working commit
This commit is contained in:
@@ -0,0 +1,40 @@
|
||||
/*
|
||||
Copyright The ORAS Authors.
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package content
|
||||
|
||||
import (
|
||||
"github.com/opencontainers/go-digest"
|
||||
ocispec "github.com/opencontainers/image-spec/specs-go/v1"
|
||||
"oras.land/oras-go/v2/internal/descriptor"
|
||||
)
|
||||
|
||||
// NewDescriptorFromBytes returns a descriptor, given the content and media type.
|
||||
// If no media type is specified, "application/octet-stream" will be used.
|
||||
func NewDescriptorFromBytes(mediaType string, content []byte) ocispec.Descriptor {
|
||||
if mediaType == "" {
|
||||
mediaType = descriptor.DefaultMediaType
|
||||
}
|
||||
return ocispec.Descriptor{
|
||||
MediaType: mediaType,
|
||||
Digest: digest.FromBytes(content),
|
||||
Size: int64(len(content)),
|
||||
}
|
||||
}
|
||||
|
||||
// Equal returns true if two descriptors point to the same content.
|
||||
func Equal(a, b ocispec.Descriptor) bool {
|
||||
return a.Size == b.Size && a.Digest == b.Digest && a.MediaType == b.MediaType
|
||||
}
|
||||
+122
@@ -0,0 +1,122 @@
|
||||
/*
|
||||
Copyright The ORAS Authors.
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package content
|
||||
|
||||
import (
|
||||
"context"
|
||||
"encoding/json"
|
||||
|
||||
ocispec "github.com/opencontainers/image-spec/specs-go/v1"
|
||||
"oras.land/oras-go/v2/internal/docker"
|
||||
"oras.land/oras-go/v2/internal/spec"
|
||||
)
|
||||
|
||||
// PredecessorFinder finds out the nodes directly pointing to a given node of a
|
||||
// directed acyclic graph.
|
||||
// In other words, returns the "parents" of the current descriptor.
|
||||
// PredecessorFinder is an extension of Storage.
|
||||
type PredecessorFinder interface {
|
||||
// Predecessors returns the nodes directly pointing to the current node.
|
||||
Predecessors(ctx context.Context, node ocispec.Descriptor) ([]ocispec.Descriptor, error)
|
||||
}
|
||||
|
||||
// GraphStorage represents a CAS that supports direct predecessor node finding.
|
||||
type GraphStorage interface {
|
||||
Storage
|
||||
PredecessorFinder
|
||||
}
|
||||
|
||||
// ReadOnlyGraphStorage represents a read-only GraphStorage.
|
||||
type ReadOnlyGraphStorage interface {
|
||||
ReadOnlyStorage
|
||||
PredecessorFinder
|
||||
}
|
||||
|
||||
// Successors returns the nodes directly pointed by the current node.
|
||||
// In other words, returns the "children" of the current descriptor.
