Add docker/utils.ManifestMatchesDigest#75
Conversation
|
(Right now I need this for an Feel free to defer merging this after I get to cleaning up |
docker/docker_image.go
Outdated
| return false, err | ||
| } | ||
| // Note that this is not doing ConstantTimeCompare; by the time we get here, the cryptographic signature must already have been verified, | ||
| // or we are not using a cryptographic channel and the attacker can modify the digest along with the manifest blob. |
There was a problem hiding this comment.
can you put this comment in the func comment above? so that godoc is aware of this and users also
There was a problem hiding this comment.
Good point, will update.
I'd rather wait for this than merging :) |
mtrmac
force-pushed
the
matches-manifest-digest
branch
from
83bc6d2 to
846cc1c
Compare
Sure, marking as WIP for now. |
mtrmac
changed the title
mtrmac
force-pushed
the
matches-manifest-digest
branch
from
846cc1c to
d07f84f
Compare
mtrmac
force-pushed
the
matches-manifest-digest
branch
from
d07f84f to
16a6937
Compare
|
(Currently depends on, and includes, #79. Conceptually it is independent, the dependency is for merging with changes of that PR. I will rebase as needed.) |
mtrmac
force-pushed
the
matches-manifest-digest
branch
2 times, most recently
from
cc6aa37 to
e917465
Compare
As opposed to callers just calling utils.ManifestDigest(), this is a forward-compatible interface, allowing other digest algorithms to be added in the future. Right now, we only support SHA-256, so the underlying implementation does not change anything.
mtrmac
force-pushed
the
matches-manifest-digest
branch
from
e917465 to
938478e
Compare
|
Moved the functionality from Now with a test, and ready to be merged. |
mtrmac
changed the title
2 participants
As opposed to callers just calling
utils.ManifestDigest(image.Manifest()), this is a forward-compatible interface, allowing other digest algorithms to be added in the future.Right now, we only support SHA-256, so the underlying implementation does not change anything.