0
Fork 0
mirror of https://github.com/project-zot/zot.git synced 2025-01-20 22:52:51 -05:00
zot/pkg/storage/local.go

2104 lines
50 KiB
Go
Raw Normal View History

2021-09-30 16:27:13 +03:00
package storage
import (
"bytes"
"context"
"encoding/json"
"errors"
2021-09-30 16:27:13 +03:00
"fmt"
"io"
"io/fs"
2021-09-30 16:27:13 +03:00
"os"
"path"
"path/filepath"
"strings"
"sync"
"syscall"
2021-09-30 16:27:13 +03:00
"time"
"unicode/utf8"
2021-09-30 16:27:13 +03:00
apexlog "github.com/apex/log"
guuid "github.com/gofrs/uuid"
"github.com/minio/sha256-simd"
"github.com/notaryproject/notation-go"
2021-09-30 16:27:13 +03:00
godigest "github.com/opencontainers/go-digest"
ispec "github.com/opencontainers/image-spec/specs-go/v1"
"github.com/opencontainers/umoci"
"github.com/opencontainers/umoci/oci/casext"
artifactspec "github.com/oras-project/artifacts-spec/specs-go/v1"
2021-09-30 16:27:13 +03:00
"github.com/rs/zerolog"
"github.com/sigstore/cosign/pkg/oci/remote"
zerr "zotregistry.io/zot/errors"
"zotregistry.io/zot/pkg/extensions/monitoring"
zlog "zotregistry.io/zot/pkg/log"
"zotregistry.io/zot/pkg/scheduler"
"zotregistry.io/zot/pkg/test"
2021-09-30 16:27:13 +03:00
)
const (
// BlobUploadDir defines the upload directory for blob uploads.
BlobUploadDir = ".uploads"
SchemaVersion = 2
DefaultFilePerms = 0o600
DefaultDirPerms = 0o700
RLOCK = "RLock"
RWLOCK = "RWLock"
2021-09-30 16:27:13 +03:00
)
// BlobUpload models and upload request.
type BlobUpload struct {
StoreName string
ID string
}
type StoreController struct {
DefaultStore ImageStore
SubStore map[string]ImageStore
}
// ImageStoreLocal provides the image storage operations.
type ImageStoreLocal struct {
2021-09-30 16:27:13 +03:00
rootDir string
lock *sync.RWMutex
blobUploads map[string]BlobUpload
cache *Cache
gc bool
dedupe bool
commit bool
gcDelay time.Duration
2021-09-30 16:27:13 +03:00
log zerolog.Logger
metrics monitoring.MetricServer
linter Lint
2021-09-30 16:27:13 +03:00
}
func (is *ImageStoreLocal) RootDir() string {
2021-09-30 16:27:13 +03:00
return is.rootDir
}
func (is *ImageStoreLocal) DirExists(d string) bool {
return DirExists(d)
2021-09-30 16:27:13 +03:00
}
func getRoutePrefix(name string) string {
names := strings.SplitN(name, "/", 2) //nolint:gomnd
2021-09-30 16:27:13 +03:00
if len(names) != 2 { //nolint:gomnd
2021-09-30 16:27:13 +03:00
// it means route is of global storage e.g "centos:latest"
if len(names) == 1 {
return "/"
}
}
return fmt.Sprintf("/%s", names[0])
}
func (sc StoreController) GetImageStore(name string) ImageStore {
if sc.SubStore != nil {
// SubStore is being provided, now we need to find equivalent image store and this will be found by splitting name
prefixName := getRoutePrefix(name)
imgStore, ok := sc.SubStore[prefixName]
if !ok {
imgStore = sc.DefaultStore
}
return imgStore
}
return sc.DefaultStore
}
// NewImageStore returns a new image store backed by a file storage.
func NewImageStore(rootDir string, gc bool, gcDelay time.Duration, dedupe, commit bool,
log zlog.Logger, metrics monitoring.MetricServer, linter Lint,
) ImageStore {
2021-09-30 16:27:13 +03:00
if _, err := os.Stat(rootDir); os.IsNotExist(err) {
if err := os.MkdirAll(rootDir, DefaultDirPerms); err != nil {
2021-09-30 16:27:13 +03:00
log.Error().Err(err).Str("rootDir", rootDir).Msg("unable to create root dir")
2021-09-30 16:27:13 +03:00
return nil
}
}
imgStore := &ImageStoreLocal{
2021-09-30 16:27:13 +03:00
rootDir: rootDir,
lock: &sync.RWMutex{},
blobUploads: make(map[string]BlobUpload),
gc: gc,
gcDelay: gcDelay,
2021-09-30 16:27:13 +03:00
dedupe: dedupe,
commit: commit,
2021-09-30 16:27:13 +03:00
log: log.With().Caller().Logger(),
metrics: metrics,
linter: linter,
2021-09-30 16:27:13 +03:00
}
if dedupe {
imgStore.cache = NewCache(rootDir, "cache", true, log)
2021-09-30 16:27:13 +03:00
}
if gc {
// we use umoci GC to perform garbage-collection, but it uses its own logger
// - so capture those logs, could be useful
apexlog.SetLevel(apexlog.DebugLevel)
apexlog.SetHandler(apexlog.HandlerFunc(func(entry *apexlog.Entry) error {
e := log.Debug()
for k, v := range entry.Fields {
e = e.Interface(k, v)
}
e.Msg(entry.Message)
2021-09-30 16:27:13 +03:00
return nil
}))
}
return imgStore
2021-09-30 16:27:13 +03:00
}
// RLock read-lock.
func (is *ImageStoreLocal) RLock(lockStart *time.Time) {
*lockStart = time.Now()
2021-09-30 16:27:13 +03:00
is.lock.RLock()
}
// RUnlock read-unlock.
func (is *ImageStoreLocal) RUnlock(lockStart *time.Time) {
2021-09-30 16:27:13 +03:00
is.lock.RUnlock()
lockEnd := time.Now()
latency := lockEnd.Sub(*lockStart)
monitoring.ObserveStorageLockLatency(is.metrics, latency, is.RootDir(), RLOCK) // histogram
2021-09-30 16:27:13 +03:00
}
// Lock write-lock.
func (is *ImageStoreLocal) Lock(lockStart *time.Time) {
*lockStart = time.Now()
2021-09-30 16:27:13 +03:00
is.lock.Lock()
}
// Unlock write-unlock.
func (is *ImageStoreLocal) Unlock(lockStart *time.Time) {
2021-09-30 16:27:13 +03:00
is.lock.Unlock()
lockEnd := time.Now()
latency := lockEnd.Sub(*lockStart)
monitoring.ObserveStorageLockLatency(is.metrics, latency, is.RootDir(), RWLOCK) // histogram
2021-09-30 16:27:13 +03:00
}
func (is *ImageStoreLocal) initRepo(name string) error {
2021-09-30 16:27:13 +03:00
repoDir := path.Join(is.rootDir, name)
if !utf8.ValidString(name) {
is.log.Error().Msg("input is not valid UTF-8")
return zerr.ErrInvalidRepositoryName
}
2021-09-30 16:27:13 +03:00
// create "blobs" subdir
err := ensureDir(path.Join(repoDir, "blobs"), is.log)
if err != nil {
is.log.Error().Err(err).Msg("error creating blobs subdir")
return err
}
// create BlobUploadDir subdir
err = ensureDir(path.Join(repoDir, BlobUploadDir), is.log)
if err != nil {
is.log.Error().Err(err).Msg("error creating blob upload subdir")
return err
}
// "oci-layout" file - create if it doesn't exist
ilPath := path.Join(repoDir, ispec.ImageLayoutFile)
if _, err := os.Stat(ilPath); err != nil {
il := ispec.ImageLayout{Version: ispec.ImageLayoutVersion}
buf, err := json.Marshal(il)
2021-09-30 16:27:13 +03:00
if err != nil {
is.log.Panic().Err(err).Msg("unable to marshal JSON")
}
if err := is.writeFile(ilPath, buf); err != nil {
2021-09-30 16:27:13 +03:00
is.log.Error().Err(err).Str("file", ilPath).Msg("unable to write file")
2021-09-30 16:27:13 +03:00
return err
}
}
// "index.json" file - create if it doesn't exist
indexPath := path.Join(repoDir, "index.json")
if _, err := os.Stat(indexPath); err != nil {
index := ispec.Index{}
index.SchemaVersion = 2
buf, err := json.Marshal(index)
2021-09-30 16:27:13 +03:00
if err != nil {
is.log.Panic().Err(err).Msg("unable to marshal JSON")
}
if err := is.writeFile(indexPath, buf); err != nil {
2021-09-30 16:27:13 +03:00
is.log.Error().Err(err).Str("file", indexPath).Msg("unable to write file")
2021-09-30 16:27:13 +03:00
return err
}
}
return nil
}
// InitRepo creates an image repository under this store.
