MCPcopy
hub / github.com/freedomofpress/dangerzone / get_local_image_digest

Function get_local_image_digest

dangerzone/container_utils.py:387–417  ·  view source on GitHub ↗

Returns a image hash from a local image name

(image: str | None = None)

Source from the content-addressed store, hash-verified

385
386
387def get_local_image_digest(image: str | None = None) -> str:
388 """
389 Returns a image hash from a local image name
390 """
391 expected_image = image or expected_image_name()
392 # `podman images` returns the digest of the multi-architecture image,
393 # which should match the downloaded signatures on a typical over-the-air
394 # update scenario.
395 # `podman inspect` is avoided here as it returns the digest of the
396 # architecture-bound image.
397 podman = init_podman_command()
398 res = podman.run(["images", expected_image, "--format", "{{.Digest}}"])
399 assert isinstance(res, str)
400 lines = set(res.split("\n"))
401 line_count = len(lines)
402
403 # `podman images` exits 0 with no output when the image is absent,
404 # at least on some platforms.
405 if not res or line_count < 1:
406 raise errors.ImageNotPresentException(
407 f"The image {expected_image} does not exist locally"
408 )
409 # In some cases, the output can be multiple lines with the same digest
410 # sets are used to reduce them.
411
412 if line_count > 1:
413 raise errors.MultipleImagesFoundException(
414 f"Expected a single line of output, got {line_count} lines: {lines}"
415 )
416 image_digest = lines.pop().replace("sha256:", "")
417 return image_digest

Callers

nothing calls this directly

Calls 3

expected_image_nameFunction · 0.85
init_podman_commandFunction · 0.85
runMethod · 0.45

Tested by

no test coverage detected