|
||||
func Successors(ctx context.Context, fetcher Fetcher, node ocispec.Descriptor) ([]ocispec.Descriptor, error) {
|
||||
switch node.MediaType {
|
||||
case docker.MediaTypeManifest:
|
||||
content, err := FetchAll(ctx, fetcher, node)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
// OCI manifest schema can be used to marshal docker manifest
|
||||
var manifest ocispec.Manifest
|
||||
if err := json.Unmarshal(content, &manifest); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return append([]ocispec.Descriptor{manifest.Config}, manifest.Layers...), nil
|
||||
case ocispec.MediaTypeImageManifest:
|
||||
content, err := FetchAll(ctx, fetcher, node)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
var manifest ocispec.Manifest
|
||||
if err := json.Unmarshal(content, &manifest); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
var nodes []ocispec.Descriptor
|
||||
if manifest.Subject != nil {
|
||||
nodes = append(nodes, *manifest.Subject)
|
||||
}
|
||||
nodes = append(nodes, manifest.Config)
|
||||
return append(nodes, manifest.Layers...), nil
|
||||
case docker.MediaTypeManifestList:
|
||||
content, err := FetchAll(ctx, fetcher, node)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
// OCI manifest index schema can be used to marshal docker manifest list
|
||||
var index ocispec.Index
|
||||
if err := json.Unmarshal(content, &index); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return index.Manifests, nil
|
||||
case ocispec.MediaTypeImageIndex:
|
||||
content, err := FetchAll(ctx, fetcher, node)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
var index ocispec.Index
|
||||
if err := json.Unmarshal(content, &index); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
var nodes []ocispec.Descriptor
|
||||
if index.Subject != nil {
|
||||
nodes = append(nodes, *index.Subject)
|
||||
}
|
||||
return append(nodes, index.Manifests...), nil
|
||||
case spec.MediaTypeArtifactManifest:
|
||||
content, err := FetchAll(ctx, fetcher, node)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
var manifest spec.Artifact
|
||||
if err := json.Unmarshal(content, &manifest); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
var nodes []ocispec.Descriptor
|
||||
if manifest.Subject != nil {
|
||||
nodes = append(nodes, *manifest.Subject)
|
||||
}
|
||||
return append(nodes, manifest.Blobs...), nil
|
||||
}
|
||||
return nil, nil
|
||||
}
|
||||
@@ -0,0 +1,50 @@
|
||||
/*
|
||||
Copyright The ORAS Authors.
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package content
|
||||
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"io"
|
||||
|
||||
ocispec "github.com/opencontainers/image-spec/specs-go/v1"
|
||||
"oras.land/oras-go/v2/errdef"
|
||||
)
|
||||
|
||||
// LimitedStorage represents a CAS with a push size limit.
|
||||
type LimitedStorage struct {
|
||||
Storage // underlying storage
|
||||
PushLimit int64 // max size for push
|
||||
}
|
||||
|
||||
// Push pushes the content, matching the expected descriptor.
|
||||
// The size of the content cannot exceed the push size limit.
|
||||
func (ls *LimitedStorage) Push(ctx context.Context, expected ocispec.Descriptor, content io.Reader) error {
|
||||
if expected.Size > ls.PushLimit {
|
||||
return fmt.Errorf(
|
||||
"content size %v exceeds push size limit %v: %w",
|
||||
expected.Size,
|
||||
ls.PushLimit,
|
||||
errdef.ErrSizeExceedsLimit)
|
||||
}
|
||||
|
||||
return ls.Storage.Push(ctx, expected, io.LimitReader(content, expected.Size))
|
||||
}
|
||||
|
||||
// LimitStorage returns a storage with a push size limit.
|
||||
func LimitStorage(s Storage, n int64) *LimitedStorage {
|
||||
return &LimitedStorage{s, n}
|
||||
}
|
||||
@@ -0,0 +1,96 @@
|
||||
/*
|
||||
Copyright The ORAS Authors.
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
// Package memory provides implementation of a memory backed content store.
|
||||
package memory
|
||||
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"io"
|
||||
|
||||
ocispec "github.com/opencontainers/image-spec/specs-go/v1"
|
||||
"oras.land/oras-go/v2/content"
|
||||
"oras.land/oras-go/v2/errdef"
|
||||
"oras.land/oras-go/v2/internal/cas"
|
||||
"oras.land/oras-go/v2/internal/graph"
|
||||
"oras.land/oras-go/v2/internal/resolver"
|
||||
)
|
||||
|
||||
// Store represents a memory based store, which implements `oras.Target`.
|
||||
type Store struct {
|
||||
storage content.Storage
|
||||
resolver content.TagResolver
|
||||
graph *graph.Memory
|
||||
}
|
||||
|
||||
// New creates a new memory based store.
|
||||
func New() *Store {
|
||||
return &Store{
|
||||
storage: cas.NewMemory(),
|
||||
resolver: resolver.NewMemory(),
|
||||
graph: graph.NewMemory(),
|
||||
}
|
||||
}
|
||||
|
||||
// Fetch fetches the content identified by the descriptor.