func (is *ImageStoreLocal) InitRepo(name string) error {
var lockLatency time.Time
is.Lock(&lockLatency)
defer is.Unlock(&lockLatency)
2021-09-30 16:27:13 +03:00
return is.initRepo(name)
}
// ValidateRepo validates that the repository layout is complaint with the OCI repo layout.
func (is *ImageStoreLocal) ValidateRepo(name string) (bool, error) {
2021-09-30 16:27:13 +03:00
// https://github.com/opencontainers/image-spec/blob/master/image-layout.md#content
// at least, expect at least 3 entries - ["blobs", "oci-layout", "index.json"]
// and an additional/optional BlobUploadDir in each image store
dir := path.Join(is.rootDir, name)
if !is.DirExists(dir) {
return false, zerr.ErrRepoNotFound
2021-09-30 16:27:13 +03:00
}
files, err := os.ReadDir(dir)
2021-09-30 16:27:13 +03:00
if err != nil {
is.log.Error().Err(err).Str("dir", dir).Msg("unable to read directory")
return false, zerr.ErrRepoNotFound
2021-09-30 16:27:13 +03:00
}
if len(files) < 3 { // nolint:gomnd
return false, zerr.ErrRepoBadVersion
2021-09-30 16:27:13 +03:00
}
found := map[string]bool{
"blobs": false,
ispec.ImageLayoutFile: false,
"index.json": false,
}
for _, file := range files {
if file.Name() == "blobs" && !file.IsDir() {
return false, nil
}
found[file.Name()] = true
}
for k, v := range found {
if !v && k != BlobUploadDir {
return false, nil
}
}
buf, err := os.ReadFile(path.Join(dir, ispec.ImageLayoutFile))
2021-09-30 16:27:13 +03:00
if err != nil {
return false, err
}
var il ispec.ImageLayout
if err := json.Unmarshal(buf, &il); err != nil {
return false, err
}
if il.Version != ispec.ImageLayoutVersion {
return false, zerr.ErrRepoBadVersion
2021-09-30 16:27:13 +03:00
}
return true, nil
}
// GetRepositories returns a list of all the repositories under this store.
func (is *ImageStoreLocal) GetRepositories() ([]string, error) {
var lockLatency time.Time
2021-09-30 16:27:13 +03:00
dir := is.rootDir
is.RLock(&lockLatency)
defer is.RUnlock(&lockLatency)
2021-09-30 16:27:13 +03:00
_, err := os.ReadDir(dir)
2021-09-30 16:27:13 +03:00
if err != nil {
is.log.Error().Err(err).Msg("failure walking storage root-dir")
2021-09-30 16:27:13 +03:00
return nil, err
}
stores := make([]string, 0)
err = filepath.Walk(dir, func(path string, info os.FileInfo, err error) error {
if err != nil {
return err
}
if !info.IsDir() {
return nil
}
rel, err := filepath.Rel(is.rootDir, path)
if err != nil {
return nil // nolint:nilerr // ignore paths not relative to root dir
2021-09-30 16:27:13 +03:00
}
if ok, err := is.ValidateRepo(rel); !ok || err != nil {
return nil // nolint:nilerr // ignore invalid repos
2021-09-30 16:27:13 +03:00
}
// is.log.Debug().Str("dir", path).Str("name", info.Name()).Msg("found image store")
2021-09-30 16:27:13 +03:00
stores = append(stores, rel)
return nil
})
return stores, err
}
// GetNextRepository returns next repository under this store.
func (is *ImageStoreLocal) GetNextRepository(repo string) (string, error) {
var lockLatency time.Time
dir := is.rootDir
is.RLock(&lockLatency)
defer is.RUnlock(&lockLatency)
_, err := os.ReadDir(dir)
if err != nil {
is.log.Error().Err(err).Msg("failure walking storage root-dir")
return "", err
}
found := false
store := ""
err = filepath.Walk(dir, func(path string, info os.FileInfo, err error) error {
if err != nil {
return err
}
if !info.IsDir() {
return nil
}
rel, err := filepath.Rel(is.rootDir, path)
if err != nil {
return nil // nolint:nilerr // ignore paths not relative to root dir
}
ok, err := is.ValidateRepo(rel)
if !ok || err != nil {
return nil // nolint:nilerr // ignore invalid repos
}
if repo == "" && ok && err == nil {
store = rel
return io.EOF
}
if found {
store = rel
return io.EOF
}
if rel == repo {
found = true
}
return nil
})
return store, err
}
2021-09-30 16:27:13 +03:00
// GetImageTags returns a list of image tags available in the specified repository.
func (is *ImageStoreLocal) GetImageTags(repo string) ([]string, error) {
var lockLatency time.Time
2021-09-30 16:27:13 +03:00
dir := path.Join(is.rootDir, repo)
if !is.DirExists(dir) {
return nil, zerr.ErrRepoNotFound
2021-09-30 16:27:13 +03:00
}
is.RLock(&lockLatency)
defer is.RUnlock(&lockLatency)
2021-09-30 16:27:13 +03:00
buf, err := os.ReadFile(path.Join(dir, "index.json"))
2021-09-30 16:27:13 +03:00
if err != nil {
is.log.Error().Err(err).Str("dir", dir).Msg("failed to read index.json")
return nil, zerr.ErrRepoNotFound
2021-09-30 16:27:13 +03:00
}
var index ispec.Index
if err := json.Unmarshal(buf, &index); err != nil {
is.log.Error().Err(err).Str("dir", dir).Msg("invalid JSON")
return nil, zerr.ErrRepoNotFound
2021-09-30 16:27:13 +03:00
}
tags := make([]string, 0)
for _, manifest := range index.Manifests {
v, ok := manifest.Annotations[ispec.AnnotationRefName]
if ok {
tags = append(tags, v)
}
}
return tags, nil
}
// GetImageManifest returns the image manifest of an image in the specific repository.
func (is *ImageStoreLocal) GetImageManifest(repo, reference string) ([]byte, string, string, error) {
var lockLatency time.Time
2021-09-30 16:27:13 +03:00
dir := path.Join(is.rootDir, repo)
if !is.DirExists(dir) {
return nil, "", "", zerr.ErrRepoNotFound
2021-09-30 16:27:13 +03:00
}
is.RLock(&lockLatency)
defer is.RUnlock(&lockLatency)
2021-09-30 16:27:13 +03:00
buf, err := os.ReadFile(path.Join(dir, "index.json"))
2021-09-30 16:27:13 +03:00
if err != nil {
is.log.Error().Err(err).Str("dir", dir).Msg("failed to read index.json")
if os.IsNotExist(err) {
return nil, "", "", zerr.ErrRepoNotFound
2021-09-30 16:27:13 +03:00
}
return nil, "", "", err
}
var index ispec.Index
if err := json.Unmarshal(buf, &index); err != nil {
is.log.Error().Err(err).Str("dir", dir).Msg("invalid JSON")
2021-09-30 16:27:13 +03:00
return nil, "", "", err
}
found := false
var digest godigest.Digest
mediaType := ""
for _, manifest := range index.Manifests {
if reference == manifest.Digest.String() {
digest = manifest.Digest
mediaType = manifest.MediaType
2021-09-30 16:27:13 +03:00
found = true
break
}
v, ok := manifest.Annotations[ispec.AnnotationRefName]
2021-09-30 16:27:13 +03:00
if ok && v == reference {
digest = manifest.Digest
mediaType = manifest.MediaType
2021-09-30 16:27:13 +03:00
found = true
break
}
}
if !found {
return nil, "", "", zerr.ErrManifestNotFound
2021-09-30 16:27:13 +03:00
}
p := path.Join(dir, "blobs", digest.Algorithm().String(), digest.Encoded())
buf, err = os.ReadFile(p)
2021-09-30 16:27:13 +03:00
if err != nil {
is.log.Error().Err(err).Str("blob", p).Msg("failed to read manifest")
if os.IsNotExist(err) {
return nil, "", "", zerr.ErrManifestNotFound
2021-09-30 16:27:13 +03:00
}
return nil, "", "", err
}
var manifest ispec.Manifest
if err := json.Unmarshal(buf, &manifest); err != nil {
is.log.Error().Err(err).Str("dir", dir).Msg("invalid JSON")
2021-09-30 16:27:13 +03:00
return nil, "", "", err
}
monitoring.IncDownloadCounter(is.metrics, repo)
2021-09-30 16:27:13 +03:00
return buf, digest.String(), mediaType, nil
}
func (is *ImageStoreLocal) validateOCIManifest(repo, reference string, manifest *ispec.Manifest) (string, error) {
if manifest.SchemaVersion != SchemaVersion {
is.log.Error().Int("SchemaVersion", manifest.SchemaVersion).Msg("invalid manifest")
return "", zerr.ErrBadManifest
}
// validate image config
config := manifest.Config
if config.MediaType != ispec.MediaTypeImageConfig {
return "", zerr.ErrBadManifest
}
digest := config.Digest
blobPath := is.BlobPath(repo, digest)
if _, err := os.Stat(blobPath); err != nil {
is.log.Error().Err(err).Str("blobPath", blobPath).Msg("unable to find blob")
return digest.String(), zerr.ErrBlobNotFound
}
blobFile, err := os.Open(blobPath)
if err != nil {
is.log.Error().Err(err).Str("blobPath", blobPath).Msg("unable to find blob")
return digest.String(), zerr.ErrBlobNotFound
}
defer blobFile.Close()
dec := json.NewDecoder(blobFile)
var cspec ispec.Image
if err := dec.Decode(&cspec); err != nil {
return "", zerr.ErrBadManifest
}
// validate the layers
for _, l := range manifest.Layers {
digest = l.Digest
blobPath = is.BlobPath(repo, digest)
is.log.Info().Str("blobPath", blobPath).Str("reference", reference).Msg("manifest layers")
if _, err := os.Stat(blobPath); err != nil {
is.log.Error().Err(err).Str("blobPath", blobPath).Msg("unable to find blob")
return digest.String(), zerr.ErrBlobNotFound
}
}
return "", nil
}
/*
*
before an image index manifest is pushed to a repo, its constituent manifests
are pushed first, so when updating/removing this image index manifest, we also
need to determine if there are other image index manifests which refer to the
same constitutent manifests so that they can be garbage-collected correctly
pruneImageManifestsFromIndex is a helper routine to achieve this.
*/
func pruneImageManifestsFromIndex(dir string, digest godigest.Digest, // nolint: gocyclo
outIndex ispec.Index, otherImgIndexes []ispec.Descriptor, log zerolog.Logger,
) ([]ispec.Descriptor, error) {
indexPath := path.Join(dir, "blobs", digest.Algorithm().String(), digest.Encoded())
buf, err := os.ReadFile(indexPath)
if err != nil {
log.Error().Err(err).Str("dir", dir).Msg("failed to read index.json")
return nil, err
}
var imgIndex ispec.Index
if err := json.Unmarshal(buf, &imgIndex); err != nil {
log.Error().Err(err).Str("path", indexPath).Msg("invalid JSON")
return nil, err
}
inUse := map[string]uint{}
for _, manifest := range imgIndex.Manifests {
inUse[manifest.Digest.Encoded()]++
}
for _, otherIndex := range otherImgIndexes {
indexPath := path.Join(dir, "blobs", otherIndex.Digest.Algorithm().String(), otherIndex.Digest.Encoded())
buf, err := os.ReadFile(indexPath)
if err != nil {
log.Error().Err(err).Str("dir", dir).Msg("failed to read index.json")
return nil, err
}
var oindex ispec.Index
if err := json.Unmarshal(buf, &oindex); err != nil {
log.Error().Err(err).Str("path", indexPath).Msg("invalid JSON")
return nil, err
}
for _, omanifest := range oindex.Manifests {
_, ok := inUse[omanifest.Digest.Encoded()]
if ok {
inUse[omanifest.Digest.Encoded()]++
}
}
}
prunedManifests := []ispec.Descriptor{}
// for all manifests in the index, skip those that either have a tag or
// are used in other imgIndexes
for _, outManifest := range outIndex.Manifests {
if outManifest.MediaType != ispec.MediaTypeImageManifest {
prunedManifests = append(prunedManifests, outManifest)
continue
}
_, ok := outManifest.Annotations[ispec.AnnotationRefName]
if ok {
prunedManifests = append(prunedManifests, outManifest)
continue
}
count, ok := inUse[outManifest.Digest.Encoded()]
if !ok {
prunedManifests = append(prunedManifests, outManifest)
continue
}
if count != 1 {
// this manifest is in use in other image indexes
prunedManifests = append(prunedManifests, outManifest)
continue
}
}
return prunedManifests, nil
}
2021-09-30 16:27:13 +03:00
// PutImageManifest adds an image manifest to the repository.
func (is *ImageStoreLocal) PutImageManifest(repo, reference, mediaType string, // nolint: gocyclo
body []byte,
) (string, error) {
2021-09-30 16:27:13 +03:00
if err := is.InitRepo(repo); err != nil {
is.log.Debug().Err(err).Msg("init repo")
2021-09-30 16:27:13 +03:00
return "", err
}
// validate the manifest
if !IsSupportedMediaType(mediaType) {
2021-09-30 16:27:13 +03:00
is.log.Debug().Interface("actual", mediaType).
Msg("bad manifest media type")
return "", zerr.ErrBadManifest
2021-09-30 16:27:13 +03:00
}
if len(body) == 0 {
is.log.Debug().Int("len", len(body)).Msg("invalid body length")
return "", zerr.ErrBadManifest
2021-09-30 16:27:13 +03:00
}
dig, err := validateManifest(is, repo, reference, mediaType, body)
if err != nil {
return dig, err
2021-09-30 16:27:13 +03:00
}
mDigest := godigest.FromBytes(body)
refIsDigest := false
d, err := godigest.Parse(reference)
if err == nil {
if d.String() != mDigest.String() {
is.log.Error().Str("actual", mDigest.String()).Str("expected", d.String()).
Msg("manifest digest is not valid")
return "", zerr.ErrBadManifest
2021-09-30 16:27:13 +03:00
}
refIsDigest = true
}
var lockLatency time.Time
is.Lock(&lockLatency)
defer is.Unlock(&lockLatency)
2021-09-30 16:27:13 +03:00
dir := path.Join(is.rootDir, repo)
buf, err := os.ReadFile(path.Join(dir, "index.json"))
2021-09-30 16:27:13 +03:00
if err != nil {
is.log.Error().Err(err).Str("dir", dir).Msg("failed to read index.json")
2021-09-30 16:27:13 +03:00
return "", err
}
var index ispec.Index
if err := json.Unmarshal(buf, &index); err != nil {
is.log.Error().Err(err).Str("dir", dir).Msg("invalid JSON")
return "", zerr.ErrRepoBadVersion
2021-09-30 16:27:13 +03:00
}
updateIndex := true
// create a new descriptor
desc := ispec.Descriptor{
MediaType: mediaType, Size: int64(len(body)), Digest: mDigest,
}
2021-09-30 16:27:13 +03:00
if !refIsDigest {
desc.Annotations = map[string]string{ispec.AnnotationRefName: reference}
}
var oldDgst godigest.Digest
for midx, manifest := range index.Manifests {
if reference == manifest.Digest.String() {
2021-09-30 16:27:13 +03:00
// nothing changed, so don't update
desc = manifest
2021-09-30 16:27:13 +03:00
updateIndex = false
break
}
v, ok := manifest.Annotations[ispec.AnnotationRefName]
2021-09-30 16:27:13 +03:00
if ok && v == reference {
if manifest.Digest.String() == mDigest.String() {
2021-09-30 16:27:13 +03:00
// nothing changed, so don't update
desc = manifest
2021-09-30 16:27:13 +03:00
updateIndex = false
break
}
2021-09-30 16:27:13 +03:00
// manifest contents have changed for the same tag,
// so update index.json descriptor
is.log.Info().
Int64("old size", desc.Size).
Int64("new size", int64(len(body))).
Str("old digest", desc.Digest.String()).
Str("new digest", mDigest.String()).
Str("old mediaType", manifest.MediaType).
Str("new mediaType", mediaType).
2021-09-30 16:27:13 +03:00
Msg("updating existing tag with new manifest contents")
// changing media-type is disallowed!
if manifest.MediaType != mediaType {
err = zerr.ErrBadManifest
is.log.Error().Err(err).
Str("old mediaType", manifest.MediaType).
Str("new mediaType", mediaType).Msg("cannot change media-type")
return "", err
}
desc = manifest
oldDgst = manifest.Digest
2021-09-30 16:27:13 +03:00
desc.Size = int64(len(body))
desc.Digest = mDigest
index.Manifests = append(index.Manifests[:midx], index.Manifests[midx+1:]...)
2021-09-30 16:27:13 +03:00
break
}
}
if !updateIndex {
return desc.Digest.String(), nil
}
// write manifest to "blobs"
dir = path.Join(is.rootDir, repo, "blobs", mDigest.Algorithm().String())
_ = ensureDir(dir, is.log)
file := path.Join(dir, mDigest.Encoded())
// in case the linter will not pass, it will be garbage collected
if err := is.writeFile(file, body); err != nil {
2021-09-30 16:27:13 +03:00
is.log.Error().Err(err).Str("file", file).Msg("unable to write")
2021-09-30 16:27:13 +03:00
return "", err
}
/* additionally, unmarshal an image index and for all manifests in that
index, ensure that they do not have a name or they are not in other
manifest indexes else GC can never clean them */
if (mediaType == ispec.MediaTypeImageIndex) && (oldDgst != "") {
otherImgIndexes := []ispec.Descriptor{}
for _, manifest := range index.Manifests {
if manifest.MediaType == ispec.MediaTypeImageIndex {
otherImgIndexes = append(otherImgIndexes, manifest)
}
}
otherImgIndexes = append(otherImgIndexes, desc)
dir := path.Join(is.rootDir, repo)
prunedManifests, err := pruneImageManifestsFromIndex(dir, oldDgst, index, otherImgIndexes, is.log)
if err != nil {
return "", err
}
index.Manifests = prunedManifests
}
2021-09-30 16:27:13 +03:00
// now update "index.json"
index.Manifests = append(index.Manifests, desc)
dir = path.Join(is.rootDir, repo)
file = path.Join(dir, "index.json")
buf, err = json.Marshal(index)
if err := test.Error(err); err != nil {
2021-09-30 16:27:13 +03:00
is.log.Error().Err(err).Str("file", file).Msg("unable to marshal JSON")
2021-09-30 16:27:13 +03:00
return "", err
}
// apply linter only on images, not signatures
if is.linter != nil {
if mediaType == ispec.MediaTypeImageManifest &&
// check that image manifest is not cosign signature
!strings.HasPrefix(reference, "sha256-") &&
!strings.HasSuffix(reference, remote.SignatureTagSuffix) {
// lint new index with new manifest before writing to disk
is.Unlock(&lockLatency)
pass, err := is.linter.Lint(repo, mDigest, is)
is.Lock(&lockLatency)
if err != nil {
is.log.Error().Err(err).Msg("linter error")
return "", err
}
if !pass {
return "", zerr.ErrImageLintAnnotations
}
}
}
err = is.writeFile(file, buf)
if err := test.Error(err); err != nil {
2021-09-30 16:27:13 +03:00
is.log.Error().Err(err).Str("file", file).Msg("unable to write")
2021-09-30 16:27:13 +03:00
return "", err
}
if is.gc {
if err := is.garbageCollect(dir, repo); err != nil {
2021-09-30 16:27:13 +03:00
return "", err
}
}
monitoring.SetStorageUsage(is.metrics, is.rootDir, repo)
monitoring.IncUploadCounter(is.metrics, repo)
2021-09-30 16:27:13 +03:00
return desc.Digest.String(), nil
}
// DeleteImageManifest deletes the image manifest from the repository.
func (is *ImageStoreLocal) DeleteImageManifest(repo, reference string) error {
var lockLatency time.Time
2021-09-30 16:27:13 +03:00
dir := path.Join(is.rootDir, repo)
if !is.DirExists(dir) {
return zerr.ErrRepoNotFound
2021-09-30 16:27:13 +03:00
}
isTag := false
// as per spec "reference" can be a digest and a tag
dgst, err := godigest.Parse(reference)
2021-09-30 16:27:13 +03:00
if err != nil {
is.log.Debug().Str("invalid digest: ", reference).Msg("storage: assuming tag")
isTag = true
}
is.Lock(&lockLatency)
defer is.Unlock(&lockLatency)
2021-09-30 16:27:13 +03:00
buf, err := os.ReadFile(path.Join(dir, "index.json"))
2021-09-30 16:27:13 +03:00
if err != nil {
is.log.Error().Err(err).Str("dir", dir).Msg("failed to read index.json")
2021-09-30 16:27:13 +03:00
return err
}
var index ispec.Index
if err := json.Unmarshal(buf, &index); err != nil {
is.log.Error().Err(err).Str("dir", dir).Msg("invalid JSON")
2021-09-30 16:27:13 +03:00
return err
}
found := false
isImageIndex := false
var manifest ispec.Descriptor
2021-09-30 16:27:13 +03:00
// we are deleting, so keep only those manifests that don't match
outIndex := index
outIndex.Manifests = []ispec.Descriptor{}
otherImgIndexes := []ispec.Descriptor{}
for _, manifest = range index.Manifests {
2021-09-30 16:27:13 +03:00
if isTag {
tag, ok := manifest.Annotations[ispec.AnnotationRefName]
2021-09-30 16:27:13 +03:00
if ok && tag == reference {
is.log.Debug().Str("deleting tag", tag).Msg("")
dgst = manifest.Digest
2021-09-30 16:27:13 +03:00
found = true
if manifest.MediaType == ispec.MediaTypeImageIndex {
isImageIndex = true
}
2021-09-30 16:27:13 +03:00
continue
}
} else if reference == manifest.Digest.String() {
2021-09-30 16:27:13 +03:00
is.log.Debug().Str("deleting reference", reference).Msg("")
found = true
if manifest.MediaType == ispec.MediaTypeImageIndex {
isImageIndex = true
}
2021-09-30 16:27:13 +03:00
continue
}
outIndex.Manifests = append(outIndex.Manifests, manifest)
if manifest.MediaType == ispec.MediaTypeImageIndex {
otherImgIndexes = append(otherImgIndexes, manifest)
}
2021-09-30 16:27:13 +03:00
}
if !found {
return zerr.ErrManifestNotFound
2021-09-30 16:27:13 +03:00
}
/* additionally, unmarshal an image index and for all manifests in that
index, ensure that they do not have a name or they are not in other
manifest indexes else GC can never clean them */
if isImageIndex {
prunedManifests, err := pruneImageManifestsFromIndex(dir, dgst, outIndex, otherImgIndexes, is.log)
if err != nil {
return err
}
outIndex.Manifests = prunedManifests
}
2021-09-30 16:27:13 +03:00
// now update "index.json"
dir = path.Join(is.rootDir, repo)
file := path.Join(dir, "index.json")
buf, err = json.Marshal(outIndex)
if err != nil {
return err
}
if err := is.writeFile(file, buf); err != nil {
2021-09-30 16:27:13 +03:00
return err
}
if is.gc {
if err := is.garbageCollect(dir, repo); err != nil {
2021-09-30 16:27:13 +03:00
return err
}
}
// Delete blob only when blob digest not present in manifest entry.
// e.g. 1.0.1 & 1.0.2 have same blob digest so if we delete 1.0.1, blob should not be removed.
toDelete := true
for _, manifest = range outIndex.Manifests {
if dgst.String() == manifest.Digest.String() {
2021-09-30 16:27:13 +03:00
toDelete = false
2021-09-30 16:27:13 +03:00
break
}
}
if toDelete {
p := path.Join(dir, "blobs", dgst.Algorithm().String(), dgst.Encoded())
2021-09-30 16:27:13 +03:00
_ = os.Remove(p)
}
monitoring.SetStorageUsage(is.metrics, is.rootDir, repo)
2021-09-30 16:27:13 +03:00
return nil
}
// BlobUploadPath returns the upload path for a blob in this store.
func (is *ImageStoreLocal) BlobUploadPath(repo, uuid string) string {
2021-09-30 16:27:13 +03:00
dir := path.Join(is.rootDir, repo)
blobUploadPath := path.Join(dir, BlobUploadDir, uuid)
return blobUploadPath
}
// NewBlobUpload returns the unique ID for an upload in progress.
func (is *ImageStoreLocal) NewBlobUpload(repo string) (string, error) {
2021-09-30 16:27:13 +03:00
if err := is.InitRepo(repo); err != nil {
is.log.Error().Err(err).Msg("error initializing repo")
return "", err
}
uuid, err := guuid.NewV4()
if err != nil {
return "", err
}
uid := uuid.String()
2021-09-30 16:27:13 +03:00
blobUploadPath := is.BlobUploadPath(repo, uid)
2021-09-30 16:27:13 +03:00
file, err := os.OpenFile(blobUploadPath, os.O_WRONLY|os.O_TRUNC|os.O_CREATE, DefaultFilePerms)
2021-09-30 16:27:13 +03:00
if err != nil {
return "", zerr.ErrRepoNotFound
2021-09-30 16:27:13 +03:00
}
2021-09-30 16:27:13 +03:00
defer file.Close()
return uid, nil
2021-09-30 16:27:13 +03:00
}
// GetBlobUpload returns the current size of a blob upload.
func (is *ImageStoreLocal) GetBlobUpload(repo, uuid string) (int64, error) {
2021-09-30 16:27:13 +03:00
blobUploadPath := is.BlobUploadPath(repo, uuid)
if !utf8.ValidString(blobUploadPath) {
is.log.Error().Msg("input is not valid UTF-8")
return -1, zerr.ErrInvalidRepositoryName
}
binfo, err := os.Stat(blobUploadPath)
2021-09-30 16:27:13 +03:00
if err != nil {
if os.IsNotExist(err) {
return -1, zerr.ErrUploadNotFound
2021-09-30 16:27:13 +03:00
}
return -1, err
}
return binfo.Size(), nil
2021-09-30 16:27:13 +03:00
}
// PutBlobChunkStreamed appends another chunk of data to the specified blob. It returns
// the number of actual bytes to the blob.
func (is *ImageStoreLocal) PutBlobChunkStreamed(repo, uuid string, body io.Reader) (int64, error) {
2021-09-30 16:27:13 +03:00
if err := is.InitRepo(repo); err != nil {
return -1, err
}
blobUploadPath := is.BlobUploadPath(repo, uuid)
_, err := os.Stat(blobUploadPath)
if err != nil {
return -1, zerr.ErrUploadNotFound
2021-09-30 16:27:13 +03:00
}
file, err := os.OpenFile(blobUploadPath, os.O_WRONLY|os.O_CREATE, DefaultFilePerms)
2021-09-30 16:27:13 +03:00
if err != nil {
is.log.Error().Err(err).Msg("failed to open file")
return -1, err
2021-09-30 16:27:13 +03:00
}
defer func() {
if is.commit {
_ = file.Sync()
}
_ = file.Close()
}()
2021-09-30 16:27:13 +03:00
if _, err := file.Seek(0, io.SeekEnd); err != nil {
is.log.Error().Err(err).Msg("failed to seek file")
return -1, err
2021-09-30 16:27:13 +03:00
}
n, err := io.Copy(file, body)
return n, err
}
// PutBlobChunk writes another chunk of data to the specified blob. It returns
// the number of actual bytes to the blob.
func (is *ImageStoreLocal) PutBlobChunk(repo, uuid string, from, to int64,
body io.Reader,
) (int64, error) {
2021-09-30 16:27:13 +03:00
if err := is.InitRepo(repo); err != nil {
return -1, err
}
blobUploadPath := is.BlobUploadPath(repo, uuid)
binfo, err := os.Stat(blobUploadPath)
2021-09-30 16:27:13 +03:00
if err != nil {
return -1, zerr.ErrUploadNotFound
2021-09-30 16:27:13 +03:00
}
if from != binfo.Size() {
is.log.Error().Int64("expected", from).Int64("actual", binfo.Size()).
2021-09-30 16:27:13 +03:00
Msg("invalid range start for blob upload")
return -1, zerr.ErrBadUploadRange
2021-09-30 16:27:13 +03:00
}
file, err := os.OpenFile(blobUploadPath, os.O_WRONLY|os.O_CREATE, DefaultFilePerms)
2021-09-30 16:27:13 +03:00
if err != nil {
is.log.Error().Err(err).Msg("failed to open file")
return -1, err
2021-09-30 16:27:13 +03:00
}
defer func() {
if is.commit {
_ = file.Sync()
}
_ = file.Close()
}()
2021-09-30 16:27:13 +03:00
if _, err := file.Seek(from, io.SeekStart); err != nil {
is.log.Error().Err(err).Msg("failed to seek file")
return -1, err
2021-09-30 16:27:13 +03:00
}
n, err := io.Copy(file, body)
return n, err
}
// BlobUploadInfo returns the current blob size in bytes.
func (is *ImageStoreLocal) BlobUploadInfo(repo, uuid string) (int64, error) {
2021-09-30 16:27:13 +03:00
blobUploadPath := is.BlobUploadPath(repo, uuid)
binfo, err := os.Stat(blobUploadPath)
2021-09-30 16:27:13 +03:00
if err != nil {
is.log.Error().Err(err).Str("blob", blobUploadPath).Msg("failed to stat blob")
2021-09-30 16:27:13 +03:00
return -1, err
}
size := binfo.Size()
2021-09-30 16:27:13 +03:00
return size, nil
}
// FinishBlobUpload finalizes the blob upload and moves blob the repository.
func (is *ImageStoreLocal) FinishBlobUpload(repo, uuid string, body io.Reader, digest string) error {
2021-09-30 16:27:13 +03:00
dstDigest, err := godigest.Parse(digest)
if err != nil {
is.log.Error().Err(err).Str("digest", digest).Msg("failed to parse digest")
return zerr.ErrBadBlobDigest
2021-09-30 16:27:13 +03:00
}
src := is.BlobUploadPath(repo, uuid)
_, err = os.Stat(src)
if err != nil {
is.log.Error().Err(err).Str("blob", src).Msg("failed to stat blob")
return zerr.ErrUploadNotFound
2021-09-30 16:27:13 +03:00
}
blobFile, err := os.Open(src)
2021-09-30 16:27:13 +03:00
if err != nil {
is.log.Error().Err(err).Str("blob", src).Msg("failed to open blob")
return zerr.ErrUploadNotFound
2021-09-30 16:27:13 +03:00
}
defer blobFile.Close()
2021-09-30 16:27:13 +03:00
digester := sha256.New()
_, err = io.Copy(digester, blobFile)
2021-09-30 16:27:13 +03:00
if err != nil {
is.log.Error().Err(err).Str("repo", repo).Str("blob", src).Str("digest", digest).Msg("unable to compute hash")
return err
2021-09-30 16:27:13 +03:00
}
srcDigest := godigest.NewDigestFromEncoded(godigest.SHA256, fmt.Sprintf("%x", digester.Sum(nil)))
2021-09-30 16:27:13 +03:00
if srcDigest != dstDigest {
is.log.Error().Str("srcDigest", srcDigest.String()).
Str("dstDigest", dstDigest.String()).Msg("actual digest not equal to expected digest")
return zerr.ErrBadBlobDigest
2021-09-30 16:27:13 +03:00
}
dir := path.Join(is.rootDir, repo, "blobs", dstDigest.Algorithm().String())
var lockLatency time.Time
is.Lock(&lockLatency)
defer is.Unlock(&lockLatency)
2021-09-30 16:27:13 +03:00
err = ensureDir(dir, is.log)
if err != nil {
is.log.Error().Err(err).Msg("error creating blobs/sha256 dir")
return err
}
dst := is.BlobPath(repo, dstDigest)
if is.dedupe && is.cache != nil {
err = is.DedupeBlob(src, dstDigest, dst)
if err := test.Error(err); err != nil {
2021-09-30 16:27:13 +03:00
is.log.Error().Err(err).Str("src", src).Str("dstDigest", dstDigest.String()).
Str("dst", dst).Msg("unable to dedupe blob")
2021-09-30 16:27:13 +03:00
return err
}
} else {
if err := os.Rename(src, dst); err != nil {
is.log.Error().Err(err).Str("src", src).Str("dstDigest", dstDigest.String()).
