Skip to content

Move containerd media type warnings for attestations #3865

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
jedevc merged 2 commits into from
May 15, 2023
Merged

Move containerd media type warnings for attestations #3865

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
709b72a
attestations: replace intoto media type with vendored const
jedevc May 12, 2023
86d89ac
attestations: move containerd media type warnings
jedevc May 12, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 0 additions & 4 deletions exporter/containerimage/export.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,10 +14,8 @@ import (
"github.com/containerd/containerd/images"
"github.com/containerd/containerd/leases"
"github.com/containerd/containerd/platforms"
"github.com/containerd/containerd/remotes"
"github.com/containerd/containerd/remotes/docker"
"github.com/containerd/containerd/rootfs"
intoto "github.com/in-toto/in-toto-golang/in_toto"
"github.com/moby/buildkit/cache"
cacheconfig "github.com/moby/buildkit/cache/config"
"github.com/moby/buildkit/exporter"
Expand Down Expand Up @@ -355,8 +353,6 @@ func (e *imageExporterInstance) pushImage(ctx context.Context, src *exporter.Sou
}
}
}

ctx = remotes.WithMediaTypeKeyPrefix(ctx, intoto.PayloadType, "intoto")
return push.Push(ctx, e.opt.SessionManager, sessionID, mprovider, e.opt.ImageWriter.ContentStore(), dgst, targetName, e.insecure, e.opt.RegistryHosts, e.pushByDigest, annotations)
}

Expand Down
2 changes: 1 addition & 1 deletion exporter/containerimage/writer.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -437,7 +437,7 @@ func (ic *ImageWriter) commitAttestationsManifest(ctx context.Context, opts *Ima
}
digest := digest.FromBytes(data)
desc := ocispecs.Descriptor{
MediaType: attestationTypes.MediaTypeDockerSchema2AttestationType,
MediaType: intoto.PayloadType,
Digest: digest,
Size: int64(len(data)),
Annotations: map[string]string{
Expand Down
3 changes: 0 additions & 3 deletions exporter/oci/export.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,9 +11,7 @@ import (

archiveexporter "github.com/containerd/containerd/images/archive"
"github.com/containerd/containerd/leases"
"github.com/containerd/containerd/remotes"
"github.com/docker/distribution/reference"
intoto "github.com/in-toto/in-toto-golang/in_toto"
"github.com/moby/buildkit/cache"
cacheconfig "github.com/moby/buildkit/cache/config"
"github.com/moby/buildkit/exporter"
Expand Down Expand Up @@ -266,7 +264,6 @@ func (e *imageExporterInstance) Export(ctx context.Context, src *exporter.Source
}
report(nil)
} else {
ctx = remotes.WithMediaTypeKeyPrefix(ctx, intoto.PayloadType, "intoto")
store := sessioncontent.NewCallerStore(caller, "export")
if err != nil {
return nil, nil, err
Expand Down
4 changes: 2 additions & 2 deletions solver/llbsolver/solver.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ import (
"sync"
"time"

intoto "github.com/in-toto/in-toto-golang/in_toto"
slsa02 "github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/v0.2"
controlapi "github.com/moby/buildkit/api/services/control"
"github.com/moby/buildkit/cache"
Expand All @@ -26,7 +27,6 @@ import (
"github.com/moby/buildkit/solver/llbsolver/provenance"
"github.com/moby/buildkit/solver/result"
spb "github.com/moby/buildkit/sourcepolicy/pb"
"github.com/moby/buildkit/util/attestation"
"github.com/moby/buildkit/util/bklog"
"github.com/moby/buildkit/util/compression"
"github.com/moby/buildkit/util/entitlements"
Expand Down Expand Up @@ -210,7 +210,7 @@ func (s *Solver) recordBuildHistory(ctx context.Context, id string, req frontend
if err != nil {
return nil, nil, err
}
w, err := s.history.OpenBlobWriter(ctx, attestation.MediaTypeDockerSchema2AttestationType)
w, err := s.history.OpenBlobWriter(ctx, intoto.PayloadType)
if err != nil {
return nil, nil, err
}
Expand Down
2 changes: 0 additions & 2 deletions util/attestation/types.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,6 @@
package attestation

const (
MediaTypeDockerSchema2AttestationType = "application/vnd.in-toto+json"

