2018-07-27 00:53:48 +00:00
|
|
|
package imagerefchecker
|
|
|
|
|
|
|
|
import (
|
|
|
|
"context"
|
|
|
|
"encoding/json"
|
|
|
|
"strings"
|
|
|
|
"sync"
|
|
|
|
|
|
|
|
"github.com/containerd/containerd/content"
|
|
|
|
"github.com/containerd/containerd/images"
|
|
|
|
"github.com/moby/buildkit/cache"
|
|
|
|
digest "github.com/opencontainers/go-digest"
|
|
|
|
specs "github.com/opencontainers/image-spec/specs-go/v1"
|
|
|
|
"github.com/pkg/errors"
|
|
|
|
)
|
|
|
|
|
|
|
|
const (
|
|
|
|
emptyGZLayer = digest.Digest("sha256:4f4fb700ef54461cfa02571ae0db9a0dc1e0cdb5577484a6d75e68dc38e8acc1")
|
|
|
|
)
|
|
|
|
|
|
|
|
type Opt struct {
|
|
|
|
ImageStore images.Store
|
2019-09-18 00:18:32 +00:00
|
|
|
ContentStore content.Store
|
2018-07-27 00:53:48 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// New creates new image reference checker that can be used to see if a reference
|
|
|
|
// is being used by any of the images in the image store
|
|
|
|
func New(opt Opt) cache.ExternalRefCheckerFunc {
|
2019-09-20 21:49:29 +00:00
|
|
|
return func() (cache.ExternalRefChecker, error) {
|
|
|
|
return &Checker{opt: opt}, nil
|
2018-07-27 00:53:48 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2019-09-18 00:18:32 +00:00
|
|
|
type Checker struct {
|
2018-07-27 00:53:48 +00:00
|
|
|
opt Opt
|
|
|
|
once sync.Once
|
|
|
|
images map[string]struct{}
|
|
|
|
cache map[string]bool
|
|
|
|
}
|
|
|
|
|
2019-09-20 21:49:29 +00:00
|
|
|
func (c *Checker) Exists(key string, blobs []digest.Digest) bool {
|
2018-07-27 00:53:48 +00:00
|
|
|
if c.opt.ImageStore == nil {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
|
|
|
c.once.Do(c.init)
|
|
|
|
|
|
|
|
if b, ok := c.cache[key]; ok {
|
|
|
|
return b
|
|
|
|
}
|
|
|
|
|
2019-09-20 21:49:29 +00:00
|
|
|
_, ok := c.images[layerKey(blobs)]
|
2018-07-27 00:53:48 +00:00
|
|
|
c.cache[key] = ok
|
|
|
|
return ok
|
|
|
|
}
|
|
|
|
|
2019-09-18 00:18:32 +00:00
|
|
|
func (c *Checker) init() {
|
2018-07-27 00:53:48 +00:00
|
|
|
c.images = map[string]struct{}{}
|
|
|
|
c.cache = map[string]bool{}
|
|
|
|
|
|
|
|
imgs, err := c.opt.ImageStore.List(context.TODO())
|
|
|
|
if err != nil {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2018-09-28 00:12:35 +00:00
|
|
|
var mu sync.Mutex
|
|
|
|
|
2018-07-27 00:53:48 +00:00
|
|
|
for _, img := range imgs {
|
|
|
|
if err := images.Dispatch(context.TODO(), images.Handlers(layersHandler(c.opt.ContentStore, func(layers []specs.Descriptor) {
|
2018-09-28 00:12:35 +00:00
|
|
|
mu.Lock()
|
2018-07-27 00:53:48 +00:00
|
|
|
c.registerLayers(layers)
|
2018-09-28 00:12:35 +00:00
|
|
|
mu.Unlock()
|
2019-02-13 01:57:35 +00:00
|
|
|
})), nil, img.Target); err != nil {
|
2018-07-27 00:53:48 +00:00
|
|
|
return
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2019-09-18 00:18:32 +00:00
|
|
|
func (c *Checker) registerLayers(l []specs.Descriptor) {
|
2019-09-20 21:49:29 +00:00
|
|
|
if k := layerKey(toDigests(l)); k != "" {
|
2018-07-27 00:53:48 +00:00
|
|
|
c.images[k] = struct{}{}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2019-09-20 21:49:29 +00:00
|
|
|
func toDigests(layers []specs.Descriptor) []digest.Digest {
|
|
|
|
digests := make([]digest.Digest, len(layers))
|
|
|
|
for i, l := range layers {
|
|
|
|
digests[i] = l.Digest
|
|
|
|
}
|
|
|
|
return digests
|
|
|
|
}
|
|
|
|
|
|
|
|
func layerKey(layers []digest.Digest) string {
|
2018-07-27 00:53:48 +00:00
|
|
|
b := &strings.Builder{}
|
|
|
|
for _, l := range layers {
|
2019-09-20 21:49:29 +00:00
|
|
|
if l != emptyGZLayer {
|
|
|
|
b.Write([]byte(l))
|
2018-07-27 00:53:48 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
return b.String()
|
|
|
|
}
|
|
|
|
|
|
|
|
func layersHandler(provider content.Provider, f func([]specs.Descriptor)) images.HandlerFunc {
|
|
|
|
return func(ctx context.Context, desc specs.Descriptor) ([]specs.Descriptor, error) {
|
|
|
|
switch desc.MediaType {
|
|
|
|
case images.MediaTypeDockerSchema2Manifest, specs.MediaTypeImageManifest:
|
|
|
|
p, err := content.ReadBlob(ctx, provider, desc)
|
|
|
|
if err != nil {
|
|
|
|
return nil, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
var manifest specs.Manifest
|
|
|
|
if err := json.Unmarshal(p, &manifest); err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
f(manifest.Layers)
|
|
|
|
return nil, nil
|
|
|
|
case images.MediaTypeDockerSchema2ManifestList, specs.MediaTypeImageIndex:
|
|
|
|
p, err := content.ReadBlob(ctx, provider, desc)
|
|
|
|
if err != nil {
|
|
|
|
return nil, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
var index specs.Index
|
|
|
|
if err := json.Unmarshal(p, &index); err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
return index.Manifests, nil
|
|
|
|
default:
|
|
|
|
return nil, errors.Errorf("encountered unknown type %v", desc.MediaType)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|