(ctx context.Context, ir transfer.ImageFetcher, is transfer.ImageStorer, tops *transfer.Config)
| 37 | ) |
| 38 | |
| 39 | func (ts *localTransferService) pull(ctx context.Context, ir transfer.ImageFetcher, is transfer.ImageStorer, tops *transfer.Config) error { |
| 40 | ctx, done, err := ts.withLease(ctx) |
| 41 | if err != nil { |
| 42 | return err |
| 43 | } |
| 44 | defer done(ctx) |
| 45 | |
| 46 | if tops.Progress != nil { |
| 47 | tops.Progress(transfer.Progress{ |
| 48 | Event: fmt.Sprintf("Resolving from %s", ir), |
| 49 | }) |
| 50 | } |
| 51 | |
| 52 | if ir, ok := ir.(transfer.ImageResolverOptionSetter); ok { |
| 53 | ir.SetResolverOptions( |
| 54 | transfer.WithConcurrentLayerFetchBuffer(ts.config.ConcurrentLayerFetchBuffer), |
| 55 | transfer.WithMaxConcurrentDownloads(ts.config.MaxConcurrentDownloads), |
| 56 | transfer.WithDownloadLimiter(ts.limiterD), |
| 57 | ) |
| 58 | } |
| 59 | |
| 60 | name, desc, err := ir.Resolve(ctx) |
| 61 | if err != nil { |
| 62 | return fmt.Errorf("failed to resolve image: %w", err) |
| 63 | } |
| 64 | if desc.MediaType == images.MediaTypeDockerSchema1Manifest { |
| 65 | // Explicitly call out schema 1 as deprecated and not supported |
| 66 | return fmt.Errorf("schema 1 image manifests are no longer supported: %w", errdefs.ErrInvalidArgument) |
| 67 | } |
| 68 | |
| 69 | // Verify image before pulling. |
| 70 | for vfName, vf := range ts.config.Verifiers { |
| 71 | logger := log.G(ctx).WithFields(log.Fields{ |
| 72 | "name": name, |
| 73 | "digest": desc.Digest.String(), |
| 74 | "verifier": vfName, |
| 75 | }) |
| 76 | logger.Debug("Verifying image pull") |
| 77 | |
| 78 | jdg, err := vf.VerifyImage(ctx, name, desc) |
| 79 | if err != nil { |
| 80 | logger.WithError(err).Error("No judgement received from verifier") |
| 81 | return fmt.Errorf("blocking pull of %v with digest %v: image verifier %v returned error: %w", name, desc.Digest.String(), vfName, err) |
| 82 | } |
| 83 | logger = logger.WithFields(log.Fields{ |
| 84 | "ok": jdg.OK, |
| 85 | "reason": jdg.Reason, |
| 86 | }) |
| 87 | |
| 88 | if !jdg.OK { |
| 89 | logger.Warn("Image verifier blocked pull") |
| 90 | return fmt.Errorf("image verifier %s blocked pull of %v with digest %v for reason: %v", vfName, name, desc.Digest.String(), jdg.Reason) |
| 91 | } |
| 92 | logger.Debug("Image verifier allowed pull") |
| 93 | } |
| 94 | |
| 95 | // TODO: Handle already exists |
| 96 | if tops.Progress != nil { |
no test coverage detected