Skip to content

Use UnparsedInstance.Manifest instead of ImageSource.GetManifest #2335

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
openshift-merge-bot merged 2 commits into from
Mar 3, 2025
Merged

Use UnparsedInstance.Manifest instead of ImageSource.GetManifest #2335

openshift-merge-bot merged 2 commits into from
Mar 3, 2025

Conversation

@mtrmac
Copy link
Contributor

@mtrmac mtrmac commented Feb 28, 2025

... to validate that the manifests match expected digests, if any.

Do this everywhere, even where we read local storage which is mostly trusted, because it is cheap enough and being consistent makes it less likely for the code to be copied into other contexts shere the sources are not trusted.

@mtrmac
Use UnparsedInstance.Manifest instead of ImageSource.GetManifest
500cd58 
... to validate that the manifests match expected digests, if any.

Do this everywhere, even where we read local storage which is
mostly trusted, because it is cheap enough and being consistent
makes it less likely for the code to be copied into other
contexts where the sources are not trusted.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
@mtrmac
Add a missing .Close()
5d89ac0 
The underlying implementation does not do anything, so purely
for consistency.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
@rhatdan
Copy link
Member

rhatdan commented Mar 1, 2025

LGTM

Luap99
Luap99 approved these changes Mar 3, 2025
View reviewed changes
Copy link
Member

@Luap99 Luap99 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@openshift-ci openshift-ci bot added the lgtm label Mar 3, 2025
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Mar 3, 2025

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: Luap99, mtrmac

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-merge-bot openshift-merge-bot bot merged commit de1bf04 into containers:main Mar 3, 2025
16 checks passed
@mtrmac mtrmac deleted the enforce-digests branch March 3, 2025 21:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Luap99 Luap99 Luap99 approved these changes

Assignees

@Luap99 Luap99

Labels

approved lgtm

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@mtrmac @rhatdan @Luap99