Issue #5037: Schema1 has different algorithm of digest calculation - Container Support - Pulp

Actions

Send by e-mail Copy link

Issue #5037

closed

Schema1 has different algorithm of digest calculation

Added by ipanova@redhat.com over 5 years ago. Updated almost 5 years ago.

Status:

CLOSED - CURRENTRELEASE

Priority:

Normal

Assignee:

ipanova@redhat.com

Sprint/Milestone:

1.0.0

Start date:

Due date:

Estimated time:

Severity:

2. Medium

Platform Release:

OS:

Triaged:

Groomed:

Sprint Candidate:

Tags:

Sprint:

Sprint 55

Quarter:

Description

We calculate the digest of the schema1 on the whole file. As a result of current behaviour docker pull of schema1 does not work as well as sync has wrong results.

$ sudo docker pull localhost:24816/food:1.24-musl
Trying to pull repository localhost:24816/food ... 
Pulling repository localhost:24816/food
Error: image food:1.24-musl not found
(pulp) [vagrant@pulp3-source-fedora29 pulp_docker]$ pjournal
Hint: You are currently not seeing messages from other users and the system.
      Users in groups 'adm', 'systemd-journal', 'wheel' can see all messages.
      Pass -q to turn off this notice.
-- Logs begin at Thu 2019-05-02 13:43:21 UTC. --
Jun 26 11:06:00 pulp3-source-fedora29.fluffy.example.com gunicorn[3500]:     messages, upgraded, tail = self._request_parser.feed_data(data)
Jun 26 11:06:00 pulp3-source-fedora29.fluffy.example.com gunicorn[3500]:   File "aiohttp/_http_parser.pyx", line 523, in aiohttp._http_parser.HttpParser.feed_data
Jun 26 11:06:00 pulp3-source-fedora29.fluffy.example.com gunicorn[3500]: aiohttp.http_exceptions.BadStatusLine: invalid HTTP method
Jun 26 11:06:00 pulp3-source-fedora29.fluffy.example.com gunicorn[3500]: pulp: pulp_docker.app.registry:INFO: sha256:75e5a0f0c01cebf0e634a8995ab596b373e2be67cd7168e95b9de47a12ded279
Jun 26 11:06:00 pulp3-source-fedora29.fluffy.example.com gunicorn[3500]: [2019-06-26 11:06:00 +0000] [3512] [ERROR] Error handling request
Jun 26 11:06:00 pulp3-source-fedora29.fluffy.example.com gunicorn[3500]: Traceback (most recent call last):
Jun 26 11:06:00 pulp3-source-fedora29.fluffy.example.com gunicorn[3500]:   File "/usr/local/lib/pulp/lib64/python3.7/site-packages/aiohttp/web_protocol.py", line 275, in data_received
Jun 26 11:06:00 pulp3-source-fedora29.fluffy.example.com gunicorn[3500]:     messages, upgraded, tail = self._request_parser.feed_data(data)
Jun 26 11:06:00 pulp3-source-fedora29.fluffy.example.com gunicorn[3500]:   File "aiohttp/_http_parser.pyx", line 523, in aiohttp._http_parser.HttpParser.feed_data
Jun 26 11:06:00 pulp3-source-fedora29.fluffy.example.com gunicorn[3500]: aiohttp.http_exceptions.BadStatusLine: invalid HTTP method
qq^C
(pulp) [vagrant@pulp3-source-fedora29 pulp_docker]$ sudo docker pull localhost:24816/food@sha256:02c8e85e48664f0888493dfe885f0f01f8b598e934346824e14bd1c51aed7d5f
Trying to pull repository localhost:24816/food ... 
Manifest does not match provided manifest digest sha256:02c8e85e48664f0888493dfe885f0f01f8b598e934346824e14bd1c51aed7d5f

Note that client calculated digest sha256:75e5a0f0c01cebf0e634a8995ab596b373e2be67cd7168e95b9de47a12ded279, it does not contain signature part.

And this is the digest we calculated and store sha256:02c8e85e48664f0888493dfe885f0f01f8b598e934346824e14bd1c51aed7d5f. Client does not like it either, because digests do not match.

