Skip to content

GitLab

Commit bf198c39 authored by Michael Yang's avatar Michael Yang
Browse files

verify blob digest

parent 924ce739
Hide whitespace changes
Inline Side-by-side
Showing with 27 additions and 0 deletions
server/images.go
View file @ bf198c39
...@@ -623,6 +623,13 @@ func PullModel(name, username, password string, fn func(api.ProgressResponse)) e ...@@ -623,6 +623,13 @@ func PullModel(name, username, password string, fn func(api.ProgressResponse)) e
completed += layer.Size completed += layer.Size
} }
fn(api.ProgressResponse{Status: "verifying sha256 digest"})
for _, layer := range layers {
if err := verifyBlob(layer.Digest); err != nil {
return err
}
}
fn(api.ProgressResponse{Status: "writing manifest"}) fn(api.ProgressResponse{Status: "writing manifest"})
manifestJSON, err := json.Marshal(manifest) manifestJSON, err := json.Marshal(manifest)
...@@ -917,3 +924,23 @@ func makeRequest(method, url string, headers map[string]string, body io.Reader, ...@@ -917,3 +924,23 @@ func makeRequest(method, url string, headers map[string]string, body io.Reader,
return resp, nil return resp, nil
} }
func verifyBlob(digest string) error {
fp, err := GetBlobsPath(digest)
if err != nil {
return err
}
f, err := os.Open(fp)
if err != nil {
return err
}
defer f.Close()
fileDigest, _ := GetSHA256Digest(f)
if digest != fileDigest {
return fmt.Errorf("digest mismatch: want %s, got %s", digest, fileDigest)
}
return nil
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment