push: blob reader is never closed and can leak file descriptors

## Summary

In `pkg/backend/push.go`, blob content is opened with `src.PullBlob(...)` and then passed to `dst.Blobs().Push(...)` as `io.NopCloser(reader)`.

This prevents the original `io.ReadCloser` from being closed. After the upload starts reading, the underlying `distribution` file reader may keep its file descriptor open until process exit.

## Impact

Pushing many blobs can accumulate open file descriptors and may eventually hit the OS limit.

## Why this happens

- `PullBlob()` returns an `io.ReadCloser`
- `pb.Add(...)` wraps it for progress reporting
- `io.NopCloser(...)` replaces the real `Close()` with a no-op
- the original blob reader is never explicitly closed

## Suggested fix

Close the original `content` returned by `PullBlob()` in `pushIfNotExist()`, for example with:

```go
defer func() { _ = content.Close() }()

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

push: blob reader is never closed and can leak file descriptors #467

Summary

Impact

Why this happens

Suggested fix

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

push: blob reader is never closed and can leak file descriptors #467

Description

Summary

Impact

Why this happens

Suggested fix

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions