mirror of
https://github.com/project-zot/zot.git
synced 2024-12-16 21:56:37 -05:00
aaee0220e4
when a client pushes an image zot's inline dedupe will try to find the blob path corresponding with the blob digest that it's currently pushed and if it's found in the cache then zot will make a symbolic link to that cache entry and report to the client that the blob already exists on the location. Before this patch authorization was not applied on this process meaning that a user could copy blobs without having permissions on the source repo. Added a rule which says that the client should have read permissions on the source repo before deduping, otherwise just Stat() the blob and return the corresponding status code. Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> Co-authored-by: Petu Eusebiu <peusebiu@cisco.com> |
||
|---|---|---|
| .. | ||
| auth | ||
| common | ||
| image-utils | ||
| inject | ||
| mocks | ||
| oci-utils | ||
| signature | ||
| skip | ||