[arvados] created: 2.7.0-6395-gefc7e2a46e
git repository hosting
git at public.arvados.org
Thu Apr 11 14:49:01 UTC 2024
at efc7e2a46e0a82bf9d1af0761f2970076c6f1203 (commit)
commit efc7e2a46e0a82bf9d1af0761f2970076c6f1203
Author: Tom Clegg <tom at curii.com>
Date: Thu Apr 11 10:35:17 2024 -0400
21657: Update docker archive ID introspection code for OCIv2.
Also, when not using the built-in image, we already rely on having
docker tools available, so use `docker inspect` instead of trying to
read the tarball.
This way the introspection code now only needs to work on the built-in
image. And now there's a test for that.
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom at curii.com>
diff --git a/lib/diagnostics/cmd.go b/lib/diagnostics/cmd.go
index 30dd6ee83b..0fd3b3eca2 100644
--- a/lib/diagnostics/cmd.go
+++ b/lib/diagnostics/cmd.go
@@ -10,6 +10,7 @@ import (
"context"
"crypto/sha256"
_ "embed"
+ "encoding/json"
"flag"
"fmt"
"io"
@@ -19,6 +20,7 @@ import (
"net/url"
"os"
"os/exec"
+ "regexp"
"strings"
"time"
@@ -457,6 +459,7 @@ func (diag *diagnoser) runtests() {
}
defer os.RemoveAll(tempdir)
+ var imageSHA2 string
var dockerImageData []byte
if diag.dockerImage != "" || diag.priority < 1 {
// We won't be using the self-built docker image, so
@@ -465,6 +468,14 @@ func (diag *diagnoser) runtests() {
// upload/download, whether or not we're using it as a
// docker image.
dockerImageData = HelloWorldDockerImage
+
+ if diag.priority > 0 {
+ imageSHA2, err = getSHA2FromImageData(dockerImageData)
+ if err != nil {
+ diag.errorf("internal error/bug: %s", err)
+ return
+ }
+ }
} else if selfbin, err := os.Readlink("/proc/self/exe"); err != nil {
diag.errorf("readlink /proc/self/exe: %s", err)
return
@@ -499,7 +510,18 @@ func (diag *diagnoser) runtests() {
}
diag.infof("arvados-client version: %s", checkversion)
- buf, err := exec.Command("docker", "save", tag).Output()
+ buf, err := exec.Command("docker", "inspect", "--format={{.Id}}", tag).Output()
+ if err != nil {
+ diag.errorf("docker inspect --format={{.Id}} %s: %s", tag, err)
+ return
+ }
+ imageSHA2 = min64HexDigits.FindString(string(buf))
+ if len(imageSHA2) != 64 {
+ diag.errorf("docker inspect --format={{.Id}} output %q does not seem to contain sha256 digest", buf)
+ return
+ }
+
+ buf, err = exec.Command("docker", "save", tag).Output()
if err != nil {
diag.errorf("docker save %s: %s", tag, err)
return
@@ -508,29 +530,6 @@ func (diag *diagnoser) runtests() {
dockerImageData = buf
}
- // Read image tarball to find image ID, so we can upload it as
- // "sha256:{...}.tar"
- var imageSHA2 string
- {
- tr := tar.NewReader(bytes.NewReader(dockerImageData))
- for {
- hdr, err := tr.Next()
- if err == io.EOF {
- break
- }
- if err != nil {
- diag.errorf("internal error/bug: cannot read docker image tar file: %s", err)
- return
- }
- if s := strings.TrimSuffix(hdr.Name, ".json"); len(s) == 64 && s != hdr.Name {
- imageSHA2 = s
- }
- }
- if imageSHA2 == "" {
- diag.errorf("internal error/bug: cannot find {sha256}.json file in docker image tar file")
- return
- }
- }
tarfilename := "sha256:" + imageSHA2 + ".tar"
diag.dotest(100, "uploading file via webdav", func() error {
@@ -810,3 +809,36 @@ func (diag *diagnoser) runtests() {
return nil
})
}
+
+func getSHA2FromImageData(dockerImageData []byte) (string, error) {
+ tr := tar.NewReader(bytes.NewReader(dockerImageData))
+ for {
+ hdr, err := tr.Next()
+ if err == io.EOF {
+ return "", fmt.Errorf("cannot find manifest.json in docker image tar file")
+ }
+ if err != nil {
+ return "", fmt.Errorf("cannot read docker image tar file: %s", err)
+ }
+ if hdr.Name != "manifest.json" {
+ continue
+ }
+ var manifest []struct {
+ Config string
+ }
+ err = json.NewDecoder(tr).Decode(&manifest)
+ if err != nil {
+ return "", fmt.Errorf("cannot read manifest.json from docker image tar file: %s", err)
+ }
+ if len(manifest) == 0 {
+ return "", fmt.Errorf("manifest.json is empty")
+ }
+ s := min64HexDigits.FindString(manifest[0].Config)
+ if len(s) != 64 {
+ return "", fmt.Errorf("found manifest.json but .[0].Config %q does not seem to contain sha256 digest", manifest[0].Config)
+ }
+ return s, nil
+ }
+}
+
+var min64HexDigits = regexp.MustCompile(`[0-9a-f]{64,}`)
diff --git a/lib/diagnostics/docker_image_test.go b/lib/diagnostics/docker_image_test.go
new file mode 100644
index 0000000000..ace4a2c035
--- /dev/null
+++ b/lib/diagnostics/docker_image_test.go
@@ -0,0 +1,25 @@
+// Copyright (C) The Arvados Authors. All rights reserved.
+//
+// SPDX-License-Identifier: AGPL-3.0
+
+package diagnostics
+
+import (
+ "testing"
+
+ . "gopkg.in/check.v1"
+)
+
+func Test(t *testing.T) {
+ TestingT(t)
+}
+
+var _ = Suite(&suite{})
+
+type suite struct{}
+
+func (*suite) TestGetSHA2FromImageData(c *C) {
+ imageSHA2, err := getSHA2FromImageData(HelloWorldDockerImage)
+ c.Check(err, IsNil)
+ c.Check(imageSHA2, Matches, `[0-9a-f]{64}`)
+}
-----------------------------------------------------------------------
hooks/post-receive
--
More information about the arvados-commits
mailing list