Skip to content

Commit

Permalink
Do not process attestation manifests
Browse files Browse the repository at this point in the history 
Some docker-built containers may have a so-called attestation manifest.
These are not meant to be processed as normal images, but instead,
will have an arch and OS of "unknown".

Preflight will now ignore any image listed in a manifest that has
arch and OS as "unknown".

Signed-off-by: Brad P. Crochet <brad@redhat.com>
  • Loading branch information
@bcrochet @acornett21
bcrochet authored and acornett21 committed Oct 18, 2023
1 parent 26b14ee commit f04b781
Show file tree
Hide file tree
Showing 2 changed files with 43 additions and 35 deletions.
4 changes: 4 additions & 0 deletions cmd/preflight/cmd/check_container.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -432,6 +432,10 @@ func platformsToBeProcessed(cmd *cobra.Command, cfg *runtime.Config) ([]string,
// The user selected a platform. If this isn't it, continue.
continue
}
if img.Platform.Architecture == "unknown" && img.Platform.OS == "unknown" {
// This must be an attestation manifest. Skip it.
continue
}
containerImagePlatforms = append(containerImagePlatforms, img.Platform.Architecture)
}
if platformChanged && len(containerImagePlatforms) == 0 {
Expand Down
74 changes: 39 additions & 35 deletions cmd/preflight/cmd/check_container_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,35 @@ import (
"github.com/onsi/gomega/types"
)

func createPlatformImage(arch string, addlLayers int) cranev1.Image {
// Expected values.
img, err := random.Image(1024, 5)
Expect(err).ToNot(HaveOccurred())

for i := 0; i < addlLayers; i++ {
newLayer, err := random.Layer(1024, cranev1types.OCILayer)
Expect(err).ToNot(HaveOccurred())
img, err = mutate.AppendLayers(img, newLayer)
Expect(err).ToNot(HaveOccurred())
}

cfgFile, err := img.ConfigFile()
Expect(err).ToNot(HaveOccurred())

cfgFile.Architecture = arch

cfgImg, err := mutate.ConfigFile(img, cfgFile)
Expect(err).ToNot(HaveOccurred())

return cfgImg
}

func createImageAndPush(src, arch string, addlLayers int) string {
img := createPlatformImage(arch, addlLayers)
Expect(crane.Push(img, src)).To(Succeed())
return src
}

var _ = Describe("Check Container Command", func() {
var src string
var manifestListSrc string
Expand All @@ -54,46 +83,16 @@ var _ = Describe("Check Container Command", func() {
Expect(err).ToNot(HaveOccurred())

src = fmt.Sprintf("%s/test/crane", u.Host)
manifests["image"] = src

// Expected values.
img, err := random.Image(1024, 5)
Expect(err).ToNot(HaveOccurred())

cfgFile, err := img.ConfigFile()
Expect(err).ToNot(HaveOccurred())

cfgFile.Architecture = "amd64"

cfgImg, err := mutate.ConfigFile(img, cfgFile)
Expect(err).ToNot(HaveOccurred())

err = crane.Push(cfgImg, src)
Expect(err).ToNot(HaveOccurred())
manifests["image"] = createImageAndPush(src, "amd64", 0)

srcppc = fmt.Sprintf("%s/test/craneppc", u.Host)
manifests["imageppc"] = srcppc

newLayer, err := random.Layer(1024, cranev1types.OCILayer)
Expect(err).ToNot(HaveOccurred())

ppcImg, err := mutate.AppendLayers(img, newLayer)
Expect(err).ToNot(HaveOccurred())

ppcCfgFile, err := ppcImg.ConfigFile()
Expect(err).ToNot(HaveOccurred())
manifests["imageppc"] = createImageAndPush(srcppc, "ppc64le", 1)

ppcCfgFile.Architecture = "ppc64le"

ppcCfgImg, err := mutate.ConfigFile(ppcImg, ppcCfgFile)
Expect(err).ToNot(HaveOccurred())

Expect(crane.Push(ppcCfgImg, srcppc)).To(Succeed())

platforms := [4]string{"amd64", "arm64", "ppc64le", "s390x"}
manifestListSrc = fmt.Sprintf("%s/test/cranelist", u.Host)
manifests["index"] = manifestListSrc
lst, err := random.Index(1024, 5, int64(len(platforms)))

platforms := [4]string{"amd64", "arm64", "ppc64le", "s390x"}
lst, err := random.Index(1024, 5, int64(len(platforms)+1))
Expect(err).ToNot(HaveOccurred())

ref, err := name.ParseReference(manifestListSrc)
Expand All @@ -104,6 +103,11 @@ var _ = Describe("Check Container Command", func() {

for i, manifest := range m.Manifests {
switch {
case i == len(platforms):
m.Manifests[i].Platform = &cranev1.Platform{
Architecture: "unknown",
OS: "unknown",
}
case manifest.MediaType.IsImage():
m.Manifests[i].Platform = &cranev1.Platform{
Architecture: platforms[i],
Expand Down

0 comments on commit f04b781

Please sign in to comment.