Now sync:

(pulp) [vagrant@pulp3-source-fedora29 pulp_docker]$ http GET http://localhost:24817/pulp/api/v3/repositories/cacbcd83-b2d6-4bee-ac7b-0e14d888ebe3/versions/2/
HTTP/1.1 200 OK
Allow: GET, DELETE, HEAD, OPTIONS
Connection: close
Content-Length: 1298
Content-Type: application/json
Date: Wed, 26 Jun 2019 10:27:41 GMT
Server: gunicorn/19.9.0
Vary: Accept, Cookie
X-Frame-Options: SAMEORIGIN

{
    "_created": "2019-06-26T10:04:31.240786Z",
    "_href": "/pulp/api/v3/repositories/cacbcd83-b2d6-4bee-ac7b-0e14d888ebe3/versions/2/",
    "base_version": null,
    "content_summary": {
        "added": {
            "docker.manifest": {
                "count": 22,
                "href": "/pulp/api/v3/content/docker/manifests/?repository_version_added=/pulp/api/v3/repositories/cacbcd83-b2d6-4bee-ac7b-0e14d888ebe3/versions/2/"
            },
            "docker.manifest-tag": {
                "count": 22,
                "href": "/pulp/api/v3/content/docker/manifest-tags/?repository_version_added=/pulp/api/v3/repositories/cacbcd83-b2d6-4bee-ac7b-0e14d888ebe3/versions/2/"
            }
        },
        "present": {
            "docker.manifest": {
                "count": 329,
                "href": "/pulp/api/v3/content/docker/manifests/?repository_version=/pulp/api/v3/repositories/cacbcd83-b2d6-4bee-ac7b-0e14d888ebe3/versions/2/"
            },
            "docker.manifest-blob": {
                "count": 487,
                "href": "/pulp/api/v3/content/docker/blobs/?repository_version=/pulp/api/v3/repositories/cacbcd83-b2d6-4bee-ac7b-0e14d888ebe3/versions/2/"
            },
            "docker.manifest-tag": {
                "count": 135,
                "href": "/pulp/api/v3/content/docker/manifest-tags/?repository_version=/pulp/api/v3/repositories/cacbcd83-b2d6-4bee-ac7b-0e14d888ebe3/versions/2/"
            }
        },
        "removed": {
            "docker.manifest-tag": {
                "count": 22,
                "href": "/pulp/api/v3/content/docker/manifest-tags/?repository_version_removed=/pulp/api/v3/repositories/cacbcd83-b2d6-4bee-ac7b-0e14d888ebe3/versions/2/"
            }
        }
    },
    "number": 2
}

(pulp) [vagrant@pulp3-source-fedora29 pulp_docker]$ http GET http://localhost:24817/pulp/api/v3/repositories/cacbcd83-b2d6-4bee-ac7b-0e14d888ebe3/versions/3/
HTTP/1.1 200 OK
Allow: GET, DELETE, HEAD, OPTIONS
Connection: close
Content-Length: 1298
Content-Type: application/json
Date: Wed, 26 Jun 2019 10:28:05 GMT
Server: gunicorn/19.9.0
Vary: Accept, Cookie
X-Frame-Options: SAMEORIGIN

{
    "_created": "2019-06-26T10:07:03.977935Z",
    "_href": "/pulp/api/v3/repositories/cacbcd83-b2d6-4bee-ac7b-0e14d888ebe3/versions/3/",
    "base_version": null,
    "content_summary": {
        "added": {
            "docker.manifest": {
                "count": 22,
                "href": "/pulp/api/v3/content/docker/manifests/?repository_version_added=/pulp/api/v3/repositories/cacbcd83-b2d6-4bee-ac7b-0e14d888ebe3/versions/3/"
            },
            "docker.manifest-tag": {
                "count": 22,
                "href": "/pulp/api/v3/content/docker/manifest-tags/?repository_version_added=/pulp/api/v3/repositories/cacbcd83-b2d6-4bee-ac7b-0e14d888ebe3/versions/3/"
            }
        },
        "present": {
            "docker.manifest": {
                "count": 351,
                "href": "/pulp/api/v3/content/docker/manifests/?repository_version=/pulp/api/v3/repositories/cacbcd83-b2d6-4bee-ac7b-0e14d888ebe3/versions/3/"
            },
            "docker.manifest-blob": {
                "count": 487,
                "href": "/pulp/api/v3/content/docker/blobs/?repository_version=/pulp/api/v3/repositories/cacbcd83-b2d6-4bee-ac7b-0e14d888ebe3/versions/3/"
            },
            "docker.manifest-tag": {
                "count": 135,
                "href": "/pulp/api/v3/content/docker/manifest-tags/?repository_version=/pulp/api/v3/repositories/cacbcd83-b2d6-4bee-ac7b-0e14d888ebe3/versions/3/"
            }
        },
        "removed": {
            "docker.manifest-tag": {
                "count": 22,
                "href": "/pulp/api/v3/content/docker/manifest-tags/?repository_version_removed=/pulp/api/v3/repositories/cacbcd83-b2d6-4bee-ac7b-0e14d888ebe3/versions/3/"
            }
        }
    },
    "number": 3
}

What we should do is to disregard the signature part, which changes with every response from the registry.

See pulp2 code https://github.com/pulp/pulp_docker/blob/2-master/plugins/pulp_docker/plugins/models.py#L102