fix: call notation-go libs instead of using notation binary (#1104)

fix: add loading notation path Signed-off-by: Andreea-Lupu <andreealupu1470@yahoo.com> Co-authored-by: Roxana Nemulescu <roxana.nemulescu@gmail.com>
2026-06-16 04:17:55 +08:00 · 2023-02-13 20:43:52 +02:00
parent 2377d62344
commit ee95ab0ffc
21 changed files with 1731 additions and 333 deletions
@@ -3,13 +3,10 @@ package storage
 import (
 	"encoding/json"
 	"errors"
-	"os"
 	"path"
 	"strings"

-	"github.com/docker/distribution/registry/storage/driver"
 	"github.com/gobwas/glob"
-	"github.com/notaryproject/notation-go"
 	godigest "github.com/opencontainers/go-digest"
 	imeta "github.com/opencontainers/image-spec/specs-go"
 	ispec "github.com/opencontainers/image-spec/specs-go/v1"
@@ -95,7 +92,7 @@ func ValidateManifest(imgStore ImageStore, repo, reference, mediaType string, bo
 			}
 		}
 	case oras.MediaTypeArtifactManifest:
-		var m notation.Descriptor
+		var m oras.Descriptor
 		if err := json.Unmarshal(body, &m); err != nil {
 			log.Error().Err(err).Msg("unable to unmarshal JSON")

@@ -580,7 +577,7 @@ func GetReferrers(imgStore ImageStore, repo string, gdigest godigest.Digest, art
 		if err != nil {
 			log.Error().Err(err).Str("blob", imgStore.BlobPath(repo, manifest.Digest)).Msg("failed to read manifest")

-			if os.IsNotExist(err) || errors.Is(err, driver.PathNotFoundError{}) {
+			if errors.Is(err, zerr.ErrBlobNotFound) {
 				return nilIndex, zerr.ErrManifestNotFound
 			}

@@ -691,7 +688,7 @@ func GetOrasManifestByDigest(imgStore ImageStore, repo string, digest godigest.D
 	if err != nil {
 		log.Error().Err(err).Str("blob", blobPath).Msg("failed to read manifest")

-		if os.IsNotExist(err) || errors.Is(err, driver.PathNotFoundError{}) {
+		if errors.Is(err, zerr.ErrBlobNotFound) {
 			return artManifest, zerr.ErrManifestNotFound
 		}

@@ -7,7 +7,6 @@ import (
 	"path"
 	"testing"

-	"github.com/docker/distribution/registry/storage/driver"
 	godigest "github.com/opencontainers/go-digest"
 	ispec "github.com/opencontainers/image-spec/specs-go/v1"
 	artifactspec "github.com/oras-project/artifacts-spec/specs-go/v1"
@@ -169,7 +168,7 @@ func TestGetReferrersErrors(t *testing.T) {
 					return indexBuf, nil
 				},
 				GetBlobContentFn: func(repo string, digest godigest.Digest) ([]byte, error) {
-					return []byte{}, driver.PathNotFoundError{}
+					return []byte{}, errors.ErrBlobNotFound
 				},
 			}

@@ -195,6 +194,10 @@ func TestGetReferrersErrors(t *testing.T) {
 			_, err = storage.GetReferrers(imgStore, "zot-test", validDigest,
 				[]string{artifactType}, log.With().Caller().Logger())
 			So(err, ShouldNotBeNil)
+
+			_, err = storage.GetOrasReferrers(imgStore, "zot-test", validDigest,
+				artifactType, log.With().Caller().Logger())
+			So(err, ShouldNotBeNil)
 		})

 		Convey("Trigger continue on different artifactType", func(c C) {
@@ -226,6 +229,20 @@ func TestGetReferrersErrors(t *testing.T) {
 			So(err, ShouldNotBeNil)
 		})

+		Convey("Unmarshal oras artifact error", func(c C) {
+			imgStore = &mocks.MockedImageStore{
+				GetIndexContentFn: func(repo string) ([]byte, error) {
+					return indexBuf, nil
+				},
+				GetBlobContentFn: func(repo string, digest godigest.Digest) ([]byte, error) {
+					return []byte("wrong content"), nil
+				},
+			}
+
+			_, err = storage.GetOrasReferrers(imgStore, "zot-test", validDigest, artifactType, log.With().Caller().Logger())
+			So(err, ShouldNotBeNil)
+		})
+
 		Convey("Trigger unmarshal error on manifest image mediaType", func(c C) {
 			index = ispec.Index{
 				Manifests: []ispec.Descriptor{
@@ -1476,7 +1476,7 @@ func (is *ImageStoreLocal) garbageCollect(dir string, repo string) error {
 					cosignDescriptors = append(cosignDescriptors, desc)
 				}
 			}
-		case oras.MediaTypeArtifactManifest:
+		case ispec.MediaTypeArtifactManifest:
 			notationDescriptors = append(notationDescriptors, desc)
 		}
 	}
@@ -1615,7 +1615,9 @@ func gcNotationSignatures(imgStore *ImageStoreLocal, oci casext.Engine, index *i
 	for _, notationDesc := range notationDescriptors {
 		foundSubject := false
 		// check if we can find the manifest which the signature points to
-		artManifest, err := storage.GetOrasManifestByDigest(imgStore, repo, notationDesc.Digest, imgStore.log)
+		var artManifest ispec.Artifact
+
+		buf, err := imgStore.GetBlobContent(repo, notationDesc.Digest)
 		if err != nil {
 			imgStore.log.Error().Err(err).Str("repo", repo).Str("digest", notationDesc.Digest.String()).
 				Msg("gc: failed to get oras artifact manifest")
@@ -1623,7 +1625,14 @@ func gcNotationSignatures(imgStore *ImageStoreLocal, oci casext.Engine, index *i
 			return err
 		}

-		// skip oras artifacts which are not signatures
+		if err := json.Unmarshal(buf, &artManifest); err != nil {
+			imgStore.log.Error().Err(err).Str("repo", repo).Str("digest", notationDesc.Digest.String()).
+				Msg("gc: failed to get oras artifact manifest")
+
+			return err
+		}
+
+		// skip oci artifacts which are not signatures
 		if artManifest.ArtifactType != notreg.ArtifactTypeNotation {
 			continue
 		}