115 lines
3.1 KiB
Go
115 lines
3.1 KiB
Go
/*
|
|
* Copyright 2026 Oleg Borodin <onborodin@gmail.com>
|
|
*/
|
|
package imageoper
|
|
|
|
import (
|
|
"context"
|
|
"encoding/json"
|
|
"io"
|
|
"net/http"
|
|
|
|
"mstore/pkg/descr"
|
|
|
|
ocidigest "github.com/opencontainers/go-digest"
|
|
ocispec "github.com/opencontainers/image-spec/specs-go/v1"
|
|
)
|
|
|
|
type CheckImagesParams struct {
|
|
Name string
|
|
}
|
|
type CheckImagesResult struct {
|
|
Repositories []string `json:"repositories"`
|
|
}
|
|
|
|
func (oper *Operator) CheckImages(ctx context.Context, params *CheckImagesParams) (*CheckImagesResult, int, error) {
|
|
var err error
|
|
res := &CheckImagesResult{
|
|
Repositories: make([]string, 0),
|
|
}
|
|
|
|
var manDescrs []descr.Manifest
|
|
if params.Name == "" {
|
|
manDescrs, err = oper.mdb.ListAllManifests(ctx)
|
|
if err != nil {
|
|
return res, http.StatusInternalServerError, err
|
|
}
|
|
} else {
|
|
manDescrs, err = oper.mdb.ListManifestsByName(ctx, params.Name)
|
|
if err != nil {
|
|
return res, http.StatusInternalServerError, err
|
|
}
|
|
}
|
|
for _, manDescr := range manDescrs {
|
|
incorrectImage, err := oper.checkImage(ctx, manDescr)
|
|
if err != nil {
|
|
return res, http.StatusInternalServerError, err
|
|
}
|
|
if incorrectImage {
|
|
repo := manDescr.Name + ":" + manDescr.Reference
|
|
res.Repositories = append(res.Repositories, repo)
|
|
}
|
|
}
|
|
return res, http.StatusOK, err
|
|
}
|
|
|
|
func (oper *Operator) checkImage(ctx context.Context, manDescr descr.Manifest) (bool, error) {
|
|
|
|
resName := manDescr.Name
|
|
oper.iLock.WaitAndLock(resName)
|
|
defer oper.iLock.Done(resName)
|
|
|
|
var err error
|
|
incorrectImage := false
|
|
oper.logg.Debugf("Check image %s:%s", manDescr.Name, manDescr.Reference)
|
|
man := &ocispec.Manifest{}
|
|
err = json.Unmarshal([]byte(manDescr.Payload), man)
|
|
if err != nil {
|
|
return incorrectImage, err
|
|
}
|
|
blobs := make([]ocispec.Descriptor, 0)
|
|
blobs = append(blobs, man.Config)
|
|
blobs = append(blobs, man.Layers...)
|
|
for _, blob := range blobs {
|
|
oper.logg.Debugf("Check blob %s", blob.Digest.String())
|
|
blobExists, blobDescr, err := oper.mdb.GetBlobByNameRefDigest(ctx, manDescr.Name, manDescr.Reference, blob.Digest.String())
|
|
if err != nil {
|
|
return incorrectImage, err
|
|
}
|
|
blobExists, blobSize, err := oper.store.BlobExists(blobDescr.Name, blobDescr.Digest)
|
|
if err != nil {
|
|
return incorrectImage, err
|
|
}
|
|
if !blobExists || blobSize != blobDescr.Size {
|
|
incorrectImage = true
|
|
} else {
|
|
digstr := blobDescr.Digest
|
|
digobj, err := ocidigest.Parse(digstr)
|
|
if err != nil {
|
|
oper.logg.Debugf("Incorrect blob name: %s", digstr)
|
|
incorrectImage = true
|
|
}
|
|
_, blobReadCloser, err := oper.store.BlobReader(blobDescr.Name, blobDescr.Digest)
|
|
if err != nil {
|
|
return incorrectImage, err
|
|
}
|
|
defer blobReadCloser.Close()
|
|
verifier := digobj.Verifier()
|
|
_, err = io.Copy(verifier, blobReadCloser)
|
|
if !verifier.Verified() {
|
|
oper.logg.Debugf("Incorrect blob digest: %s", digstr)
|
|
incorrectImage = true
|
|
}
|
|
}
|
|
}
|
|
if incorrectImage {
|
|
repo := manDescr.Name + ":" + manDescr.Reference
|
|
oper.logg.Debugf("Delete incomplete image: %s", repo)
|
|
err = oper.deleteManifestObjects(ctx, manDescr.Name, manDescr.Reference)
|
|
if err != nil {
|
|
return incorrectImage, err
|
|
}
|
|
}
|
|
return incorrectImage, err
|
|
}
|