DockerAnnotationReferenceType = "vnd.docker.reference.type"
DockerAnnotationReferenceDigest = "vnd.docker.reference.digest"
DockerAnnotationReferenceDescription = "vnd.docker.reference.description"
Expand Down
2 changes: 2 additions & 0 deletions util/contentutil/copy.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ import (
)

func Copy(ctx context.Context, ingester content.Ingester, provider content.Provider, desc ocispecs.Descriptor, ref string, logger func([]byte)) error {
ctx = RegisterContentPayloadTypes(ctx)
if _, err := retryhandler.New(limited.FetchHandler(ingester, &localFetcher{provider}, ref), logger)(ctx, desc); err != nil {
return err
}
Expand Down Expand Up @@ -60,6 +61,7 @@ func (r *rc) Seek(offset int64, whence int) (int64, error) {
}

func CopyChain(ctx context.Context, ingester content.Ingester, provider content.Provider, desc ocispecs.Descriptor) error {
ctx = RegisterContentPayloadTypes(ctx)
var m sync.Mutex
manifestStack := []ocispecs.Descriptor{}

Expand Down
15 changes: 15 additions & 0 deletions util/contentutil/types.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
package contentutil

import (
"context"

"github.com/containerd/containerd/remotes"
intoto "github.com/in-toto/in-toto-golang/in_toto"
)

// RegisterContentPayloadTypes registers content types that are not defined by
// default but that we expect to find in registry images.
func RegisterContentPayloadTypes(ctx context.Context) context.Context {
ctx = remotes.WithMediaTypeKeyPrefix(ctx, intoto.PayloadType, "intoto")
return ctx
}
4 changes: 2 additions & 2 deletions util/imageutil/config.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ import (
"github.com/containerd/containerd/reference"
"github.com/containerd/containerd/remotes"
"github.com/containerd/containerd/remotes/docker"
"github.com/moby/buildkit/util/attestation"
intoto "github.com/in-toto/in-toto-golang/in_toto"
"github.com/moby/buildkit/util/contentutil"
"github.com/moby/buildkit/util/leaseutil"
"github.com/moby/buildkit/util/resolver/limited"
Expand Down Expand Up @@ -174,7 +174,7 @@ func childrenConfigHandler(provider content.Provider, platform platforms.MatchCo
descs = append(descs, index.Manifests...)
}
case images.MediaTypeDockerSchema2Config, ocispecs.MediaTypeImageConfig, docker.LegacyConfigMediaType,
attestation.MediaTypeDockerSchema2AttestationType:
intoto.PayloadType:
// childless data types.
return nil, nil
default:
Expand Down
6 changes: 4 additions & 2 deletions util/push/push.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,9 +14,10 @@ import (
"github.com/containerd/containerd/remotes"
"github.com/containerd/containerd/remotes/docker"
"github.com/docker/distribution/reference"
intoto "github.com/in-toto/in-toto-golang/in_toto"
"github.com/moby/buildkit/session"
"github.com/moby/buildkit/util/attestation"
"github.com/moby/buildkit/util/bklog"
"github.com/moby/buildkit/util/contentutil"
"github.com/moby/buildkit/util/flightcontrol"
"github.com/moby/buildkit/util/imageutil"
"github.com/moby/buildkit/util/progress"
Expand Down Expand Up @@ -46,6 +47,7 @@ func Pusher(ctx context.Context, resolver remotes.Resolver, ref string) (remotes
}

func Push(ctx context.Context, sm *session.Manager, sid string, provider content.Provider, manager content.Manager, dgst digest.Digest, ref string, insecure bool, hosts docker.RegistryHosts, byDigest bool, annotations map[digest.Digest]map[string]string) error {
ctx = contentutil.RegisterContentPayloadTypes(ctx)
desc := ocispecs.Descriptor{
Digest: dgst,
}
Expand Down Expand Up @@ -250,7 +252,7 @@ func childrenHandler(provider content.Provider) images.HandlerFunc {
case images.MediaTypeDockerSchema2Layer, images.MediaTypeDockerSchema2LayerGzip,
images.MediaTypeDockerSchema2Config, ocispecs.MediaTypeImageConfig,
ocispecs.MediaTypeImageLayer, ocispecs.MediaTypeImageLayerGzip,
attestation.MediaTypeDockerSchema2AttestationType:
intoto.PayloadType:
// childless data types.
return nil, nil
default:
Expand Down