|
||||
func (s *Store) Fetch(ctx context.Context, target ocispec.Descriptor) (io.ReadCloser, error) {
|
||||
return s.storage.Fetch(ctx, target)
|
||||
}
|
||||
|
||||
// Push pushes the content, matching the expected descriptor.
|
||||
func (s *Store) Push(ctx context.Context, expected ocispec.Descriptor, reader io.Reader) error {
|
||||
if err := s.storage.Push(ctx, expected, reader); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// index predecessors.
|
||||
// there is no data consistency issue as long as deletion is not implemented
|
||||
// for the memory store.
|
||||
return s.graph.Index(ctx, s.storage, expected)
|
||||
}
|
||||
|
||||
// Exists returns true if the described content exists.
|
||||
func (s *Store) Exists(ctx context.Context, target ocispec.Descriptor) (bool, error) {
|
||||
return s.storage.Exists(ctx, target)
|
||||
}
|
||||
|
||||
// Resolve resolves a reference to a descriptor.
|
||||
func (s *Store) Resolve(ctx context.Context, reference string) (ocispec.Descriptor, error) {
|
||||
return s.resolver.Resolve(ctx, reference)
|
||||
}
|
||||
|
||||
// Tag tags a descriptor with a reference string.
|
||||
// Returns ErrNotFound if the tagged content does not exist.
|
||||
func (s *Store) Tag(ctx context.Context, desc ocispec.Descriptor, reference string) error {
|
||||
exists, err := s.storage.Exists(ctx, desc)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if !exists {
|
||||
return fmt.Errorf("%s: %s: %w", desc.Digest, desc.MediaType, errdef.ErrNotFound)
|
||||
}
|
||||
return s.resolver.Tag(ctx, desc, reference)
|
||||
}
|
||||
|
||||
// Predecessors returns the nodes directly pointing to the current node.
|
||||
// Predecessors returns nil without error if the node does not exists in the
|
||||
// store.
|
||||
// Like other operations, calling Predecessors() is go-routine safe. However,
|
||||
// it does not necessarily correspond to any consistent snapshot of the stored
|
||||
// contents.
|
||||
func (s *Store) Predecessors(ctx context.Context, node ocispec.Descriptor) ([]ocispec.Descriptor, error) {
|
||||
return s.graph.Predecessors(ctx, node)
|
||||
}
|
||||
+149
@@ -0,0 +1,149 @@
|
||||
/*
|
||||
Copyright The ORAS Authors.
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package content
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"fmt"
|
||||
"io"
|
||||
|
||||
"github.com/opencontainers/go-digest"
|
||||
ocispec "github.com/opencontainers/image-spec/specs-go/v1"
|
||||
)
|
||||
|
||||
var (
|
||||
// ErrInvalidDescriptorSize is returned by ReadAll() when
|
||||
// the descriptor has an invalid size.
|
||||
ErrInvalidDescriptorSize = errors.New("invalid descriptor size")
|
||||
|
||||
// ErrMismatchedDigest is returned by ReadAll() when
|
||||
// the descriptor has an invalid digest.
|
||||
ErrMismatchedDigest = errors.New("mismatched digest")
|
||||
|
||||
// ErrTrailingData is returned by ReadAll() when
|
||||
// there exists trailing data unread when the read terminates.
|
||||
ErrTrailingData = errors.New("trailing data")
|
||||
)
|
||||
|
||||
var (
|
||||
// errEarlyVerify is returned by VerifyReader.Verify() when
|
||||
// Verify() is called before completing reading the entire content blob.
|
||||
errEarlyVerify = errors.New("early verify")
|
||||
)
|
||||
|
||||
// VerifyReader reads the content described by its descriptor and verifies
|
||||
// against its size and digest.
|
||||
type VerifyReader struct {
|
||||
base *io.LimitedReader
|
||||
verifier digest.Verifier
|
||||
verified bool
|
||||
err error
|
||||
}
|
||||
|
||||
// Read reads up to len(p) bytes into p. It returns the number of bytes
|
||||
// read (0 <= n <= len(p)) and any error encountered.
