Hard require proxy 0.2.3 for container config

Followup to previous; we need the config for future bits, so hard require it.
ostreedev · Dec 18, 2021 · f20e750 · f20e750
1 parent 2d1805c
commit f20e750
Show file tree

Hide file tree

Showing 4 changed files with 26 additions and 31 deletions.
diff --git a/lib/Cargo.toml b/lib/Cargo.toml
@@ -11,7 +11,7 @@ version = "0.5.1"
 [dependencies]
 anyhow = "1.0"
 # containers-image-proxy = "0.3"
-containers-image-proxy = { git = "https://github.com/containers/containers-image-proxy-rs" }
+containers-image-proxy = { git = "https://github.com/cgwalters/containers-image-proxy-rs", branch = "feature-023", features = [ "proxy_v0_2_3" ] }
 
 async-compression = { version = "0.3", features = ["gzip", "tokio"] }
 bitflags = "1"

diff --git a/lib/src/container/store.rs b/lib/src/container/store.rs
@@ -131,7 +131,7 @@ pub struct PreparedImport {
     /// The deserialized manifest.
     pub manifest: oci_image::ImageManifest,
     /// The deserialized configuration.
-    pub config: Option<oci_image::ImageConfiguration>,
+    pub config: oci_image::ImageConfiguration,
     /// The previously stored manifest digest.
     pub previous_manifest_digest: Option<String>,
     /// The previously stored image ID.
@@ -204,7 +204,6 @@ impl LayeredImageImporter {
     /// Determine if there is a new manifest, and if so return its digest.
     #[context("Fetching manifest")]
     pub async fn prepare(&mut self) -> Result<PrepareResult> {
-        let proxy_023 = self.proxy.get_0_2_3();
         match &self.imgref.sigverify {
             SignatureSource::ContainerPolicy if skopeo::container_policy_is_default_insecure()? => {
                 return Err(anyhow!("containers-policy.json specifies a default of `insecureAcceptAnything`; refusing usage"));
@@ -245,14 +244,9 @@ impl LayeredImageImporter {
                 (None, None)
             };
 
-        let config = if let Some(proxy) = proxy_023 {
-            let config_bytes = proxy.fetch_config(&self.proxy_img).await?;
-            let config: oci_image::ImageConfiguration =
-                serde_json::from_slice(&config_bytes).context("Parsing image configuration")?;
-            Some(config)
-        } else {
-            None
-        };
+        let config_bytes = self.proxy.fetch_config(&self.proxy_img).await?;
+        let config: oci_image::ImageConfiguration =
+            serde_json::from_slice(&config_bytes).context("Parsing image configuration")?;
 
         let mut layers = manifest.layers().iter().cloned();
         // We require a base layer.
@@ -293,6 +287,7 @@ impl LayeredImageImporter {
                 target_imgref,
                 &self.proxy_img,
                 &import.manifest,
+                &import.config,
                 None,
                 true,
             )

diff --git a/lib/src/container/unencapsulate.rs b/lib/src/container/unencapsulate.rs
@@ -184,9 +184,12 @@ pub async fn unencapsulate(
     let oi = &proxy.open_image(&imgref.imgref.to_string()).await?;
     let (image_digest, raw_manifest) = proxy.fetch_manifest(oi).await?;
     let manifest = serde_json::from_slice(&raw_manifest)?;
-    let ostree_commit =
-        unencapsulate_from_manifest_impl(repo, &mut proxy, imgref, oi, &manifest, options, false)
-            .await?;
+    let config = proxy.fetch_config(oi).await?;
+    let config = serde_json::from_slice(&config)?;
+    let ostree_commit = unencapsulate_from_manifest_impl(
+        repo, &mut proxy, imgref, oi, &manifest, &config, options, false,
+    )
+    .await?;
     proxy.close_image(oi).await?;
     Ok(Import {
         ostree_commit,
@@ -232,6 +235,7 @@ pub(crate) async fn unencapsulate_from_manifest_impl(
     imgref: &OstreeImageReference,
     oi: &containers_image_proxy::OpenedImage,
     manifest: &oci_spec::image::ImageManifest,
+    _config: &oci_spec::image::ImageConfiguration,
     options: Option<UnencapsulateOptions>,
     ignore_layered: bool,
 ) -> Result<String> {
@@ -285,9 +289,12 @@ pub async fn unencapsulate_from_manifest(
 ) -> Result<String> {
     let mut proxy = ImageProxy::new().await?;
     let oi = &proxy.open_image(&imgref.imgref.to_string()).await?;
-    let r =
-        unencapsulate_from_manifest_impl(repo, &mut proxy, imgref, oi, manifest, options, false)
-            .await?;
+    let config = proxy.fetch_config(&oi).await?;
+    let config = serde_json::from_slice(&config)?;
+    let r = unencapsulate_from_manifest_impl(
+        repo, &mut proxy, imgref, oi, manifest, &config, options, false,
+    )
+    .await?;
     proxy.close_image(oi).await?;
     // FIXME write ostree commit after proxy finalization
     proxy.finalize().await?;

diff --git a/lib/tests/it/main.rs b/lib/tests/it/main.rs
@@ -496,20 +496,13 @@ async fn test_container_write_derive() -> Result<()> {
     assert!(digest.starts_with("sha256:"));
     assert_eq!(digest, expected_digest);
 
-    // For now we need to make this test dynamic
-    {
-        let proxy = containers_image_proxy::ImageProxy::new().await?;
-        let proxy = proxy.get_0_2_3();
-        if proxy.is_some() {
-            let commit_meta = &imported_commit.child_value(0);
-            let commit_meta = glib::VariantDict::new(Some(commit_meta));
-            let config = commit_meta
-                .lookup::<String>("ostree.container.image-config")?
-                .unwrap();
-            let config: oci_spec::image::ImageConfiguration = serde_json::from_str(&config)?;
-            assert_eq!(config.os(), &oci_spec::image::Os::Linux);
-        }
-    }
+    let commit_meta = &imported_commit.child_value(0);
+    let commit_meta = glib::VariantDict::new(Some(commit_meta));
+    let config = commit_meta
+        .lookup::<String>("ostree.container.image-config")?
+        .unwrap();
+    let config: oci_spec::image::ImageConfiguration = serde_json::from_str(&config)?;
+    assert_eq!(config.os(), &oci_spec::image::Os::Linux);
 
     // Parse the commit and verify we pulled the derived content.
     bash!(