diff --git a/image/config.go b/image/config.go index 67001ce40..14e41e233 100644 --- a/image/config.go +++ b/image/config.go @@ -26,28 +26,12 @@ import ( "strings" "github.com/opencontainers/image-spec/schema" + "github.com/opencontainers/image-spec/specs-go/v1" "github.com/opencontainers/runtime-spec/specs-go" "github.com/pkg/errors" ) -type cfg struct { - User string - Memory int64 - MemorySwap int64 - CPUShares int64 `json:"CpuShares"` - ExposedPorts map[string]struct{} - Env []string - Entrypoint []string - Cmd []string - Volumes map[string]struct{} - WorkingDir string -} - -type config struct { - Architecture string `json:"architecture"` - OS string `json:"os"` - Config cfg `json:"config"` -} +type config v1.Image func findConfig(w walker, d *descriptor) (*config, error) { var c config diff --git a/image/descriptor.go b/image/descriptor.go index 106ab7fd9..d00b1bbe5 100644 --- a/image/descriptor.go +++ b/image/descriptor.go @@ -73,7 +73,17 @@ func findDescriptor(w walker, name string) (*descriptor, error) { } } -func (d *descriptor) validate(w walker) error { +func (d *descriptor) validate(w walker, mts []string) error { + var found bool + for _, mt := range mts { + if d.MediaType == mt { + found = true + break + } + } + if !found { + return fmt.Errorf("invalid descriptor MediaType %q", d.MediaType) + } switch err := w.walk(func(path string, info os.FileInfo, r io.Reader) error { if info.IsDir() { return nil diff --git a/image/image.go b/image/image.go index c2b1df17d..85d4c7ff6 100644 --- a/image/image.go +++ b/image/image.go @@ -20,6 +20,7 @@ import ( "os" "path/filepath" + "github.com/opencontainers/image-spec/specs-go/v1" "github.com/pkg/errors" ) @@ -43,6 +44,11 @@ func Validate(tarFile string, refs []string, out *log.Logger) error { return validate(newTarWalker(f), refs, out) } +var validRefMediaTypes = []string{ + v1.MediaTypeImageManifest, + v1.MediaTypeImageManifestList, +} + func validate(w walker, refs []string, out *log.Logger) error { for _, r := range refs { ref, err := findDescriptor(w, r) @@ -50,7 +56,7 @@ func validate(w walker, refs []string, out *log.Logger) error { return err } - if err = ref.validate(w); err != nil { + if err = ref.validate(w, validRefMediaTypes); err != nil { return err } @@ -97,7 +103,7 @@ func unpack(w walker, dest, refName string) error { return err } - if err = ref.validate(w); err != nil { + if err = ref.validate(w, validRefMediaTypes); err != nil { return err } @@ -139,7 +145,7 @@ func createRuntimeBundle(w walker, dest, refName, rootfs string) error { return err } - if err = ref.validate(w); err != nil { + if err = ref.validate(w, validRefMediaTypes); err != nil { return err } diff --git a/image/manifest.go b/image/manifest.go index 8bac949c8..ac1497ca1 100644 --- a/image/manifest.go +++ b/image/manifest.go @@ -28,6 +28,7 @@ import ( "time" "github.com/opencontainers/image-spec/schema" + "github.com/opencontainers/image-spec/specs-go/v1" "github.com/pkg/errors" ) @@ -74,12 +75,12 @@ func findManifest(w walker, d *descriptor) (*manifest, error) { } func (m *manifest) validate(w walker) error { - if err := m.Config.validate(w); err != nil { + if err := m.Config.validate(w, []string{v1.MediaTypeImageConfig}); err != nil { return errors.Wrap(err, "config validation failed") } for _, d := range m.Layers { - if err := d.validate(w); err != nil { + if err := d.validate(w, []string{v1.MediaTypeImageLayer}); err != nil { return errors.Wrap(err, "layer validation failed") } } diff --git a/schema/schema.go b/schema/schema.go index a8bd59211..1ca6312c4 100644 --- a/schema/schema.go +++ b/schema/schema.go @@ -14,15 +14,19 @@ package schema -import "net/http" +import ( + "net/http" + + "github.com/opencontainers/image-spec/specs-go/v1" +) // Media types for the OCI image formats const ( - MediaTypeDescriptor Validator = `application/vnd.oci.descriptor.v1+json` - MediaTypeManifest Validator = `application/vnd.oci.image.manifest.v1+json` - MediaTypeManifestList Validator = `application/vnd.oci.image.manifest.list.v1+json` - MediaTypeImageConfig Validator = `application/vnd.oci.image.config.v1+json` - MediaTypeImageLayer unimplemented = `application/vnd.oci.image.layer.tar+gzip` + MediaTypeDescriptor Validator = v1.MediaTypeDescriptor + MediaTypeManifest Validator = v1.MediaTypeImageManifest + MediaTypeManifestList Validator = v1.MediaTypeImageManifestList + MediaTypeImageConfig Validator = v1.MediaTypeImageConfig + MediaTypeImageLayer unimplemented = v1.MediaTypeImageLayer ) var ( diff --git a/specs-go/v1/config.go b/specs-go/v1/config.go index 1a6770748..ccf3af9f3 100644 --- a/specs-go/v1/config.go +++ b/specs-go/v1/config.go @@ -35,7 +35,7 @@ type ImageConfig struct { Env []string `json:"Env"` // Entrypoint defines a list of arguments to use as the command to execute when the container starts. - EntryPoint []string `json:"EntryPoint"` + Entrypoint []string `json:"Entrypoint"` // Cmd defines the default arguments to the entrypoint of the container. Cmd []string `json:"Cmd"` diff --git a/specs-go/v1/mediatype.go b/specs-go/v1/mediatype.go index 80971d0ea..1cd5450cc 100644 --- a/specs-go/v1/mediatype.go +++ b/specs-go/v1/mediatype.go @@ -24,9 +24,9 @@ const ( // MediaTypeImageManifestList specifies the mediaType for an image manifest list. MediaTypeImageManifestList = "application/vnd.oci.image.manifest.list.v1+json" - // MediaTypeImageSerialization is the mediaType used for layers referenced by the manifest. - MediaTypeImageSerialization = "application/vnd.oci.image.layer.tar+gzip" + // MediaTypeImageLayer is the mediaType used for layers referenced by the manifest. + MediaTypeImageLayer = "application/vnd.oci.image.layer.tar+gzip" - // MediaTypeImageSerializationConfig specifies the mediaType for the image configuration. - MediaTypeImageSerializationConfig = "application/vnd.oci.image.config.v1+json" + // MediaTypeImageConfig specifies the mediaType for the image configuration. + MediaTypeImageConfig = "application/vnd.oci.image.config.v1+json" )