Skip to content

Commit 2c670e7

Browse files
vvolanddmcgowan
vvoland
authored and
dmcgowan
committed
core/images: Ignore attestations when traversing children
Before this patch, calling `image.Children` on an image built with BuildKit would produce unnecessary `encountered unknown type application/vnd.in-toto+json; children may not be fetched` debug logs, because the media type is neither a known layer or config type. Make the `image.Children` aware of the attestation layers and don't attempt to traverse them. Signed-off-by: Paweł Gronowski <[email protected]> (cherry picked from commit e751b6b) Signed-off-by: Derek McGowan <[email protected]>
1 parent 753481e commit 2c670e7

File tree

2 files changed

+14
-1
lines changed

2 files changed

+14
-1
lines changed

images/image.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -378,7 +378,7 @@ func Children(ctx context.Context, provider content.Provider, desc ocispec.Descr
378378

379379
descs = append(descs, index.Manifests...)
380380
default:
381-
if IsLayerType(desc.MediaType) || IsKnownConfig(desc.MediaType) {
381+
if IsLayerType(desc.MediaType) || IsKnownConfig(desc.MediaType) || IsAttestationType(desc.MediaType) {
382382
// childless data types.
383383
return nil, nil
384384
}

images/mediatypes.go

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -57,6 +57,9 @@ const (
5757

5858
MediaTypeImageLayerEncrypted = ocispec.MediaTypeImageLayer + "+encrypted"
5959
MediaTypeImageLayerGzipEncrypted = ocispec.MediaTypeImageLayerGzip + "+encrypted"
60+
61+
// In-toto attestation
62+
MediaTypeInToto = "application/vnd.in-toto+json"
6063
)
6164

6265
// DiffCompression returns the compression as defined by the layer diff media
@@ -186,6 +189,16 @@ func IsKnownConfig(mt string) bool {
186189
return false
187190
}
188191

192+
// IsAttestationType returns true if the media type is an attestation type
193+
func IsAttestationType(mt string) bool {
194+
switch mt {
195+
case MediaTypeInToto:
196+
return true
197+
default:
198+
return false
199+
}
200+
}
201+
189202
// ChildGCLabels returns the label for a given descriptor to reference it
190203
func ChildGCLabels(desc ocispec.Descriptor) []string {
191204
mt := desc.MediaType

0 commit comments

Comments
 (0)