fix: Ensure the correct digest is used for docker and podman inspect drivers

2024-10-05 22:09:50 -04:00 · 2024-10-05 22:09:50 -04:00 · cd0fbfad6f
commit cd0fbfad6f
parent d2f3f6f756
2 changed files with 42 additions and 2 deletions
--- a/process/drivers/docker_driver.rs
+++ b/process/drivers/docker_driver.rs
@ -66,9 +66,22 @@ impl TryFrom<Vec<DockerImageMetadata>> for ImageMetadata {
            bail!("Metadata requires at least 1 digest:\n{value:#?}");
        }

+        let index = value
+            .repo_digests
+            .iter()
+            .enumerate()
+            .find(|(_, repo_digest)| verify_image(repo_digest))
+            .map(|(index, _)| index)
+            .ok_or_else(|| {
+                miette!(
+                    "No repo digest could be verified:\n{:?}",
+                    &value.repo_digests
+                )
+            })?;
+
        let digest: Reference = value
            .repo_digests
-            .swap_remove(0)
+            .swap_remove(index)
            .parse()
            .into_diagnostic()?;
        let digest = digest
@ -83,6 +96,13 @@ impl TryFrom<Vec<DockerImageMetadata>> for ImageMetadata {
    }
 }

+fn verify_image(repo_digest: &str) -> bool {
+    let mut command = cmd!("docker", "pull", repo_digest);
+    trace!("{command:?}");
+
+    command.output().is_ok_and(|out| out.status.success())
+}
+
 #[derive(Debug, Deserialize)]
 struct DockerVerisonJsonClient {
    #[serde(alias = "Version")]
--- a/process/drivers/podman_driver.rs
+++ b/process/drivers/podman_driver.rs
@ -54,9 +54,22 @@ impl TryFrom<Vec<PodmanImageMetadata>> for ImageMetadata {
            bail!("Podman Metadata requires at least 1 digest:\n{value:#?}");
        }

+        let index = value
+            .repo_digests
+            .iter()
+            .enumerate()
+            .find(|(_, repo_digest)| verify_image(repo_digest))
+            .map(|(index, _)| index)
+            .ok_or_else(|| {
+                miette!(
+                    "No repo digest could be verified:\n{:?}",
+                    &value.repo_digests
+                )
+            })?;
+
        let digest: Reference = value
            .repo_digests
-            .swap_remove(0)
+            .swap_remove(index)
            .parse()
            .into_diagnostic()?;
        let digest = digest
@ -71,6 +84,13 @@ impl TryFrom<Vec<PodmanImageMetadata>> for ImageMetadata {
    }
 }

+fn verify_image(repo_digest: &str) -> bool {
+    let mut command = cmd!("podman", "pull", repo_digest);
+    trace!("{command:?}");
+
+    command.output().is_ok_and(|out| out.status.success())
+}
+
 #[derive(Debug, Deserialize)]
 struct PodmanVersionJsonClient {
    #[serde(alias = "Version")]