Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Don’t load the manifest in GetSignatures if the digest is known #320

Merged
merged 1 commit into from
Aug 2, 2017
Merged

Don’t load the manifest in GetSignatures if the digest is known #320

merged 1 commit into from
Aug 2, 2017

Conversation

mtrmac
Copy link
Collaborator

@mtrmac mtrmac commented Aug 1, 2017

If we are supplied a digested reference, use it instead of possibly fetching the manifest. This allows using signatures which are not protected even if the manifest is, in some situations.

To ensure consistent behavior, only do this if the reference uses the digest.Canonical algorithm, which has been used so far. This could be perhaps relaxed in the future.

Note that this does not promise that GetSignatures will never need authentication—e.g. for X-Registry-Supports-Signatures this already depends on the server, and for the sigstore lookaside authentication
support may be added in the future.

Cc: @mfojtik

@mtrmac
Don’t load the manifest in GetSignatures if the digest is known
c943127 
If we are supplied a digested reference, use it instead of possibly
fetching the manifest.  This allows using signatures which are not
protected even if the manifest is, in some situations; in ordinary
operation accessing the whole image, this does not make any difference
because we are fetching the manifest either way.

To ensure consistent behavior, only use the reference digest if it uses
the digest.Canonical algorithm, which has been used so far.  This could
be perhaps relaxed in the future.

Note that this does not promise that GetSignatures will never need
authentication—e.g. for X-Registry-Supports-Signatures this already
depends on the server, and for the sigstore lookaside authentication
support may be added in the future.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
@mtrmac mtrmac mentioned this pull request Aug 1, 2017
Closed
@mfojtik
Copy link
Contributor

mfojtik commented Aug 1, 2017

LGTM, thanks @mtrmac

This means that using digest as part of the image pull spec will pickup that digest without manifest retrieval, right?
Also to make sure, the manifest has to be provided in order to verify the signature still right?

@mtrmac
Copy link
Collaborator Author

mtrmac commented Aug 1, 2017

This means that using digest as part of the image pull spec will pickup that digest without manifest retrieval, right?

Yes, AFAICS.

Also to make sure, the manifest has to be provided in order to verify the signature still right?

Yes.

@mfojtik
Copy link
Contributor

mfojtik commented Aug 2, 2017

@runcom lgty? need this and context to complete the signature import for 3.6.1

@runcom
Copy link
Member

runcom commented Aug 2, 2017
edited
Loading

LGTM

Approved with PullApprove

@runcom
Copy link
Member

runcom commented Aug 2, 2017

@mtrmac feel free to LGTM yourself and merge

@mtrmac
Copy link
Collaborator Author

mtrmac commented Aug 2, 2017
edited by runcom
Loading

👍

Approved with PullApprove

@mtrmac mtrmac merged commit 7b32f85 into containers:master Aug 2, 2017
@mtrmac mtrmac deleted the GetSignatures-no-manifest branch August 2, 2017 13:22
@mtrmac mtrmac mentioned this pull request Aug 2, 2017
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mtrmac @mfojtik @runcom