afan
/
gitea
Tarkkaile 1
Äänestä 0
Fork 0
Koodi Ongelmat 0 Pull-pyynnöt 0 Julkaisut 0 Wiki Activity
gitea源码
3 Commitit
2 Branchit
Puu: 6d2efddf43
Branchit Tagit
${ item.name }
Create branch ${ searchTerm }
from '6d2efddf43'
${ noResults }
gitea/routers/api/packages/container/manifest.go

manifest.go 14KB
Historia Raaka

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436 
  1. // Copyright 2022 The Gitea Authors. All rights reserved.

  2. // SPDX-License-Identifier: MIT

  3. 

  4. package container

  5. 

  6. import (

  7. 	"context"

  8. 	"errors"

  9. 	"fmt"

  10. 	"io"

  11. 	"os"

  12. 	"strings"

  13. 	"time"

  14. 

  15. 	"code.gitea.io/gitea/models/db"

  16. 	packages_model "code.gitea.io/gitea/models/packages"

  17. 	container_model "code.gitea.io/gitea/models/packages/container"

  18. 	user_model "code.gitea.io/gitea/models/user"

  19. 	"code.gitea.io/gitea/modules/globallock"

  20. 	"code.gitea.io/gitea/modules/json"

  21. 	"code.gitea.io/gitea/modules/log"

  22. 	packages_module "code.gitea.io/gitea/modules/packages"

  23. 	container_module "code.gitea.io/gitea/modules/packages/container"

  24. 	"code.gitea.io/gitea/modules/util"

  25. 	notify_service "code.gitea.io/gitea/services/notify"

  26. 	packages_service "code.gitea.io/gitea/services/packages"

  27. 	container_service "code.gitea.io/gitea/services/packages/container"

  28. 

  29. 	"github.com/opencontainers/go-digest"

  30. 	oci "github.com/opencontainers/image-spec/specs-go/v1"

  31. )

  32. 

  33. // manifestCreationInfo describes a manifest to create

  34. type manifestCreationInfo struct {

  35. 	MediaType  string

  36. 	Owner      *user_model.User

  37. 	Creator    *user_model.User

  38. 	Image      string

  39. 	Reference  string

  40. 	IsTagged   bool

  41. 	Properties map[string]string

  42. }

  43. 

  44. func processManifest(ctx context.Context, mci *manifestCreationInfo, buf *packages_module.HashedBuffer) (string, error) {

  45. 	var index oci.Index

  46. 	if err := json.NewDecoder(buf).Decode(&index); err != nil {

  47. 		return "", err

  48. 	}

  49. 	if index.SchemaVersion != 2 {

  50. 		return "", errUnsupported.WithMessage("Schema version is not supported")

  51. 	}

  52. 	if _, err := buf.Seek(0, io.SeekStart); err != nil {

  53. 		return "", err

  54. 	}

  55. 

  56. 	if !container_module.IsMediaTypeValid(mci.MediaType) {

  57. 		mci.MediaType = index.MediaType

  58. 		if !container_module.IsMediaTypeValid(mci.MediaType) {

  59. 			return "", errManifestInvalid.WithMessage("MediaType not recognized")

  60. 		}

  61. 	}

  62. 

  63. 	// .../container/manifest.go:453:createManifestBlob() [E] Error inserting package blob: Error 1062 (23000): Duplicate entry '..........' for key 'package_blob.UQE_package_blob_md5'

  64. 	releaser, err := globallock.Lock(ctx, containerGlobalLockKey(mci.Owner.ID, mci.Image, "manifest"))

  65. 	if err != nil {

  66. 		return "", err

  67. 	}

  68. 	defer releaser()

  69. 

  70. 	if container_module.IsMediaTypeImageManifest(mci.MediaType) {

  71. 		return processOciImageManifest(ctx, mci, buf)

  72. 	} else if container_module.IsMediaTypeImageIndex(mci.MediaType) {

  73. 		return processOciImageIndex(ctx, mci, buf)

  74. 	}

  75. 	return "", errManifestInvalid

  76. }

  77. 

  78. type processManifestTxRet struct {

  79. 	pv      *packages_model.PackageVersion

  80. 	pb      *packages_model.PackageBlob

  81. 	created bool

  82. 	digest  string

  83. }

  84. 

