RFC DO NOT MERGE: Store signatures in c/i/docker/daemon/extra #262
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Do not merge before containers/image#288 ! Note that this rebases containers/image fairly significantly, including some of the deps. Also I guess equivalent changes will need to happen in other branches as well. @runcom PTAL. |
|
RHEL system level integration testing for 6a760a64e46a1a4937ba92684cbb16b823b66e26- PASS Fedora system level integration testing for 6a760a64e46a1a4937ba92684cbb16b823b66e26- PASS |
mtrmac
force-pushed
the
signature-storage
branch
from
6a760a6
to
357118e
Compare
|
RHEL system level integration testing for 357118e132dc7a8a3c30ea12215536c7449507e6- PASS Fedora system level integration testing for 357118e132dc7a8a3c30ea12215536c7449507e6- PASS |
mtrmac
force-pushed
the
signature-storage
branch
from
357118e
to
419a747
Compare
|
RHEL system level integration testing for 419a747d71eec5c55bd5efa482e907a4ec950290- FAIL Fedora system level integration testing for 419a747d71eec5c55bd5efa482e907a4ec950290- FAIL |
mtrmac
force-pushed
the
signature-storage
branch
from
419a747
to
f45b786
Compare
mtrmac
force-pushed
the
signature-storage
branch
2 times, most recently
from
0641df3
to
0716787
Compare
mtrmac
force-pushed
the
signature-storage
branch
from
0716787
to
dc39ceb
Compare
mtrmac
force-pushed
the
signature-storage
branch
5 times, most recently
from
e640974
to
bfba127
Compare
mtrmac
force-pushed
the
signature-storage
branch
from
bfba127
to
3022a47
Compare
Update dependencies to allow it to build. Also drop k8s and dependencies now that we do not import all containers/image transports. WARNING: This DOES NOT BUILD because it references sirupsen/logrus, not Sirupsen/logrus.
s/sirupsen/Sirupsen/g
Whether or not we are verifying signatures, download them and store them in docker/daemon/signatures. Note that this means that containers/image/docker is now involved on _every_ pull; failures of the c/i/docker client, or inability to download (possibly incorrectly configured but unused) signatures are now fatal. Alternatively, we could make the storing of signatures to c/i/d/d/s silently fail in such cases. WARNING: This DOES NOT BUILD because it references sirupsen/logrus, not Sirupsen/logrus.
s/sirupsen/Sirupsen/g
i.e. defer parsing of the manifest to obtain the config digest only after the signatures have been verified.
mtrmac
force-pushed
the
signature-storage
branch
from
3022a47
to
3ae0ae5
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Store signatures in
c/i/docker/daemon/extra(containers/image#288).Whether or not we are verifying signatures, download them and store them in
docker/daemon/extra.Note that this means that
containers/image/dockeris now involved on every pull; failures of thec/i/dockerclient, or inability to download (possibly incorrectly configured but unused) signatures are now fatal.Alternatively, we could make the storing of signatures to extra silently fail in such cases.
This does not add any user of the signatures, though containers/image#288 shows how the signatures stored by this PR can be used to cryptographically authenticate the expected layer DiffID`s (a prerequisite for verifying extracted layers). See also containers/image#301 for a necessary policy scoping enhancement.
Affects only V2 pulls, and the information is stored only for schema2 images: for schema1 images the daemon itself is creating a new
config.jsonin code, and thatconfig.jsoncannot be directly authenticated. (We could do another schema1→schema2 conversion and then compare the results, but that’s tricky; let’s start by hoping that schema1 will die out quickly enough, and we can revisit this if necessary later).