ping @s-urbaniak ,@opencontainers/image-spec-maintainers, PTAL thank lots!

@xiekeyang I tried this and it's only outputting the digest of the config in an imageLayout:

$ oci-image-tool validate --verbose --ref latest /home/amurdaca/src/github.com/projectatomic/skopeo/busybox
digest: sha256:3ca68bfc4a2b07c103848bc0de5ef47816fb06baef62632a2b5320dd2a2f7825
OK

$ tree busybox 
busybox
├── blobs
│   ├── sha256-2b8fd9751c4c0f5dd266fcae00707e67a2545ef34f9a29354585f93dac906749
│   ├── sha256-3ca68bfc4a2b07c103848bc0de5ef47816fb06baef62632a2b5320dd2a2f7825
│   └── sha256-8ddc19f16526912237dd8af81971d5e4dd0587907234be2b83e249518d5b673f
├── oci-layout
└── refs
    └── latest

2 directories, 5 files

$ cat busybox/blobs/sha256-3ca68bfc4a2b07c103848bc0de5ef47816fb06baef62632a2b5320dd2a2f7825
{"schemaVersion":2,"mediaType":"application/vnd.oci.image.manifest.v1+json","config":{"digest":"sha256:2b8fd9751c4c0f5dd266fcae00707e67a2545ef34f9a29354585f93dac906749","mediaType":"application/vnd.oci.image.serialization.config.v1+json","size":1459},"layers":[{"digest":"sha256:8ddc19f16526912237dd8af81971d5e4dd0587907234be2b83e249518d5b673f","mediaType":"application/vnd.oci.image.serialization.rootfs.tar.gzip","size":667590}],"annotations":null}% 

I have a branch (runcom/image-spec@oci-image-tool) I'm working on for #222 (which is still WIP) which includes most of the fixes needed there and I though output of digests should have been the output of every object being validated (as opposed to what you did here which just print the digest of the config of an oci image).

My branch also contains fixes for the other point in #222.

@runcom Thanks for your review!

@xiekeyang I tried this and it's only outputting the digest of the config in an imageLayout:
I have a branch (runcom/image-spec@oci-image-tool) I'm working on for #222 (which is still WIP) which includes most of the fixes needed there and I though output of digests should have been the output of every object being validated (as opposed to what you did here which just print the digest of the config of an oci image).

Here I made inaccuracy to output only one digest for all that validate-config validate-manifest and validate-imageLayout case.
I agree that it should be improve to output all validated objects digest. I'd fix ASAP.

My branch also contains fixes for the other point in #222.

I read your branch. It seems my commit doesn't seriously conflict to your branch yet. May I fix my commit here, according to your proposal?
Thanks so much.

Yes, please go ahead and fix this here :)

WIP

@runcom , @s-urbaniak , here I've some confusion point:

for imageLayout and image type, the digests are calculated and I can collect and output them directly. In these 2 cases, it is meaningful to verbose output the digests which validate the consistency.

However, for manifest, manifestList and config type, I didn't find the digest calculation. Meantime, I think it needn't to output the digest because it just validate the simple file's json schema that is not relevant consistency.

So, my suggestion is just output digests for imageLayout and image type, and output nothing for manifest, manifestList and config type.

What is your proposal? Thanks a lot!

It you hash a manifest, manifest list or config you get their digests, why not calculate and print them? @s-urbaniak wdyt?

@runcom @s-urbaniak
I think that just to validate their json schema, not hash consistency, so it seems no need to calculate and print digest. It is just my opinion, which I don' persist.
Anyway, hopefully we will find an agreement here and then I would finish the functionality.

Additional, for manifest, manifest list or config case, the digest doesn't exist yet, which we should calculate for only print purpose. Is that a less meaningful way and will impact the program performance? right?

@xiekeyang @runcom verbose mode could imply additional computational overhead, I'd be fine with also printing the digests if being in verbose mode, so users have more insight.

@xiekeyang The return []string{}, errors.Wrap(...) pattern should be replaced with return nil, errors.Wrap(...)

