async def sign_image( self, signer: Signer, src_image_name: ImageName, dest_image_source: ImageSource, dest_image_name: ImageName, signature_type: SignatureTypes = SignatureTypes.SIGN, **kwargs, ) -> ImageSourceSignImage: LOGGER.debug( "%s: %s ...", "Endorsing" if signature_type == SignatureTypes.ENDORSE else "Signing" if signature_type == SignatureTypes.SIGN else "Resigning", src_image_name.resolve_name(), ) dest_image_name = dest_image_name.clone() if dest_image_name.resolve_digest(): dest_image_name.digest = None LOGGER.warning( "It is not possible to store a signed image to a predetermined digest! Adjusted destination: %s", dest_image_name.resolve_name(), ) # Generate a signed image configuration ... data = await self._sign_image_config(signer, src_image_name, signature_type, **kwargs) LOGGER.debug(" Signature:\n%s", data.signature_value) image_config = data.image_config config_digest = image_config.get_digest() LOGGER.debug(" config digest (signed): %s", config_digest) # Generate a new registry manifest ... manifest = data.verify_image_data.manifest.clone() manifest.set_config_digest(config_digest, len(image_config.get_bytes())) data = ImageSourceSignImage( image_config=data.image_config, manifest_signed=manifest, signature_value=data.signature_value, verify_image_data=data.verify_image_data, ) await dest_image_source.put_image( self, dest_image_name, manifest, image_config, data.verify_image_data.compressed_layer_files, **kwargs, ) dest_image_name.digest = manifest.get_digest() if not self.dry_run: LOGGER.debug("Created new image: %s", dest_image_name.resolve_name()) return data
def _get_repository_key(image_name: ImageName) -> str: """ Retrieves the repository key for a given image name. Args: image_name: Image name for which to retrieve the key. Returns: The corresponding repository key. """ key_name = image_name.clone() key_name.tag = None return str(key_name)
async def put_image_config(self, image_name: ImageName, image_config: ImageConfig, **kwargs): image_name = image_name.clone() if image_name.resolve_digest(): image_name.digest = None LOGGER.debug( "It is not possible to store an image configuration to a non-deterministic digest!" " Adjusted destination: %s", image_name.resolve_name(), ) image_config_digest = image_config.get_digest() name = f"{image_config_digest.sha256}.json" if not await self._file_exists(name): with open(self.archive, "rb+") as file_out: tar_add_file(file_out, name, image_config.get_bytes())