mirror of
https://github.com/containers/podman.git
synced 2025-06-24 11:28:24 +08:00
Close image rawSource when each loop ends
Previously close rawSouce in the middle makes future use of rawSource invalid. Move the rawSource.Close() to the end of each loop. Signed-off-by: Qi Wang <qiwan@redhat.com>
This commit is contained in:
Qi Wang
@ -714,84 +714,91 @@ func (ir *ImageEngine) Sign(ctx context.Context, names []string, options entitie
|
|||||||
}
|
}
|
||||||
|
|
||||||
for _, signimage := range names {
|
for _, signimage := range names {
|
||||||
srcRef, err := alltransports.ParseImageName(signimage)
|
err = func() error {
|
||||||
if err != nil {
|
srcRef, err := alltransports.ParseImageName(signimage)
|
||||||
return nil, errors.Wrapf(err, "error parsing image name")
|
if err != nil {
|
||||||
}
|
return errors.Wrapf(err, "error parsing image name")
|
||||||
rawSource, err := srcRef.NewImageSource(ctx, sc)
|
}
|
||||||
if err != nil {
|
rawSource, err := srcRef.NewImageSource(ctx, sc)
|
||||||
return nil, errors.Wrapf(err, "error getting image source")
|
if err != nil {
|
||||||
}
|
return errors.Wrapf(err, "error getting image source")
|
||||||
err = rawSource.Close()
|
}
|
||||||
if err != nil {
|
defer func() {
|
||||||
logrus.Errorf("unable to close new image source %q", err)
|
if err = rawSource.Close(); err != nil {
|
||||||
}
|
logrus.Errorf("unable to close %s image source %q", srcRef.DockerReference().Name(), err)
|
||||||
getManifest, _, err := rawSource.GetManifest(ctx, nil)
|
}
|
||||||
if err != nil {
|
}()
|
||||||
return nil, errors.Wrapf(err, "error getting getManifest")
|
getManifest, _, err := rawSource.GetManifest(ctx, nil)
|
||||||
}
|
if err != nil {
|
||||||
dockerReference := rawSource.Reference().DockerReference()
|
return errors.Wrapf(err, "error getting getManifest")
|
||||||
if dockerReference == nil {
|
}
|
||||||
return nil, errors.Errorf("cannot determine canonical Docker reference for destination %s", transports.ImageName(rawSource.Reference()))
|
dockerReference := rawSource.Reference().DockerReference()
|
||||||
}
|
if dockerReference == nil {
|
||||||
var sigStoreDir string
|
return errors.Errorf("cannot determine canonical Docker reference for destination %s", transports.ImageName(rawSource.Reference()))
|
||||||
if options.Directory != "" {
|
}
|
||||||
sigStoreDir = options.Directory
|
var sigStoreDir string
|
||||||
}
|
if options.Directory != "" {
|
||||||
if sigStoreDir == "" {
|
sigStoreDir = options.Directory
|
||||||
if rootless.IsRootless() {
|
}
|
||||||
sigStoreDir = filepath.Join(filepath.Dir(ir.Libpod.StorageConfig().GraphRoot), "sigstore")
|
if sigStoreDir == "" {
|
||||||
} else {
|
if rootless.IsRootless() {
|
||||||
var sigStoreURI string
|
sigStoreDir = filepath.Join(filepath.Dir(ir.Libpod.StorageConfig().GraphRoot), "sigstore")
|
||||||
registryInfo := trust.HaveMatchRegistry(rawSource.Reference().DockerReference().String(), registryConfigs)
|
} else {
|
||||||
if registryInfo != nil {
|
var sigStoreURI string
|
||||||
if sigStoreURI = registryInfo.SigStoreStaging; sigStoreURI == "" {
|
registryInfo := trust.HaveMatchRegistry(rawSource.Reference().DockerReference().String(), registryConfigs)
|
||||||
sigStoreURI = registryInfo.SigStore
|
if registryInfo != nil {
|
||||||
|
if sigStoreURI = registryInfo.SigStoreStaging; sigStoreURI == "" {
|
||||||
|
sigStoreURI = registryInfo.SigStore
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if sigStoreURI == "" {
|
||||||
|
return errors.Errorf("no signature storage configuration found for %s", rawSource.Reference().DockerReference().String())
|
||||||
|
|
||||||
|
}
|
||||||
|
sigStoreDir, err = localPathFromURI(sigStoreURI)