  85. func handleCreateManifestResult(ctx context.Context, err error, mci *manifestCreationInfo, contentStore *packages_module.ContentStore, txRet *processManifestTxRet) (string, error) {

  86. 	if err != nil && txRet.created && txRet.pb != nil {

  87. 		if err := contentStore.Delete(packages_module.BlobHash256Key(txRet.pb.HashSHA256)); err != nil {

  88. 			log.Error("Error deleting package blob from content store: %v", err)

  89. 		}

  90. 		return "", err

  91. 	}

  92. 	pd, err := packages_model.GetPackageDescriptor(ctx, txRet.pv)

  93. 	if err != nil {

  94. 		log.Error("Error getting package descriptor: %v", err) // ignore this error

  95. 	} else {

  96. 		notify_service.PackageCreate(ctx, mci.Creator, pd)

  97. 	}

  98. 	return txRet.digest, nil

  99. }

  100. 

  101. func processOciImageManifest(ctx context.Context, mci *manifestCreationInfo, buf *packages_module.HashedBuffer) (manifestDigest string, errRet error) {

  102. 	manifest, configDescriptor, metadata, err := container_service.ParseManifestMetadata(ctx, buf, mci.Owner.ID, mci.Image)

  103. 	if err != nil {

  104. 		return "", err

  105. 	}

  106. 	if _, err = buf.Seek(0, io.SeekStart); err != nil {

  107. 		return "", err

  108. 	}

  109. 

  110. 	contentStore := packages_module.NewContentStore()

  111. 	var txRet processManifestTxRet

  112. 	err = db.WithTx(ctx, func(ctx context.Context) (err error) {

  113. 		blobReferences := make([]*blobReference, 0, 1+len(manifest.Layers))

  114. 		blobReferences = append(blobReferences, &blobReference{

  115. 			Digest:       manifest.Config.Digest,

  116. 			MediaType:    manifest.Config.MediaType,

  117. 			File:         configDescriptor,

  118. 			ExpectedSize: manifest.Config.Size,

  119. 		})

  120. 

  121. 		for _, layer := range manifest.Layers {

  122. 			pfd, err := container_model.GetContainerBlob(ctx, &container_model.BlobSearchOptions{

  123. 				OwnerID: mci.Owner.ID,

  124. 				Image:   mci.Image,

  125. 				Digest:  string(layer.Digest),

  126. 			})

  127. 			if err != nil {

  128. 				return err

  129. 			}

  130. 

  131. 			blobReferences = append(blobReferences, &blobReference{

  132. 				Digest:       layer.Digest,

  133. 				MediaType:    layer.MediaType,

  134. 				File:         pfd,

  135. 				ExpectedSize: layer.Size,

  136. 			})

  137. 		}

  138. 

  139. 		pv, err := createPackageAndVersion(ctx, mci, metadata)

  140. 		if err != nil {

  141. 			return err

  142. 		}

  143. 

  144. 		uploadVersion, err := packages_model.GetInternalVersionByNameAndVersion(ctx, mci.Owner.ID, packages_model.TypeContainer, mci.Image, container_module.UploadVersion)

  145. 		if err != nil && !errors.Is(err, packages_model.ErrPackageNotExist) {

  146. 			return err

  147. 		}

  148. 

  149. 		for _, ref := range blobReferences {

  150. 			if _, err = createFileFromBlobReference(ctx, pv, uploadVersion, ref); err != nil {

  151. 				return err

  152. 			}

  153. 		}

  154. 		txRet.pv = pv

  155. 		txRet.pb, txRet.created, txRet.digest, err = createManifestBlob(ctx, contentStore, mci, pv, buf)

  156. 		return err

  157. 	})

  158. 

  159. 	return handleCreateManifestResult(ctx, err, mci, contentStore, &txRet)

  160. }

  161. 

  162. func processOciImageIndex(ctx context.Context, mci *manifestCreationInfo, buf *packages_module.HashedBuffer) (manifestDigest string, errRet error) {

  163. 	var index oci.Index

  164. 	if err := json.NewDecoder(buf).Decode(&index); err != nil {

  165. 		return "", err

  166. 	}

  167. 	if _, err := buf.Seek(0, io.SeekStart); err != nil {

  168. 		return "", err

  169. 	}

  170. 

  171. 	contentStore := packages_module.NewContentStore()

  172. 	var txRet processManifestTxRet

  173. 	err := db.WithTx(ctx, func(ctx context.Context) (err error) {

  174. 		metadata := &container_module.Metadata{

  175. 			Type:      container_module.TypeOCI,

  176. 			Manifests: make([]*container_module.Manifest, 0, len(index.Manifests)),

  177. 		}

  178. 

  179. 		for _, manifest := range index.Manifests {

  180. 			if !container_module.IsMediaTypeImageManifest(manifest.MediaType) {

  181. 				return errManifestInvalid

  182. 			}

  183. 

  184. 			platform := container_module.DefaultPlatform

  185. 			if manifest.Platform != nil {

  186. 				platform = fmt.Sprintf("%s/%s", manifest.Platform.OS, manifest.Platform.Architecture)

  187. 				if manifest.Platform.Variant != "" {

  188. 					platform = fmt.Sprintf("%s/%s", platform, manifest.Platform.Variant)

  189. 				}

  190. 			}

  191. 

  192. 			pfd, err := container_model.GetContainerBlob(ctx, &container_model.BlobSearchOptions{

  193. 				OwnerID:    mci.Owner.ID,

  194. 				Image:      mci.Image,

  195. 				Digest:     string(manifest.Digest),

  196. 				IsManifest: true,

  197. 			})

  198. 			if err != nil {

  199. 				if errors.Is(err, container_model.ErrContainerBlobNotExist) {

  200. 					return errManifestBlobUnknown

  201. 				}

  202. 				return err

  203. 			}

  204. 

  205. 			size, err := packages_model.CalculateFileSize(ctx, &packages_model.PackageFileSearchOptions{

  206. 				VersionID: pfd.File.VersionID,

  207. 			})

  208. 			if err != nil {

  209. 				return err

  210. 			}

  211. 

  212. 			metadata.Manifests = append(metadata.Manifests, &container_module.Manifest{

  213. 				Platform: platform,

  214. 				Digest:   string(manifest.Digest),

  215. 				Size:     size,

  216. 			})

  217. 		}

  218. 

  219. 		pv, err := createPackageAndVersion(ctx, mci, metadata)

  220. 		if err != nil {

  221. 			return err

  222. 		}

  223. 

  224. 		txRet.pv = pv

  225. 		txRet.pb, txRet.created, txRet.digest, err = createManifestBlob(ctx, contentStore, mci, pv, buf)

  226. 		return err

  227. 	})

  228. 

  229. 	return handleCreateManifestResult(ctx, err, mci, contentStore, &txRet)

  230. }

  231. 

  232. func createPackageAndVersion(ctx context.Context, mci *manifestCreationInfo, metadata *container_module.Metadata) (*packages_model.PackageVersion, error) {

  233. 	created := true

  234. 	p := &packages_model.Package{

  235. 		OwnerID:   mci.Owner.ID,

  236. 		Type:      packages_model.TypeContainer,

  237. 		Name:      strings.ToLower(mci.Image),

  238. 		LowerName: strings.ToLower(mci.Image),

  239. 	}

  240. 	var err error

  241. 	if p, err = packages_model.TryInsertPackage(ctx, p); err != nil {

  242. 		if !errors.Is(err, packages_model.ErrDuplicatePackage) {

  243. 			log.Error("Error inserting package: %v", err)

  244. 			return nil, err

  245. 		}

  246. 		created = false

  247. 	}

  248. 

  249. 	if created {

  250. 		if _, err := packages_model.InsertProperty(ctx, packages_model.PropertyTypePackage, p.ID, container_module.PropertyRepository, strings.ToLower(mci.Owner.LowerName+"/"+mci.Image)); err != nil {

  251. 			log.Error("Error setting package property: %v", err)

  252. 			return nil, err

  253. 		}

  254. 	}

  255. 

  256. 	metadata.IsTagged = mci.IsTagged

  257. 

  258. 	metadataJSON, err := json.Marshal(metadata)

  259. 	if err != nil {

  260. 		return nil, err

  261. 	}

  262. 

