Project

Profile

Help

Actions
Send by e-mail Copy link

Story #1145

closed

As a user, I am assured that Pulp is downloading the correct manifests

Added by rbarlow over 9 years ago. Updated over 5 years ago.

Status:
CLOSED - CURRENTRELEASE
Priority:
Normal
Assignee:
-
Start date:
Due date:
% Done:

100%

Estimated time:
Platform Release:
Target Release - Docker:
2.0.0
Groomed:
No
Sprint Candidate:
Yes
Tags:
Pulp 2
Sprint:
Quarter:

Description

The docker manifests have a digest, which is supposed to be a checksum of the manifest. However, the manifest checksum is not calculated on the downloaded manifest but on some permutation of the manifest. The necessary permutation is not known to the Pulp team at this time, so part of this effort will be determining how to calculate the checksum of the digest. There is a GitHub issue[0] with some information that may be useful. Hint: It may be related to removing signatures, but I am not sure.

Deliverables:

  • Determine how to calculate the digest of the manifest, since the manifest as presented has a different checksum than the given digest from the registry.
  • Rework the Importer to validate the digest of the downloaded manifests to ensure that the expected data was received
  • Consider whether this should be a setting or not (I lean towards not). If you determine that it should, make sure pulp-admin supports it
  • Tests
  • Documentation

[0] https://github.com/docker/docker/issues/8093

Related issues

Blocked by Docker Support - Story #968: As a user, I can sync from a v2 registryCLOSED - CURRENTRELEASErbarlow

Actions
Blocks Docker Support - Task #1048: Tracker for Docker v2 API and Manifest workCLOSED - CURRENTRELEASErbarlow

Actions
Actions
Send by e-mail Copy link

Also available in: Atom PDF