Str("dst", dst).Msg("unable to finish blob")
2021-09-30 16:27:13 +03:00
return err
}
}
return nil
}
// FullBlobUpload handles a full blob upload, and no partial session is created.
func (is *ImageStoreLocal) FullBlobUpload(repo string, body io.Reader, digest string) (string, int64, error) {
2021-09-30 16:27:13 +03:00
if err := is.InitRepo(repo); err != nil {
return "", -1, err
}
dstDigest, err := godigest.Parse(digest)
if err != nil {
is.log.Error().Err(err).Str("digest", digest).Msg("failed to parse digest")
return "", -1, zerr.ErrBadBlobDigest
2021-09-30 16:27:13 +03:00
}
u, err := guuid.NewV4()
if err != nil {
return "", -1, err
}
uuid := u.String()
src := is.BlobUploadPath(repo, uuid)
blobFile, err := os.Create(src)
2021-09-30 16:27:13 +03:00
if err != nil {
is.log.Error().Err(err).Str("blob", src).Msg("failed to open blob")
return "", -1, zerr.ErrUploadNotFound
2021-09-30 16:27:13 +03:00
}
defer func() {
if is.commit {
_ = blobFile.Sync()
}
_ = blobFile.Close()
}()
2021-09-30 16:27:13 +03:00
digester := sha256.New()
mw := io.MultiWriter(blobFile, digester)
2021-09-30 16:27:13 +03:00
nbytes, err := io.Copy(mw, body)
2021-09-30 16:27:13 +03:00
if err != nil {
return "", -1, err
}
srcDigest := godigest.NewDigestFromEncoded(godigest.SHA256, fmt.Sprintf("%x", digester.Sum(nil)))
if srcDigest != dstDigest {
is.log.Error().Str("srcDigest", srcDigest.String()).
Str("dstDigest", dstDigest.String()).Msg("actual digest not equal to expected digest")
return "", -1, zerr.ErrBadBlobDigest
2021-09-30 16:27:13 +03:00
}
dir := path.Join(is.rootDir, repo, "blobs", dstDigest.Algorithm().String())
var lockLatency time.Time
is.Lock(&lockLatency)
defer is.Unlock(&lockLatency)
2021-09-30 16:27:13 +03:00
_ = ensureDir(dir, is.log)
dst := is.BlobPath(repo, dstDigest)
if is.dedupe && is.cache != nil {
if err := is.DedupeBlob(src, dstDigest, dst); err != nil {
is.log.Error().Err(err).Str("src", src).Str("dstDigest", dstDigest.String()).
Str("dst", dst).Msg("unable to dedupe blob")
2021-09-30 16:27:13 +03:00
return "", -1, err
}
} else {
if err := os.Rename(src, dst); err != nil {
is.log.Error().Err(err).Str("src", src).Str("dstDigest", dstDigest.String()).
Str("dst", dst).Msg("unable to finish blob")
2021-09-30 16:27:13 +03:00
return "", -1, err
}
}
return uuid, nbytes, nil
2021-09-30 16:27:13 +03:00
}
func (is *ImageStoreLocal) DedupeBlob(src string, dstDigest godigest.Digest, dst string) error {
2021-09-30 16:27:13 +03:00
retry:
is.log.Debug().Str("src", src).Str("dstDigest", dstDigest.String()).Str("dst", dst).Msg("dedupe: enter")
2021-09-30 16:27:13 +03:00
dstRecord, err := is.cache.GetBlob(dstDigest.String())
if err != nil && !errors.Is(err, zerr.ErrCacheMiss) {
2021-09-30 16:27:13 +03:00
is.log.Error().Err(err).Str("blobPath", dst).Msg("dedupe: unable to lookup blob record")
2021-09-30 16:27:13 +03:00
return err
}
if dstRecord == "" {
// cache record doesn't exist, so first disk and cache entry for this diges
if err := is.cache.PutBlob(dstDigest.String(), dst); err != nil {
is.log.Error().Err(err).Str("blobPath", dst).Msg("dedupe: unable to insert blob record")
return err
}
// move the blob from uploads to final dest
if err := os.Rename(src, dst); err != nil {
is.log.Error().Err(err).Str("src", src).Str("dst", dst).Msg("dedupe: unable to rename blob")
return err
}
is.log.Debug().Str("src", src).Str("dst", dst).Msg("dedupe: rename")
} else {
// cache record exists, but due to GC and upgrades from older versions,
// disk content and cache records may go out of sync
dstRecord = path.Join(is.rootDir, dstRecord)
dstRecordFi, err := os.Stat(dstRecord)
if err != nil {
is.log.Error().Err(err).Str("blobPath", dstRecord).Msg("dedupe: unable to stat")
// the actual blob on disk may have been removed by GC, so sync the cache
if err := is.cache.DeleteBlob(dstDigest.String(), dstRecord); err != nil {
//nolint:lll // gofumpt conflicts with lll
2021-09-30 16:27:13 +03:00
is.log.Error().Err(err).Str("dstDigest", dstDigest.String()).Str("dst", dst).Msg("dedupe: unable to delete blob record")
return err
}
2021-09-30 16:27:13 +03:00
goto retry
}
dstFi, err := os.Stat(dst)
if err != nil && !os.IsNotExist(err) {
is.log.Error().Err(err).Str("blobPath", dstRecord).Msg("dedupe: unable to stat")
return err
}
if !os.SameFile(dstFi, dstRecordFi) {
// blob lookup cache out of sync with actual disk contents
if err := os.Remove(dst); err != nil && !os.IsNotExist(err) {
is.log.Error().Err(err).Str("dst", dst).Msg("dedupe: unable to remove blob")
2021-09-30 16:27:13 +03:00
return err
}
is.log.Debug().Str("blobPath", dst).Str("dstRecord", dstRecord).Msg("dedupe: creating hard link")
2021-09-30 16:27:13 +03:00
if err := os.Link(dstRecord, dst); err != nil {
is.log.Error().Err(err).Str("blobPath", dst).Str("link", dstRecord).Msg("dedupe: unable to hard link")
return err
}
}
if err := os.Remove(src); err != nil {
is.log.Error().Err(err).Str("src", src).Msg("dedupe: uname to remove blob")
2021-09-30 16:27:13 +03:00
return err
}
2021-09-30 16:27:13 +03:00
is.log.Debug().Str("src", src).Msg("dedupe: remove")
}
return nil
}
// DeleteBlobUpload deletes an existing blob upload that is currently in progress.
func (is *ImageStoreLocal) DeleteBlobUpload(repo, uuid string) error {
2021-09-30 16:27:13 +03:00
blobUploadPath := is.BlobUploadPath(repo, uuid)
if err := os.Remove(blobUploadPath); err != nil {
is.log.Error().Err(err).Str("blobUploadPath", blobUploadPath).Msg("error deleting blob upload")
2021-09-30 16:27:13 +03:00
return err
}
return nil
}
// BlobPath returns the repository path of a blob.
func (is *ImageStoreLocal) BlobPath(repo string, digest godigest.Digest) string {
2021-09-30 16:27:13 +03:00
return path.Join(is.rootDir, repo, "blobs", digest.Algorithm().String(), digest.Encoded())
}
// CheckBlob verifies a blob and returns true if the blob is correct.
func (is *ImageStoreLocal) CheckBlob(repo, digest string) (bool, int64, error) {
var lockLatency time.Time
parsedDigest, err := godigest.Parse(digest)
2021-09-30 16:27:13 +03:00
if err != nil {
is.log.Error().Err(err).Str("digest", digest).Msg("failed to parse digest")
return false, -1, zerr.ErrBadBlobDigest
2021-09-30 16:27:13 +03:00
}
blobPath := is.BlobPath(repo, parsedDigest)
2021-09-30 16:27:13 +03:00
if is.dedupe && is.cache != nil {
is.Lock(&lockLatency)
defer is.Unlock(&lockLatency)
2021-09-30 16:27:13 +03:00
} else {
is.RLock(&lockLatency)
defer is.RUnlock(&lockLatency)
2021-09-30 16:27:13 +03:00
}
binfo, err := os.Stat(blobPath)
2021-09-30 16:27:13 +03:00
if err == nil {
is.log.Debug().Str("blob path", blobPath).Msg("blob path found")
return true, binfo.Size(), nil
2021-09-30 16:27:13 +03:00
}
is.log.Error().Err(err).Str("blob", blobPath).Msg("failed to stat blob")
// Check blobs in cache
dstRecord, err := is.checkCacheBlob(digest)
if err != nil {
is.log.Error().Err(err).Str("digest", digest).Msg("cache: not found")
return false, -1, zerr.ErrBlobNotFound
2021-09-30 16:27:13 +03:00
}
// If found copy to location
blobSize, err := is.copyBlob(repo, blobPath, dstRecord)
if err != nil {
return false, -1, zerr.ErrBlobNotFound
2021-09-30 16:27:13 +03:00
}
if err := is.cache.PutBlob(digest, blobPath); err != nil {
is.log.Error().Err(err).Str("blobPath", blobPath).Msg("dedupe: unable to insert blob record")
return false, -1, err
}
return true, blobSize, nil
}
func (is *ImageStoreLocal) checkCacheBlob(digest string) (string, error) {
2021-09-30 16:27:13 +03:00
if !is.dedupe || is.cache == nil {
return "", zerr.ErrBlobNotFound
2021-09-30 16:27:13 +03:00
}
dstRecord, err := is.cache.GetBlob(digest)
if err != nil {
return "", err
}
dstRecord = path.Join(is.rootDir, dstRecord)
is.log.Debug().Str("digest", digest).Str("dstRecord", dstRecord).Msg("cache: found dedupe record")
return dstRecord, nil
}
func (is *ImageStoreLocal) copyBlob(repo, blobPath, dstRecord string) (int64, error) {
2021-09-30 16:27:13 +03:00
if err := is.initRepo(repo); err != nil {
is.log.Error().Err(err).Str("repo", repo).Msg("unable to initialize an empty repo")
2021-09-30 16:27:13 +03:00
return -1, err
}
_ = ensureDir(filepath.Dir(blobPath), is.log)
if err := os.Link(dstRecord, blobPath); err != nil {
is.log.Error().Err(err).Str("blobPath", blobPath).Str("link", dstRecord).Msg("dedupe: unable to hard link")
return -1, zerr.ErrBlobNotFound
2021-09-30 16:27:13 +03:00
}
binfo, err := os.Stat(blobPath)
2021-09-30 16:27:13 +03:00
if err == nil {
return binfo.Size(), nil
2021-09-30 16:27:13 +03:00
}
return -1, zerr.ErrBlobNotFound
2021-09-30 16:27:13 +03:00
}
// blobStream is using to serve blob range requests.