  263. 	_pv := &packages_model.PackageVersion{

  264. 		PackageID:    p.ID,

  265. 		CreatorID:    mci.Creator.ID,

  266. 		Version:      strings.ToLower(mci.Reference),

  267. 		LowerVersion: strings.ToLower(mci.Reference),

  268. 		MetadataJSON: string(metadataJSON),

  269. 	}

  270. 	pv, err := packages_model.GetOrInsertVersion(ctx, _pv)

  271. 	if err != nil {

  272. 		if !errors.Is(err, packages_model.ErrDuplicatePackageVersion) {

  273. 			log.Error("Error inserting package: %v", err)

  274. 			return nil, err

  275. 		}

  276. 

  277. 		if container_module.IsMediaTypeImageIndex(mci.MediaType) {

  278. 			if pv.CreatedUnix.AsTime().Before(time.Now().Add(-24 * time.Hour)) {

  279. 				if err = packages_service.DeletePackageVersionAndReferences(ctx, pv); err != nil {

  280. 					return nil, err

  281. 				}

  282. 				// keep download count on overwriting

  283. 				_pv.DownloadCount = pv.DownloadCount

  284. 				if pv, err = packages_model.GetOrInsertVersion(ctx, _pv); err != nil {

  285. 					if !errors.Is(err, packages_model.ErrDuplicatePackageVersion) {

  286. 						log.Error("Error inserting package: %v", err)

  287. 						return nil, err

  288. 					}

  289. 				}

  290. 			} else {

  291. 				err = packages_model.UpdateVersion(ctx, &packages_model.PackageVersion{ID: pv.ID, MetadataJSON: _pv.MetadataJSON})

  292. 				if err != nil {

  293. 					return nil, err

  294. 				}

  295. 			}

  296. 		}

  297. 	}

  298. 

  299. 	if err := packages_service.CheckCountQuotaExceeded(ctx, mci.Creator, mci.Owner); err != nil {

  300. 		return nil, err

  301. 	}

  302. 

  303. 	if mci.IsTagged {

  304. 		if err = packages_model.InsertOrUpdateProperty(ctx, packages_model.PropertyTypeVersion, pv.ID, container_module.PropertyManifestTagged, ""); err != nil {

  305. 			return nil, err

  306. 		}

  307. 	} else {

  308. 		if err = packages_model.DeletePropertiesByName(ctx, packages_model.PropertyTypeVersion, pv.ID, container_module.PropertyManifestTagged); err != nil {

  309. 			return nil, err

  310. 		}

  311. 	}

  312. 

  313. 	if err = packages_model.DeletePropertiesByName(ctx, packages_model.PropertyTypeVersion, pv.ID, container_module.PropertyManifestReference); err != nil {

  314. 		return nil, err

  315. 	}

  316. 	for _, manifest := range metadata.Manifests {

  317. 		if _, err = packages_model.InsertProperty(ctx, packages_model.PropertyTypeVersion, pv.ID, container_module.PropertyManifestReference, manifest.Digest); err != nil {

  318. 			return nil, err

  319. 		}

  320. 	}

  321. 

  322. 	return pv, nil

  323. }

  324. 

  325. type blobReference struct {

  326. 	Digest       digest.Digest

  327. 	MediaType    string

  328. 	Name         string

  329. 	File         *packages_model.PackageFileDescriptor

  330. 	ExpectedSize int64

  331. 	IsLead       bool

  332. }

  333. 

  334. func createFileFromBlobReference(ctx context.Context, pv, uploadVersion *packages_model.PackageVersion, ref *blobReference) (*packages_model.PackageFile, error) {

  335. 	if ref.File.Blob.Size != ref.ExpectedSize {

  336. 		return nil, errSizeInvalid

  337. 	}

  338. 

  339. 	if ref.Name == "" {

  340. 		ref.Name = strings.ToLower("sha256_" + ref.File.Blob.HashSHA256)

  341. 	}

  342. 

  343. 	pf := &packages_model.PackageFile{

  344. 		VersionID:    pv.ID,

  345. 		BlobID:       ref.File.Blob.ID,

  346. 		Name:         ref.Name,

  347. 		LowerName:    ref.Name,

  348. 		CompositeKey: string(ref.Digest),

  349. 		IsLead:       ref.IsLead,

  350. 	}

  351. 	var err error

  352. 	if pf, err = packages_model.TryInsertFile(ctx, pf); err != nil {

  353. 		if errors.Is(err, packages_model.ErrDuplicatePackageFile) {

  354. 			// Skip this blob because the manifest contains the same filesystem layer multiple times.

