Merge pull request #145 from jmorganca/verify-digest

verify blob digest
This commit is contained in:
Michael Yang 2023-07-20 12:14:21 -07:00 committed by GitHub
commit 992892866b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -615,6 +615,13 @@ func PullModel(name, username, password string, fn func(api.ProgressResponse)) e
} }
} }
fn(api.ProgressResponse{Status: "verifying sha256 digest"})
for _, layer := range layers {
if err := verifyBlob(layer.Digest); err != nil {
return err
}
}
fn(api.ProgressResponse{Status: "writing manifest"}) fn(api.ProgressResponse{Status: "writing manifest"})
manifestJSON, err := json.Marshal(manifest) manifestJSON, err := json.Marshal(manifest)
@ -909,3 +916,23 @@ func makeRequest(method, url string, headers map[string]string, body io.Reader,
return resp, nil return resp, nil
} }
func verifyBlob(digest string) error {
fp, err := GetBlobsPath(digest)
if err != nil {
return err
}
f, err := os.Open(fp)
if err != nil {
return err
}
defer f.Close()
fileDigest, _ := GetSHA256Digest(f)
if digest != fileDigest {
return fmt.Errorf("digest mismatch: want %s, got %s", digest, fileDigest)
}
return nil
}