type blobStream struct {
reader io.Reader
closer io.Closer
}
func newBlobStream(blobPath string, from, to int64) (io.ReadCloser, error) {
blobFile, err := os.Open(blobPath)
if err != nil {
return nil, err
}
if from > 0 {
_, err = blobFile.Seek(from, io.SeekStart)
if err != nil {
return nil, err
}
}
if from < 0 || to < from {
return nil, zerr.ErrBadRange
}
blobstrm := blobStream{reader: blobFile, closer: blobFile}
blobstrm.reader = io.LimitReader(blobFile, to-from+1)
return &blobstrm, nil
}
func (bs *blobStream) Read(buf []byte) (int, error) {
return bs.reader.Read(buf)
}
func (bs *blobStream) Close() error {
return bs.closer.Close()
}
// GetBlobPartial returns a partial stream to read the blob.
// blob selector instead of directly downloading the blob.
func (is *ImageStoreLocal) GetBlobPartial(repo, digest, mediaType string, from, to int64,
) (io.ReadCloser, int64, int64, error) {
var lockLatency time.Time
parsedDigest, err := godigest.Parse(digest)
if err != nil {
is.log.Error().Err(err).Str("digest", digest).Msg("failed to parse digest")
return nil, -1, -1, zerr.ErrBadBlobDigest
}
blobPath := is.BlobPath(repo, parsedDigest)
is.RLock(&lockLatency)
defer is.RUnlock(&lockLatency)
binfo, err := os.Stat(blobPath)
if err != nil {
is.log.Error().Err(err).Str("blob", blobPath).Msg("failed to stat blob")
return nil, -1, -1, zerr.ErrBlobNotFound
}
if to < 0 || to >= binfo.Size() {
to = binfo.Size() - 1
}
blobReadCloser, err := newBlobStream(blobPath, from, to)
if err != nil {
is.log.Error().Err(err).Str("blob", blobPath).Msg("failed to open blob")
return nil, -1, -1, err
}
// The caller function is responsible for calling Close()
return blobReadCloser, to - from + 1, binfo.Size(), nil
}
2021-09-30 16:27:13 +03:00
// GetBlob returns a stream to read the blob.
// blob selector instead of directly downloading the blob.
func (is *ImageStoreLocal) GetBlob(repo, digest, mediaType string) (io.ReadCloser, int64, error) {
var lockLatency time.Time
parsedDigest, err := godigest.Parse(digest)
2021-09-30 16:27:13 +03:00
if err != nil {
is.log.Error().Err(err).Str("digest", digest).Msg("failed to parse digest")
return nil, -1, zerr.ErrBadBlobDigest
2021-09-30 16:27:13 +03:00
}
blobPath := is.BlobPath(repo, parsedDigest)
2021-09-30 16:27:13 +03:00
is.RLock(&lockLatency)
defer is.RUnlock(&lockLatency)
2021-09-30 16:27:13 +03:00
binfo, err := os.Stat(blobPath)
2021-09-30 16:27:13 +03:00
if err != nil {
is.log.Error().Err(err).Str("blob", blobPath).Msg("failed to stat blob")
return nil, -1, zerr.ErrBlobNotFound
2021-09-30 16:27:13 +03:00
}
blobReadCloser, err := os.Open(blobPath)
2021-09-30 16:27:13 +03:00
if err != nil {
is.log.Error().Err(err).Str("blob", blobPath).Msg("failed to open blob")
2021-09-30 16:27:13 +03:00
return nil, -1, err
}
// The caller function is responsible for calling Close()
return blobReadCloser, binfo.Size(), nil
2021-09-30 16:27:13 +03:00
}
func (is *ImageStoreLocal) GetBlobContent(repo, digest string) ([]byte, error) {
2021-09-30 16:27:13 +03:00
blob, _, err := is.GetBlob(repo, digest, ispec.MediaTypeImageManifest)
if err != nil {
return []byte{}, err
}
defer blob.Close()
2021-09-30 16:27:13 +03:00
buf := new(bytes.Buffer)
_, err = buf.ReadFrom(blob)
if err != nil {
is.log.Error().Err(err).Str("digest", digest).Msg("failed to read blob")
2021-09-30 16:27:13 +03:00
return []byte{}, err
}
return buf.Bytes(), nil
}
func (is *ImageStoreLocal) GetIndexContent(repo string) ([]byte, error) {
var lockLatency time.Time
2021-09-30 16:27:13 +03:00
dir := path.Join(is.rootDir, repo)
is.RLock(&lockLatency)
defer is.RUnlock(&lockLatency)
buf, err := os.ReadFile(path.Join(dir, "index.json"))
2021-09-30 16:27:13 +03:00
if err != nil {
if os.IsNotExist(err) {
is.log.Error().Err(err).Str("dir", dir).Msg("index.json doesn't exist")
return []byte{}, zerr.ErrRepoNotFound
2021-09-30 16:27:13 +03:00
}
is.log.Error().Err(err).Str("dir", dir).Msg("failed to read index.json")
return []byte{}, err
}
return buf, nil
}
// DeleteBlob removes the blob from the repository.