|
||||||
|
if err != nil {
|
||||||
|
return errors.Wrapf(err, "invalid signature storage %s", sigStoreURI)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if sigStoreURI == "" {
|
}
|
||||||
return nil, errors.Errorf("no signature storage configuration found for %s", rawSource.Reference().DockerReference().String())
|
manifestDigest, err := manifest.Digest(getManifest)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
repo := reference.Path(dockerReference)
|
||||||
|
if path.Clean(repo) != repo { // Coverage: This should not be reachable because /./ and /../ components are not valid in docker references
|
||||||
|
return errors.Errorf("Unexpected path elements in Docker reference %s for signature storage", dockerReference.String())
|
||||||
|
}
|
||||||
|
|
||||||
}
|
// create signature
|
||||||
sigStoreDir, err = localPathFromURI(sigStoreURI)
|
newSig, err := signature.SignDockerManifest(getManifest, dockerReference.String(), mech, options.SignBy)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, errors.Wrapf(err, "invalid signature storage %s", sigStoreURI)
|
return errors.Wrapf(err, "error creating new signature")
|
||||||
|
}
|
||||||
|
// create the signstore file
|
||||||
|
signatureDir := fmt.Sprintf("%s@%s=%s", filepath.Join(sigStoreDir, repo), manifestDigest.Algorithm(), manifestDigest.Hex())
|
||||||
|
if err := os.MkdirAll(signatureDir, 0751); err != nil {
|
||||||
|
// The directory is allowed to exist
|
||||||
|
if !os.IsExist(err) {
|
||||||
|
logrus.Error(err)
|
||||||
|
return nil
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
sigFilename, err := getSigFilename(signatureDir)
|
||||||
manifestDigest, err := manifest.Digest(getManifest)
|
if err != nil {
|
||||||
|
logrus.Errorf("error creating sigstore file: %v", err)
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
err = ioutil.WriteFile(filepath.Join(signatureDir, sigFilename), newSig, 0644)
|
||||||
|
if err != nil {
|
||||||
|
logrus.Errorf("error storing signature for %s", rawSource.Reference().DockerReference().String())
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
repo := reference.Path(dockerReference)
|
|
||||||
if path.Clean(repo) != repo { // Coverage: This should not be reachable because /./ and /../ components are not valid in docker references
|
|
||||||
return nil, errors.Errorf("Unexpected path elements in Docker reference %s for signature storage", dockerReference.String())
|
|
||||||
}
|
|
||||||
|
|
||||||
// create signature
|
|
||||||
newSig, err := signature.SignDockerManifest(getManifest, dockerReference.String(), mech, options.SignBy)
|
|
||||||
if err != nil {
|
|
||||||
return nil, errors.Wrapf(err, "error creating new signature")
|
|
||||||
}
|
|
||||||
// create the signstore file
|
|
||||||
signatureDir := fmt.Sprintf("%s@%s=%s", filepath.Join(sigStoreDir, repo), manifestDigest.Algorithm(), manifestDigest.Hex())
|
|
||||||
if err := os.MkdirAll(signatureDir, 0751); err != nil {
|
|
||||||
// The directory is allowed to exist
|
|
||||||
if !os.IsExist(err) {
|
|
||||||
logrus.Error(err)
|
|
||||||
continue
|
|
||||||
}
|
|
||||||
}
|
|
||||||
sigFilename, err := getSigFilename(signatureDir)
|
|
||||||
if err != nil {
|
|
||||||
logrus.Errorf("error creating sigstore file: %v", err)
|
|
||||||
continue
|
|
||||||
}
|
|
||||||
err = ioutil.WriteFile(filepath.Join(signatureDir, sigFilename), newSig, 0644)
|
|
||||||
if err != nil {
|
|
||||||
logrus.Errorf("error storing signature for %s", rawSource.Reference().DockerReference().String())
|
|
||||||
continue
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
return nil, nil
|
return nil, nil
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user