It is finished, PTAL.
/cc @runcom @s-urbaniak

PTAL

/cc @runcom @wking

Actually I prefer to logrus. But I thought that will change current image tool's log system, and not sure that logrus is really indispensable. So I didn't put up the proposal.
I think we had better make agreement that if we take logrus or keep go/log.
And I rebase the pr.
/cc @wking @stevvooe @runcom

I am proposing classical dependency injection as per https://peter.bourgon.org/go-best-practices-2016/#program-design.

I think we had better make agreement that if we take logrus or keep go/log.

I don't see any difference here (please correct me if I'm wrong), both are used to log stuff - and I prefer logrus

I think we had better make agreement that if we take logrus or keep go/log.
I don't see any difference here, both are used to log stuff.

They should be different. logrus present level, hook, etc.

Different as in what they actually do - which is logging (logrus has the same API as go/log)

ping @s-urbaniak @stevvooe @wking @runcom
Let's discuss the best implementation way. And I would try to use it to finish the PR.

ping @s-urbaniak @stevvooe @wking @runcom

What blocked me is that validate functions (ValidateLayout/Validate/(Validator).Validate) (maybe) MUST return new variable of digest list, for these functions calculate digests internally.

I think these functions should return the necessary digest list.

On Fri, Sep 09, 2016 at 04:05:15AM -0700, xiekeyang wrote:

What blocked me is that validate functions
(ValidateLayout/Validate/(Validator).Validate) (maybe) MUST return
new variable of digest list, for these functions calculate digests
internally.

I think these functions should return the necessary digest list.

I think showing the digests of the blobs being fetched/validated
should happen when they are fetched/validated and not delayed until
later. That gets them out as soon as possible to help with
understanding crashes or invalid errors, and means you don't have to
return a list.

I'm waffling on whether this is logging output or program output. I
was previously leaning towards logging 1, but with #288 looking like
a longer slog, I'm shifting to think about these as (sub-)tests. The
TAP examples in [1,2] show how you could display this information as
you work through the validation logic (without collecting it somewhere
for later display). And if we treat these as (sub-)tests, there's no
need to hide them behind a --verbose flag (or similar). Print them
every time, and leave it to the caller to use a TAP harness [3](or
whatever) if they want a more compact view of the results.

I agree those are program steps not to be hidden behind a verbose flag @philips @vbatts @stevvooe wdyt

Here I collect guys proposal, to improve the output mechanism.

1. To use logrus, this patch only introduce it for outputing validated objects's descriptor(media type, digest and size).
   I don't refactor other loggers, for that @runcom is taking on the logger refactor, as not to conflict each other.
2. To use --log-level option, instead of --verbose, as ocitools present: https://github.com/opencontainers/ocitools/blob/master/cmd/ocitools/main.go#L16.
3. To output the objects's descriptor in validating functions, using debug level.

@stevvooe @s-urbaniak suggested to use spaghetti code or object function. Now I'm not sure if we need to export the descriptor from validation function, so I assume unnecessarily to use it. If you think that descriptor informations is useful out of validation functions, or current output is improper, I would amend the implementation.

Thanks for all of your good proposal, PTAL.

/cc @s-urbaniak @wking @stevvooe @runcom

@stevvooe @s-urbaniak suggested to use spaghetti code or object function.

:/

I suggested that we avoid spaghetti code.

I'm suggesting that we have an object walker to which you can attach functionality. Such a pattern might look as follows:

WalkImageLayout(imageLayout, func(desc Descriptor, err error) error) {
  if err := validate(imageLayout.Get(desc)); err != nil {
    log.Verbose("error %v", desc)
    return err
  }

  if verbose {
    log.Verbose("validated %v", desc)
  }

  return nil
})

This allows one to visit each item and do a few different things to it, while not overcoupling their implementation.

@stevvooe that's exactly the pattern I'm working on

Closing as this code was moved to https://github.com/opencontainers/image-tools. Please re-open if necessary.