Skip to content

Resolver requires optional Docker-Content-Digest #3238

Closed
Closed
Resolver requires optional Docker-Content-Digest#3238
@msg555

Description

@msg555
msg555
opened on Apr 25, 2019

Referring to the code at

containerd/remotes/docker/resolver.go

Line 227 in 2d780a7

dgstHeader := digest.Digest(resp.Header.Get("Docker-Content-Digest"))

From my reading of the registry API spec (https://docs.docker.com/registry/spec/api/#content-digests) it appears that the Docker-Content-Digest header is optional.

To provide verification of http content, any response may include a Docker-Content-Digest header.

Therefore it feels like this should not be required from the registry.

In particular the registry.access.redhat.com registry does not specify this header. The following code demonstrates the problem:

package main
  
import (
  "context"
  "fmt"
  "net/http"

  "github.com/containerd/containerd/remotes/docker"
)

func main() {
  resolver := docker.NewResolver(docker.ResolverOptions{
    Client: http.DefaultClient,
  })

  name, desc, err := resolver.Resolve(context.TODO(), "registry.access.redhat.com/rhel7/rhel:7.3")
  // name, desc, err := resolver.Resolve(context.TODO(), "quay.io/quay/ubuntu:latest")
  if err != nil {
    fmt.Println(err)
    panic(err)
  }
  fmt.Println(name)
  fmt.Println(desc)
}

I'm happy to make a PR for this if there is agreement that this behavior should be changed.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions