1886 — but I still think the binary footer code path should be removed entirely.

Cc: @giuseppe

@mtrmac
Only obtain the estargz TOC digest once
3beea1e 
Make it structually clear that the code is all using the same value,
making it less likely for the verifier and other uses to get out of sync.

Also avoids some redundant parsing and error paths.

Should not change behavior.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
@mtrmac
Copy link
Collaborator Author

mtrmac commented Apr 13, 2024

(Completely untested, to be transparent.)

@mtrmac
Only obtain the zstd:chunked TOC digest once
1f47b38 
Make it structually clear that the code is all using the same value,
making it less likely for the verifier and other uses to get out of sync.

Also avoids some redundant parsing and error paths.
The conversion path looks longer, but that's just moving the parsing
from the called function (which is redundant for other callers).

Should not change behavior.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
@mtrmac
Remove ChecksumAnntation from ZstdChunkedFooterData
053ac61 
Manage the value directly to simplify.

This happens to fix the ReadFooterDataFromBlob code path,
which was not setting ChecksumAnntation at all.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
@mtrmac mtrmac mentioned this pull request Apr 13, 2024
Closed
giuseppe
giuseppe approved these changes Apr 15, 2024
View reviewed changes
Copy link
Member

@giuseppe giuseppe left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've tested it with some existing images and it works well.

LGTM

@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented Apr 15, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: giuseppe, mtrmac

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@rhatdan
Copy link
Member

rhatdan commented Apr 16, 2024

LGTM

@rhatdan
Copy link
Member

rhatdan commented Apr 16, 2024

/lgtm

@openshift-ci openshift-ci bot added the lgtm label Apr 16, 2024
@openshift-merge-bot openshift-merge-bot bot merged commit 0c648bf into containers:main Apr 16, 2024
18 checks passed
@mtrmac mtrmac deleted the toc-clarity branch April 16, 2024 12:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@giuseppe giuseppe giuseppe approved these changes

Assignees

@rhatdan rhatdan

Labels
approved lgtm
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

zstd:chunked binary footer format is broken
3 participants
@mtrmac @rhatdan @giuseppe