2019-10-31 18:35:15 +01:00
|
|
|
// Copyright 2019 Google LLC
|
|
|
|
//
|
|
|
|
// Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
|
|
|
// use this file except in compliance with the License. You may obtain a copy of
|
|
|
|
// the License at
|
|
|
|
//
|
|
|
|
// https://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
//
|
|
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
|
|
// distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
|
|
// WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
|
|
// License for the specific language governing permissions and limitations under
|
|
|
|
// the License.
|
|
|
|
|
2019-10-02 00:24:55 +02:00
|
|
|
// Package image implements logic for creating the image metadata
|
|
|
|
// (such as the image manifest and configuration).
|
|
|
|
package manifest
|
|
|
|
|
|
|
|
import (
|
|
|
|
"crypto/sha256"
|
|
|
|
"encoding/json"
|
|
|
|
"fmt"
|
2019-10-03 21:18:40 +02:00
|
|
|
"sort"
|
2019-10-02 00:24:55 +02:00
|
|
|
)
|
|
|
|
|
|
|
|
const (
|
|
|
|
// manifest constants
|
|
|
|
schemaVersion = 2
|
|
|
|
|
|
|
|
// media types
|
|
|
|
manifestType = "application/vnd.docker.distribution.manifest.v2+json"
|
2019-10-11 02:28:38 +02:00
|
|
|
layerType = "application/vnd.docker.image.rootfs.diff.tar.gzip"
|
2019-10-02 00:24:55 +02:00
|
|
|
configType = "application/vnd.docker.container.image.v1+json"
|
|
|
|
|
|
|
|
// image config constants
|
|
|
|
os = "linux"
|
|
|
|
fsType = "layers"
|
|
|
|
)
|
|
|
|
|
|
|
|
type Entry struct {
|
2019-10-03 13:09:24 +02:00
|
|
|
MediaType string `json:"mediaType,omitempty"`
|
2019-10-02 00:24:55 +02:00
|
|
|
Size int64 `json:"size"`
|
|
|
|
Digest string `json:"digest"`
|
2019-10-03 21:18:40 +02:00
|
|
|
|
2019-10-11 12:57:14 +02:00
|
|
|
// These fields are internal to Nixery and not part of the
|
2019-10-03 21:18:40 +02:00
|
|
|
// serialised entry.
|
|
|
|
MergeRating uint64 `json:"-"`
|
2019-10-11 12:57:14 +02:00
|
|
|
TarHash string `json:",omitempty"`
|
2019-10-02 00:24:55 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
type manifest struct {
|
|
|
|
SchemaVersion int `json:"schemaVersion"`
|
|
|
|
MediaType string `json:"mediaType"`
|
|
|
|
Config Entry `json:"config"`
|
|
|
|
Layers []Entry `json:"layers"`
|
|
|
|
}
|
|
|
|
|
|
|
|
type imageConfig struct {
|
|
|
|
Architecture string `json:"architecture"`
|
|
|
|
OS string `json:"os"`
|
|
|
|
|
|
|
|
RootFS struct {
|
|
|
|
FSType string `json:"type"`
|
|
|
|
DiffIDs []string `json:"diff_ids"`
|
|
|
|
} `json:"rootfs"`
|
|
|
|
|
|
|
|
// sic! empty struct (rather than `null`) is required by the
|
|
|
|
// image metadata deserialiser in Kubernetes
|
|
|
|
Config struct{} `json:"config"`
|
|
|
|
}
|
|
|
|
|
|
|
|
// ConfigLayer represents the configuration layer to be included in
|
2019-10-03 13:11:46 +02:00
|
|
|
// the manifest, containing its JSON-serialised content and SHA256
|
|
|
|
// hash.
|
2019-10-02 00:24:55 +02:00
|
|
|
type ConfigLayer struct {
|
|
|
|
Config []byte
|
|
|
|
SHA256 string
|
|
|
|
}
|
|
|
|
|
|
|
|
// imageConfig creates an image configuration with the values set to
|
|
|
|
// the constant defaults.
|
|
|
|
//
|
|
|
|
// Outside of this module the image configuration is treated as an
|
|
|
|
// opaque blob and it is thus returned as an already serialised byte
|
|
|
|
// array and its SHA256-hash.
|
2019-11-05 13:57:10 +01:00
|
|
|
func configLayer(arch string, hashes []string) ConfigLayer {
|
2019-10-02 00:24:55 +02:00
|
|
|
c := imageConfig{}
|
|
|
|
c.Architecture = arch
|
|
|
|
c.OS = os
|
|
|
|
c.RootFS.FSType = fsType
|
|
|
|
c.RootFS.DiffIDs = hashes
|
|
|
|
|
|
|
|
j, _ := json.Marshal(c)
|
|
|
|
|
|
|
|
return ConfigLayer{
|
|
|
|
Config: j,
|
|
|
|
SHA256: fmt.Sprintf("%x", sha256.Sum256(j)),
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// Manifest creates an image manifest from the specified layer entries
|
|
|
|
// and returns its JSON-serialised form as well as the configuration
|
|
|
|
// layer.
|
|
|
|
//
|
|
|
|
// Callers do not need to set the media type for the layer entries.
|
2019-11-05 13:57:10 +01:00
|
|
|
func Manifest(arch string, layers []Entry) (json.RawMessage, ConfigLayer) {
|
2019-10-03 21:18:40 +02:00
|
|
|
// Sort layers by their merge rating, from highest to lowest.
|
|
|
|
// This makes it likely for a contiguous chain of shared image
|
|
|
|
// layers to appear at the beginning of a layer.
|
|
|
|
//
|
|
|
|
// Due to moby/moby#38446 Docker considers the order of layers
|
|
|
|
// when deciding which layers to download again.
|
|
|
|
sort.Slice(layers, func(i, j int) bool {
|
|
|
|
return layers[i].MergeRating > layers[j].MergeRating
|
|
|
|
})
|
|
|
|
|
2019-10-02 00:24:55 +02:00
|
|
|
hashes := make([]string, len(layers))
|
|
|
|
for i, l := range layers {
|
2019-10-11 12:57:14 +02:00
|
|
|
hashes[i] = l.TarHash
|
2019-10-11 02:28:38 +02:00
|
|
|
l.MediaType = layerType
|
2019-10-11 12:57:14 +02:00
|
|
|
l.TarHash = ""
|
2019-10-02 00:24:55 +02:00
|
|
|
layers[i] = l
|
|
|
|
}
|
|
|
|
|
2019-11-05 13:57:10 +01:00
|
|
|
c := configLayer(arch, hashes)
|
2019-10-02 00:24:55 +02:00
|
|
|
|
|
|
|
m := manifest{
|
|
|
|
SchemaVersion: schemaVersion,
|
|
|
|
MediaType: manifestType,
|
|
|
|
Config: Entry{
|
|
|
|
MediaType: configType,
|
|
|
|
Size: int64(len(c.Config)),
|
|
|
|
Digest: "sha256:" + c.SHA256,
|
|
|
|
},
|
|
|
|
Layers: layers,
|
|
|
|
}
|
|
|
|
|
|
|
|
j, _ := json.Marshal(m)
|
|
|
|
|
|
|
|
return json.RawMessage(j), c
|
|
|
|
}
|