From 366e7721bbe52071ceb9a3caa97df35f619f0ca1 Mon Sep 17 00:00:00 2001 From: Jessica Frazelle Date: Tue, 20 Jan 2015 19:19:11 -0800 Subject: [PATCH 1/2] Warn about tech preview of checksums. Docker-DCO-1.1-Signed-off-by: Jessica Frazelle (github: jfrazelle) Upstream-commit: 1820003078eeae6ab25e2440669c490caff59b57 Component: engine --- components/engine/graph/pull.go | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/components/engine/graph/pull.go b/components/engine/graph/pull.go index 6129ea39a1..d8d045e7a8 100644 --- a/components/engine/graph/pull.go +++ b/components/engine/graph/pull.go @@ -428,10 +428,11 @@ func (s *TagStore) pullV2Tag(eng *engine.Engine, r *registry.Session, out io.Wri } if verified { - out.Write(sf.FormatStatus(repoInfo.CanonicalName+":"+tag, "The image you are pulling has been verified")) + log.Printf("Image manifest for %s:%s has been verified", repoInfo.CanonicalName, tag) } else { out.Write(sf.FormatStatus(tag, "Pulling from %s", repoInfo.CanonicalName)) } + downloads := make([]downloadInfo, len(manifest.FSLayers)) for i := len(manifest.FSLayers) - 1; i >= 0; i-- { @@ -553,6 +554,8 @@ func (s *TagStore) pullV2Tag(eng *engine.Engine, r *registry.Session, out io.Wri } + out.Write(sf.FormatStatus(repoInfo.CanonicalName+":"+tag, "The image you are pulling has been verified - This is a tech preview, don't rely on it for security yet.")) + if err = s.Set(repoInfo.LocalName, tag, downloads[0].img.ID, true); err != nil { return false, err } From f6fc27f6b6eaf103ca2a845ecb2ca2096368902b Mon Sep 17 00:00:00 2001 From: Jessica Frazelle Date: Wed, 21 Jan 2015 16:12:02 -0800 Subject: [PATCH 2/2] Add test for pull verified Docker-DCO-1.1-Signed-off-by: Jessica Frazelle (github: jfrazelle) Upstream-commit: 614e09a8c7990e05509edb4c335c4b59001cea61 Component: engine --- .../integration-cli/docker_cli_pull_test.go | 38 +++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/components/engine/integration-cli/docker_cli_pull_test.go b/components/engine/integration-cli/docker_cli_pull_test.go index 7649688583..29471954ac 100644 --- a/components/engine/integration-cli/docker_cli_pull_test.go +++ b/components/engine/integration-cli/docker_cli_pull_test.go @@ -53,6 +53,44 @@ func TestPullImageWithAliases(t *testing.T) { logDone("pull - image with aliases") } +// pulling busybox should show verified message +func TestPullVerified(t *testing.T) { + defer setupRegistry(t)() + + repo := fmt.Sprintf("%v/dockercli/busybox:verified", privateRegistryURL) + defer deleteImages(repo) + + // tag the image + if out, _, err := runCommandWithOutput(exec.Command(dockerBinary, "tag", "busybox", repo)); err != nil { + t.Fatalf("Failed to tag image verifiedTest: error %v, output %q", err, out) + } + + // push it + if out, err := exec.Command(dockerBinary, "push", repo).CombinedOutput(); err != nil { + t.Fatalf("Failed to push image %v: error %v, output %q", err, string(out)) + } + + // remove it locally + if out, err := exec.Command(dockerBinary, "rmi", repo).CombinedOutput(); err != nil { + t.Fatalf("Failed to clean images: error %v, output %q", err, string(out)) + } + + // pull it + expected := "The image you are pulling has been verified" + pullCmd := exec.Command(dockerBinary, "pull", repo) + if out, _, err := runCommandWithOutput(pullCmd); err != nil || !strings.Contains(out, expected) { + t.Fatalf("pulling a verified image failed. expected: %s\ngot: %s, %v", expected, out, err) + } + + // pull it again + pullCmd = exec.Command(dockerBinary, "pull", repo) + if out, _, err := runCommandWithOutput(pullCmd); err != nil || !strings.Contains(out, expected) { + t.Fatalf("pulling a verified image failed. expected: %s\ngot: %s, %v", expected, out, err) + } + + logDone("pull - pull verified") +} + // pulling an image from the central registry should work func TestPullImageFromCentralRegistry(t *testing.T) { pullCmd := exec.Command(dockerBinary, "pull", "hello-world")