func (is *ImageStoreLocal) DeleteBlob(repo, digest string) error {
var lockLatency time.Time
dgst, err := godigest.Parse(digest)
2021-09-30 16:27:13 +03:00
if err != nil {
is.log.Error().Err(err).Str("digest", digest).Msg("failed to parse digest")
return zerr.ErrBlobNotFound
2021-09-30 16:27:13 +03:00
}
blobPath := is.BlobPath(repo, dgst)
2021-09-30 16:27:13 +03:00
is.Lock(&lockLatency)
defer is.Unlock(&lockLatency)
2021-09-30 16:27:13 +03:00
_, err = os.Stat(blobPath)
if err != nil {
is.log.Error().Err(err).Str("blob", blobPath).Msg("failed to stat blob")
return zerr.ErrBlobNotFound
2021-09-30 16:27:13 +03:00
}
if is.cache != nil {
if err := is.cache.DeleteBlob(digest, blobPath); err != nil {
is.log.Error().Err(err).Str("digest", digest).Str("blobPath", blobPath).Msg("unable to remove blob path from cache")
2021-09-30 16:27:13 +03:00
return err
}
}
if err := os.Remove(blobPath); err != nil {
is.log.Error().Err(err).Str("blobPath", blobPath).Msg("unable to remove blob path")
2021-09-30 16:27:13 +03:00
return err
}
return nil
}
func (is *ImageStoreLocal) GetReferrers(repo, digest, artifactType string) ([]artifactspec.Descriptor, error) {
var lockLatency time.Time
dir := path.Join(is.rootDir, repo)
if !is.DirExists(dir) {
return nil, zerr.ErrRepoNotFound
}
gdigest, err := godigest.Parse(digest)
if err != nil {
is.log.Error().Err(err).Str("digest", digest).Msg("failed to parse digest")
return nil, zerr.ErrBadBlobDigest
}
is.RLock(&lockLatency)
defer is.RUnlock(&lockLatency)
buf, err := os.ReadFile(path.Join(dir, "index.json"))
if err != nil {
is.log.Error().Err(err).Str("dir", dir).Msg("failed to read index.json")
if os.IsNotExist(err) {
return nil, zerr.ErrRepoNotFound
}
return nil, err
}
var index ispec.Index
if err := json.Unmarshal(buf, &index); err != nil {
is.log.Error().Err(err).Str("dir", dir).Msg("invalid JSON")
return nil, err
}
found := false
result := []artifactspec.Descriptor{}
for _, manifest := range index.Manifests {
if manifest.MediaType != artifactspec.MediaTypeArtifactManifest {
continue
}
p := path.Join(dir, "blobs", manifest.Digest.Algorithm().String(), manifest.Digest.Encoded())
buf, err = os.ReadFile(p)
if err != nil {
is.log.Error().Err(err).Str("blob", p).Msg("failed to read manifest")
if os.IsNotExist(err) {
return nil, zerr.ErrManifestNotFound
}
return nil, err
}
var artManifest artifactspec.Manifest
if err := json.Unmarshal(buf, &artManifest); err != nil {
is.log.Error().Err(err).Str("dir", dir).Msg("invalid JSON")
return nil, err
}
if artifactType != artManifest.ArtifactType || gdigest != artManifest.Subject.Digest {
continue
}
result = append(result, artifactspec.Descriptor{
MediaType: manifest.MediaType,
ArtifactType: artManifest.ArtifactType,
Digest: manifest.Digest,
Size: manifest.Size,
Annotations: manifest.Annotations,
})
found = true
}
if !found {
return nil, zerr.ErrManifestNotFound
}
return result, nil
}
func (is *ImageStoreLocal) writeFile(filename string, data []byte) error {
if !is.commit {
return os.WriteFile(filename, data, DefaultFilePerms)
}
fhandle, err := os.OpenFile(filename, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, DefaultFilePerms)
if err != nil {
return err
}
_, err = fhandle.Write(data)
if err1 := test.Error(fhandle.Sync()); err1 != nil && err == nil {
err = err1
is.log.Error().Err(err).Str("filename", filename).Msg("unable to sync file")
}
if err1 := test.Error(fhandle.Close()); err1 != nil && err == nil {
err = err1
}
return err
}
func IsSupportedMediaType(mediaType string) bool {
return mediaType == ispec.MediaTypeImageIndex ||
mediaType == ispec.MediaTypeImageManifest ||
mediaType == artifactspec.MediaTypeArtifactManifest
}
2021-09-30 16:27:13 +03:00
// utility routines
func ValidateHardLink(rootDir string) error {
if err := os.MkdirAll(rootDir, DefaultDirPerms); err != nil {
return err
}
err := os.WriteFile(path.Join(rootDir, "hardlinkcheck.txt"),
[]byte("check whether hardlinks work on filesystem"), DefaultFilePerms)
2021-09-30 16:27:13 +03:00
if err != nil {
return err
}
err = os.Link(path.Join(rootDir, "hardlinkcheck.txt"), path.Join(rootDir, "duphardlinkcheck.txt"))
2021-09-30 16:27:13 +03:00
if err != nil {
// Remove hardlinkcheck.txt if hardlink fails
zerr := os.RemoveAll(path.Join(rootDir, "hardlinkcheck.txt"))
if zerr != nil {
return zerr
}
return err
}
err = os.RemoveAll(path.Join(rootDir, "hardlinkcheck.txt"))
if err != nil {
return err
}
return os.RemoveAll(path.Join(rootDir, "duphardlinkcheck.txt"))
}
func ensureDir(dir string, log zerolog.Logger) error {
if err := os.MkdirAll(dir, DefaultDirPerms); err != nil {
2021-09-30 16:27:13 +03:00
log.Error().Err(err).Str("dir", dir).Msg("unable to create dir")
return err
}
return nil
}
func (is *ImageStoreLocal) garbageCollect(dir string, repo string) error {
oci, err := umoci.OpenLayout(dir)
if err := test.Error(err); err != nil {
return err
}
defer oci.Close()
err = oci.GC(context.Background(), ifOlderThan(is, repo, is.gcDelay))
if err := test.Error(err); err != nil {
return err
}
return nil
}
func validateManifest(imgStore *ImageStoreLocal, repo, reference,
mediaType string, body []byte,
) (string, error) {
if mediaType == ispec.MediaTypeImageManifest {
var manifest ispec.Manifest
if err := json.Unmarshal(body, &manifest); err != nil {
imgStore.log.Error().Err(err).Msg("unable to unmarshal JSON")
return "", zerr.ErrBadManifest
}
if manifest.Config.MediaType == ispec.MediaTypeImageConfig {
digest, err := imgStore.validateOCIManifest(repo, reference, &manifest)
if err != nil {
imgStore.log.Error().Err(err).Msg("invalid oci image manifest")
return digest, err
}
}
} else if mediaType == artifactspec.MediaTypeArtifactManifest {
var m notation.Descriptor
if err := json.Unmarshal(body, &m); err != nil {
imgStore.log.Error().Err(err).Msg("unable to unmarshal JSON")
return "", zerr.ErrBadManifest
}
}
return "", nil
}
func ifOlderThan(imgStore *ImageStoreLocal, repo string, delay time.Duration) casext.GCPolicy {
2021-09-30 16:27:13 +03:00
return func(ctx context.Context, digest godigest.Digest) (bool, error) {
blobPath := imgStore.BlobPath(repo, digest)
2021-09-30 16:27:13 +03:00
fi, err := os.Stat(blobPath)
2021-09-30 16:27:13 +03:00
if err != nil {
return false, err
}
if fi.ModTime().Add(delay).After(time.Now()) {
return false, nil
}
imgStore.log.Info().Str("digest", digest.String()).Str("blobPath", blobPath).Msg("perform GC on blob")
2021-09-30 16:27:13 +03:00
return true, nil
}
}
func DirExists(d string) bool {
if !utf8.ValidString(d) {
return false
}
fileInfo, err := os.Stat(d)
if err != nil {
if e, ok := err.(*fs.PathError); ok && errors.Is(e.Err, syscall.ENAMETOOLONG) || //nolint: errorlint
errors.Is(e.Err, syscall.EINVAL) {
return false
}
}
if err != nil && os.IsNotExist(err) {
return false
}
if !fileInfo.IsDir() {
return false
}
return true
}
func (is *ImageStoreLocal) gcRepo(repo string) error {
dir := path.Join(is.RootDir(), repo)
var lockLatency time.Time
is.Lock(&lockLatency)
err := is.garbageCollect(dir, repo)
is.Unlock(&lockLatency)
if err != nil {
return err
}
return nil
}
func (is *ImageStoreLocal) RunGCRepo(repo string) error {
is.log.Info().Msg(fmt.Sprintf("executing GC of orphaned blobs for %s", path.Join(is.RootDir(), repo)))
if err := is.gcRepo(repo); err != nil {
errMessage := fmt.Sprintf("error while running GC for %s", path.Join(is.RootDir(), repo))
is.log.Error().Err(err).Msg(errMessage)
is.log.Info().Msg(fmt.Sprintf("GC unsuccessfully completed for %s", path.Join(is.RootDir(), repo)))
return err
}
is.log.Info().Msg(fmt.Sprintf("GC successfully completed for %s", path.Join(is.RootDir(), repo)))
return nil
}
func (is *ImageStoreLocal) RunGCPeriodically(interval time.Duration, sch *scheduler.Scheduler) {
generator := &taskGenerator{
imgStore: is,
}
sch.SubmitGenerator(generator, interval, scheduler.MediumPriority)
}
type taskGenerator struct {
imgStore *ImageStoreLocal
lastRepo string
done bool
}
func (gen *taskGenerator) GenerateTask() (scheduler.Task, error) {
repo, err := gen.imgStore.GetNextRepository(gen.lastRepo)
if err != nil && !errors.Is(err, io.EOF) {
return nil, err
}
if repo == "" {
gen.done = true
return nil, nil
}
gen.lastRepo = repo
return newGCTask(gen.imgStore, repo), nil
}
func (gen *taskGenerator) IsDone() bool {
return gen.done
}
func (gen *taskGenerator) Reset() {
gen.lastRepo = ""
gen.done = false
}
type gcTask struct {
imgStore *ImageStoreLocal
repo string
}
func newGCTask(imgStore *ImageStoreLocal, repo string) *gcTask {
return &gcTask{imgStore, repo}
}
func (gcT *gcTask) DoWork() error {
return gcT.imgStore.RunGCRepo(gcT.repo)
}