  355. 			return pf, nil

  356. 		}

  357. 		log.Error("Error inserting package file: %v", err)

  358. 		return nil, err

  359. 	}

  360. 

  361. 	props := map[string]string{

  362. 		container_module.PropertyMediaType: ref.MediaType,

  363. 		container_module.PropertyDigest:    string(ref.Digest),

  364. 	}

  365. 	for name, value := range props {

  366. 		if _, err := packages_model.InsertProperty(ctx, packages_model.PropertyTypeFile, pf.ID, name, value); err != nil {

  367. 			log.Error("Error setting package file property: %v", err)

  368. 			return nil, err

  369. 		}

  370. 	}

  371. 

  372. 	// Remove the ref file (old file) from the blob upload version

  373. 	if uploadVersion != nil && ref.File.File != nil && uploadVersion.ID == ref.File.File.VersionID {

  374. 		if err := packages_service.DeletePackageFile(ctx, ref.File.File); err != nil {

  375. 			return nil, err

  376. 		}

  377. 	}

  378. 

  379. 	return pf, nil

  380. }

  381. 

  382. func createManifestBlob(ctx context.Context, contentStore *packages_module.ContentStore, mci *manifestCreationInfo, pv *packages_model.PackageVersion, buf *packages_module.HashedBuffer) (_ *packages_model.PackageBlob, created bool, manifestDigest string, _ error) {

  383. 	pb, exists, err := packages_model.GetOrInsertBlob(ctx, packages_service.NewPackageBlob(buf))

  384. 	if err != nil {

  385. 		log.Error("Error inserting package blob: %v", err)

  386. 		return nil, false, "", err

  387. 	}

  388. 	// FIXME: Workaround to be removed in v1.20

  389. 	// https://github.com/go-gitea/gitea/issues/19586

  390. 	if exists {

  391. 		err = contentStore.Has(packages_module.BlobHash256Key(pb.HashSHA256))

  392. 		if err != nil && (errors.Is(err, util.ErrNotExist) || errors.Is(err, os.ErrNotExist)) {

  393. 			log.Debug("Package registry inconsistent: blob %s does not exist on file system", pb.HashSHA256)

  394. 			exists = false

  395. 		}

  396. 	}

  397. 	if !exists {

  398. 		if err := contentStore.Save(packages_module.BlobHash256Key(pb.HashSHA256), buf, buf.Size()); err != nil {

  399. 			log.Error("Error saving package blob in content store: %v", err)

  400. 			return nil, false, "", err

  401. 		}

  402. 	}

  403. 

  404. 	manifestDigest = digestFromHashSummer(buf)

  405. 	pf, err := createFileFromBlobReference(ctx, pv, nil, &blobReference{

  406. 		Digest:       digest.Digest(manifestDigest),

  407. 		MediaType:    mci.MediaType,

  408. 		Name:         container_module.ManifestFilename,

  409. 		File:         &packages_model.PackageFileDescriptor{Blob: pb},

  410. 		ExpectedSize: pb.Size,

  411. 		IsLead:       true,

  412. 	})

  413. 	if err != nil {

  414. 		return nil, false, "", err

  415. 	}

  416. 

  417. 	oldManifestFiles, _, err := packages_model.SearchFiles(ctx, &packages_model.PackageFileSearchOptions{

  418. 		OwnerID:     mci.Owner.ID,

  419. 		PackageType: packages_model.TypeContainer,

  420. 		VersionID:   pv.ID,

  421. 		Query:       container_module.ManifestFilename,

  422. 	})

  423. 	if err != nil {

  424. 		return nil, false, "", err

  425. 	}

  426. 	for _, oldManifestFile := range oldManifestFiles {

  427. 		if oldManifestFile.ID != pf.ID && oldManifestFile.IsLead {

  428. 			err = packages_model.UpdateFile(ctx, &packages_model.PackageFile{ID: oldManifestFile.ID, IsLead: false}, []string{"is_lead"})

  429. 			if err != nil {

  430. 				return nil, false, "", err

  431. 			}

  432. 		}

  433. 	}

  434. 	return pb, !exists, manifestDigest, err

  435. }