|
||||
func (vr *VerifyReader) Read(p []byte) (n int, err error) {
|
||||
if vr.err != nil {
|
||||
return 0, vr.err
|
||||
}
|
||||
|
||||
n, err = vr.base.Read(p)
|
||||
if err != nil {
|
||||
if err == io.EOF && vr.base.N > 0 {
|
||||
err = io.ErrUnexpectedEOF
|
||||
}
|
||||
vr.err = err
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
// Verify checks for remaining unread content and verifies the read content against the digest
|
||||
func (vr *VerifyReader) Verify() error {
|
||||
if vr.verified {
|
||||
return nil
|
||||
}
|
||||
if vr.err == nil {
|
||||
if vr.base.N > 0 {
|
||||
return errEarlyVerify
|
||||
}
|
||||
} else if vr.err != io.EOF {
|
||||
return vr.err
|
||||
}
|
||||
|
||||
if err := ensureEOF(vr.base.R); err != nil {
|
||||
vr.err = err
|
||||
return vr.err
|
||||
}
|
||||
if !vr.verifier.Verified() {
|
||||
vr.err = ErrMismatchedDigest
|
||||
return vr.err
|
||||
}
|
||||
|
||||
vr.verified = true
|
||||
vr.err = io.EOF
|
||||
return nil
|
||||
}
|
||||
|
||||
// NewVerifyReader wraps r for reading content with verification against desc.
|
||||
func NewVerifyReader(r io.Reader, desc ocispec.Descriptor) *VerifyReader {
|
||||
if err := desc.Digest.Validate(); err != nil {
|
||||
return &VerifyReader{
|
||||
err: fmt.Errorf("failed to validate %s: %w", desc.Digest, err),
|
||||
}
|
||||
}
|
||||
verifier := desc.Digest.Verifier()
|
||||
lr := &io.LimitedReader{
|
||||
R: io.TeeReader(r, verifier),
|
||||
N: desc.Size,
|
||||
}
|
||||
return &VerifyReader{
|
||||
base: lr,
|
||||
verifier: verifier,
|
||||
}
|
||||
}
|
||||
|
||||
// ReadAll safely reads the content described by the descriptor.
|
||||
// The read content is verified against the size and the digest
|
||||
// using a VerifyReader.
|
||||
func ReadAll(r io.Reader, desc ocispec.Descriptor) ([]byte, error) {
|
||||
if desc.Size < 0 {
|
||||
return nil, ErrInvalidDescriptorSize
|
||||
}
|
||||
buf := make([]byte, desc.Size)
|
||||
|
||||
vr := NewVerifyReader(r, desc)
|
||||
if n, err := io.ReadFull(vr, buf); err != nil {
|
||||
if errors.Is(err, io.ErrUnexpectedEOF) {
|
||||
return nil, fmt.Errorf("read failed: expected content size of %d, got %d, for digest %s: %w", desc.Size, n, desc.Digest.String(), err)
|
||||
}
|
||||
return nil, fmt.Errorf("read failed: %w", err)
|
||||
}
|
||||
if err := vr.Verify(); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return buf, nil
|
||||
}
|
||||
|
||||
// ensureEOF ensures the read operation ends with an EOF and no
|
||||
// trailing data is present.
|
||||
func ensureEOF(r io.Reader) error {
|
||||
var peek [1]byte
|
||||
_, err := io.ReadFull(r, peek[:])
|
||||
if err != io.EOF {
|
||||
return ErrTrailingData
|
||||
}
|
||||
return nil
|
||||
}
|
||||
+47
@@ -0,0 +1,47 @@
|
||||
/*
|
||||
Copyright The ORAS Authors.
