Merge pull request #1156 from RichardScothern/manifest-verification

Manifest Verification
This commit is contained in:
Richard Scothern 2015-11-04 14:09:12 -08:00
commit 057284b593
3 changed files with 34 additions and 1 deletions

View File

@ -804,6 +804,14 @@ func testManifestAPI(t *testing.T, env *testEnv, args manifestArgs) (*testEnv, m
BlobSum: "qwer",
},
},
History: []schema1.History{
{
V1Compatibility: "",
},
{
V1Compatibility: "",
},
},
}
resp = putManifest(t, "putting unsigned manifest", manifestURL, unsignedManifest)
@ -999,6 +1007,19 @@ func testManifestAPI(t *testing.T, env *testEnv, args manifestArgs) (*testEnv, m
t.Fatalf("tag not as expected: %q != %q", tagsResponse.Tags[0], tag)
}
// Attempt to put a manifest with mismatching FSLayer and History array cardinalities
unsignedManifest.History = append(unsignedManifest.History, schema1.History{
V1Compatibility: "",
})
invalidSigned, err := schema1.Sign(unsignedManifest, env.pk)
if err != nil {
t.Fatalf("error signing manifest")
}
resp = putManifest(t, "putting invalid signed manifest", manifestDigestURL, invalidSigned)
checkResponse(t, "putting invalid signed manifest", resp, http.StatusBadRequest)
return env, args
}
@ -1432,8 +1453,10 @@ func createRepository(env *testEnv, t *testing.T, imageName string, tag string)
{
BlobSum: "asdf",
},
},
History: []schema1.History{
{
BlobSum: "qwer",
V1Compatibility: "",
},
},
}
@ -1499,6 +1522,7 @@ func TestRegistryAsCacheMutationAPIs(t *testing.T) {
Name: imageName,
Tag: tag,
FSLayers: []schema1.FSLayer{},
History: []schema1.History{},
}
sm, err := schema1.Sign(m, env.pk)

View File

@ -110,6 +110,11 @@ func (ms *manifestStore) verifyManifest(ctx context.Context, mnfst *schema1.Sign
errs = append(errs, fmt.Errorf("repository name does not match manifest name"))
}
if len(mnfst.History) != len(mnfst.FSLayers) {
errs = append(errs, fmt.Errorf("mismatched history and fslayer cardinality %d != %d",
len(mnfst.History), len(mnfst.FSLayers)))
}
if _, err := schema1.Verify(mnfst); err != nil {
switch err {
case libtrust.ErrMissingSignatureKey, libtrust.ErrInvalidJSONContent, libtrust.ErrMissingSignatureKey:

View File

@ -98,6 +98,10 @@ func TestManifestStorage(t *testing.T) {
m.FSLayers = append(m.FSLayers, schema1.FSLayer{
BlobSum: dgst,
})
m.History = append(m.History, schema1.History{
V1Compatibility: "",
})
}
pk, err := libtrust.GenerateECP256PrivateKey()