Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(digests): do not mandate sha256 as the only algorithm used for hashing blobs #2075

Merged
merged 1 commit into from
Jul 19, 2024

Conversation

andaaron
Copy link
Contributor

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@andaaron andaaron force-pushed the sha branch 2 times, most recently from c4c6abd to 74edc3c Compare November 23, 2023 14:47
Copy link

codecov bot commented Nov 23, 2023

Codecov Report

Attention: Patch coverage is 86.15385% with 18 lines in your changes missing coverage. Please review.

Project coverage is 92.72%. Comparing base (714d8c4) to head (5e49ab1).

Files Patch % Lines
pkg/storage/imagestore/imagestore.go 86.95% 4 Missing and 2 partials ⚠️
pkg/storage/gc/gc.go 20.00% 4 Missing ⚠️
pkg/test/image-utils/multiarch.go 77.77% 2 Missing and 2 partials ⚠️
pkg/storage/common/common.go 90.47% 2 Missing ⚠️
pkg/test/image-utils/images.go 92.00% 1 Missing and 1 partial ⚠️
Additional details and impacted files
@@            Coverage Diff             @@
##             main    #2075      +/-   ##
==========================================
+ Coverage   92.71%   92.72%   +0.01%     
==========================================
  Files         169      169              
  Lines       22415    22467      +52     
==========================================
+ Hits        20781    20832      +51     
+ Misses       1019     1018       -1     
- Partials      615      617       +2     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@andaaron andaaron force-pushed the sha branch 5 times, most recently from 9eed9c5 to 0aa09f8 Compare November 28, 2023 22:09
@andaaron andaaron marked this pull request as ready for review November 28, 2023 22:19
@andaaron andaaron self-assigned this Nov 28, 2023
@andaaron andaaron force-pushed the sha branch 2 times, most recently from 17a45e0 to b433e93 Compare November 29, 2023 15:20
@andaaron
Copy link
Contributor Author

See also opencontainers/distribution-spec#494

@andaaron andaaron force-pushed the sha branch 4 times, most recently from 2850123 to bb85774 Compare December 4, 2023 16:54
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@ktarplee
Copy link

  • @andaaron What else is needed on this PR? What you have looks good however I did not see the REST API changes. I expected there to be some changes necessary there.

@andaaron
Copy link
Contributor Author

  • @andaaron What else is needed on this PR? What you have looks good however I did not see the REST API changes. I expected there to be some changes necessary there.

We need the spec for specifying a non-canonical digest algorithm for the manifest in case of pushing by tag.
Once we have the spec we can implement that.

Otherwise this PR should be good for the blobs use case. But I don't know if there's any case in which the blobs use non-canonical digest algorithms while the manifest uses the canonical (sha256) digest algorithm.

@andaaron
Copy link
Contributor Author

andaaron commented Jul 9, 2024

@rchincha I propose we merge this as is, and the API changes in a separate PR after opencontainers/distribution-spec#543 is agreed upon.

If opencontainers/distribution-spec#543 stays the same the default behavior (the case in which the digest is not specified as a query parameter) does not change, so the code in this PR would stay the same.

@andaaron andaaron force-pushed the sha branch 2 times, most recently from 88ed344 to eeb7795 Compare July 16, 2024 07:25
@rchincha
Copy link
Contributor

rchincha commented Jul 18, 2024

Summarizing 6 Failures:
[FAIL] OCI Distribution Conformance Tests Pull Pull manifests [It] HEAD request to sha512 manifest (digest) should yield 200 response /data/hdd/rchincha/go/src/github.com/opencontainers/distribution-spec/conformance/01_pull_test.go:236 [FAIL] OCI Distribution Conformance Tests Pull Pull manifests [It] HEAD request to sha512 manifest (tag) should yield 200 response
/data/hdd/rchincha/go/src/github.com/opencontainers/distribution-spec/conformance/01_pull_test.go:264 [FAIL] OCI Distribution Conformance Tests Pull Pull manifests [It] GET request to sha512 manifest (digest) should yield 200 response /data/hdd/rchincha/go/src/github.com/opencontainers/distribution-spec/conformance/01_pull_test.go:301 [FAIL] OCI Distribution Conformance Tests Pull Teardown [It] Delete sha512 manifest created in setup /data/hdd/rchincha/go/src/github.com/opencontainers/distribution-spec/conformance/01_pull_test.go:383 [FAIL] OCI Distribution Conformance Tests Push Manifest Upload [It] GET request to sha512 manifest URL (digest) should yield 200 response /data/hdd/rchincha/go/src/github.com/opencontainers/distribution-spec/conformance/02_push_test.go:452 [FAIL] OCI Distribution Conformance Tests Push Teardown [It] Delete manifest created in tests /data/hdd/rchincha/go/src/github.com/opencontainers/distribution-spec/conformance/02_push_test.go:474

https://github.com/sudo-bmitch/distribution-spec/tree/pr-digest-on-tag-push
^ building against this

Copy link
Contributor

@rchincha rchincha left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@rchincha rchincha merged commit 26be383 into project-zot:main Jul 19, 2024
38 of 39 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants