github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

Merge pull request #11537 from k8s-infra-cherrypick-robot/cherry-pick-11327-to-release/2.0

Browse Source 
[release/2.0] Update image type checks to avoid unnecessary logs for attestations
This commit is contained in:
Akihiro Suda 2025-03-14 09:07:49 +09:00 committed by GitHub
commit b6ab437d2b
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 17 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
core/images/image.go
View File

@ -369,8 +369,8 @@ func Children(ctx context.Context, provider content.Provider, desc ocispec.Descr
} }
return append([]ocispec.Descriptor{}, index.Manifests...), nil return append([]ocispec.Descriptor{}, index.Manifests...), nil
} else if !IsLayerType(desc.MediaType) && !IsKnownConfig(desc.MediaType) { } else if !IsLayerType(desc.MediaType) && !IsKnownConfig(desc.MediaType) && !IsAttestationType(desc.MediaType) {
// Layers and configs are childless data types and should not be logged. // Layers, configs, and attestations are childless data types and should not be logged.
log.G(ctx).Debugf("encountered unknown type %v; children may not be fetched", desc.MediaType) log.G(ctx).Debugf("encountered unknown type %v; children may not be fetched", desc.MediaType)
} }
return nil, nil return nil, nil

13
core/images/mediatypes.go
View File

@ -58,6 +58,9 @@ const (
MediaTypeImageLayerEncrypted = ocispec.MediaTypeImageLayer + "+encrypted" MediaTypeImageLayerEncrypted = ocispec.MediaTypeImageLayer + "+encrypted"
MediaTypeImageLayerGzipEncrypted = ocispec.MediaTypeImageLayerGzip + "+encrypted" MediaTypeImageLayerGzipEncrypted = ocispec.MediaTypeImageLayerGzip + "+encrypted"
// In-toto attestation
MediaTypeInToto = "application/vnd.in-toto+json"
) )
// DiffCompression returns the compression as defined by the layer diff media // DiffCompression returns the compression as defined by the layer diff media
@ -193,6 +196,16 @@ func IsKnownConfig(mt string) bool {
return false return false
} }
// IsAttestationType returns true if the media type is an attestation type
func IsAttestationType(mt string) bool {
switch mt {
case MediaTypeInToto:
return true
default:
return false
}
}
// ChildGCLabels returns the label for a given descriptor to reference it // ChildGCLabels returns the label for a given descriptor to reference it
func ChildGCLabels(desc ocispec.Descriptor) []string { func ChildGCLabels(desc ocispec.Descriptor) []string {
mt := desc.MediaType mt := desc.MediaType

2
core/remotes/handlers.go
View File

@ -80,6 +80,8 @@ func MakeRefKey(ctx context.Context, desc ocispec.Descriptor) string {
return "layer-" + key return "layer-" + key
case images.IsKnownConfig(desc.MediaType): case images.IsKnownConfig(desc.MediaType):
return "config-" + key return "config-" + key
case images.IsAttestationType(desc.MediaType):
return "attestation-" + key
default: default:
log.G(ctx).Warnf("reference for unknown type: %s", desc.MediaType) log.G(ctx).Warnf("reference for unknown type: %s", desc.MediaType)
return "unknown-" + key return "unknown-" + key