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
// Package content provides implementations to access content stores.
|
||||
package content
|
||||
|
||||
import (
|
||||
"context"
|
||||
|
||||
ocispec "github.com/opencontainers/image-spec/specs-go/v1"
|
||||
)
|
||||
|
||||
// Resolver resolves reference tags.
|
||||
type Resolver interface {
|
||||
// Resolve resolves a reference to a descriptor.
|
||||
Resolve(ctx context.Context, reference string) (ocispec.Descriptor, error)
|
||||
}
|
||||
|
||||
// Tagger tags reference tags.
|
||||
type Tagger interface {
|
||||
// Tag tags a descriptor with a reference string.
|
||||
Tag(ctx context.Context, desc ocispec.Descriptor, reference string) error
|
||||
}
|
||||
|
||||
// TagResolver provides reference tag indexing services.
|
||||
type TagResolver interface {
|
||||
Tagger
|
||||
Resolver
|
||||
}
|
||||
|
||||
// Untagger untags reference tags.
|
||||
type Untagger interface {
|
||||
// Untag untags the given reference string.
|
||||
Untag(ctx context.Context, reference string) error
|
||||
}
|
||||
+80
@@ -0,0 +1,80 @@
|
||||
/*
|
||||
Copyright The ORAS Authors.
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package content
|
||||
|
||||
import (
|
||||
"context"
|
||||
"io"
|
||||
|
||||
ocispec "github.com/opencontainers/image-spec/specs-go/v1"
|
||||
)
|
||||
|
||||
// Fetcher fetches content.
|
||||
type Fetcher interface {
|
||||
// Fetch fetches the content identified by the descriptor.
|
||||
Fetch(ctx context.Context, target ocispec.Descriptor) (io.ReadCloser, error)
|
||||
}
|
||||
|
||||
// Pusher pushes content.
|
||||
type Pusher interface {
|
||||
// Push pushes the content, matching the expected descriptor.
|
||||
// Reader is preferred to Writer so that the suitable buffer size can be
|
||||
// chosen by the underlying implementation. Furthermore, the implementation
|
||||
// can also do reflection on the Reader for more advanced I/O optimization.
|
||||
Push(ctx context.Context, expected ocispec.Descriptor, content io.Reader) error
|
||||
}
|
||||
|
||||
// Storage represents a content-addressable storage (CAS) where contents are
|
||||
// accessed via Descriptors.
|
||||
// The storage is designed to handle blobs of large sizes.
|
||||
type Storage interface {
|
||||
ReadOnlyStorage
|
||||
Pusher
|
||||
}
|
||||
|
||||
// ReadOnlyStorage represents a read-only Storage.
|
||||
type ReadOnlyStorage interface {
|
||||
Fetcher
|
||||
|
||||
// Exists returns true if the described content exists.
|
||||
Exists(ctx context.Context, target ocispec.Descriptor) (bool, error)
|
||||
}
|
||||
|
||||
// Deleter removes content.
|
||||
// Deleter is an extension of Storage.
|
||||
type Deleter interface {
|
||||
// Delete removes the content identified by the descriptor.
|
||||
Delete(ctx context.Context, target ocispec.Descriptor) error
|
||||
}
|
||||
|
||||
// FetchAll safely fetches the content described by the descriptor.
|
||||
// The fetched content is verified against the size and the digest.
|
||||
func FetchAll(ctx context.Context, fetcher Fetcher, desc ocispec.Descriptor) ([]byte, error) {
|
||||
rc, err := fetcher.Fetch(ctx, desc)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
defer rc.Close()
|
||||
return ReadAll(rc, desc)
|
||||
}
|
||||
|
||||
// FetcherFunc is the basic Fetch method defined in Fetcher.
|
||||
type FetcherFunc func(ctx context.Context, target ocispec.Descriptor) (io.ReadCloser, error)
|
||||
|
||||
// Fetch performs Fetch operation by the FetcherFunc.
|
||||
func (fn FetcherFunc) Fetch(ctx context.Context, target ocispec.Descriptor) (io.ReadCloser, error) {
|
||||
return fn(ctx, target)
|
||||
}
|
||||
Reference in New Issue
Block a user