diff --git a/copy/copy.go b/copy/copy.go index a29d536347..1d74beacf6 100644 --- a/copy/copy.go +++ b/copy/copy.go @@ -44,6 +44,11 @@ type digestingReader struct { skipValidation bool } +var ( + // ErrDecryptParamsMissing is returned if there is missing decryption parameters + ErrDecryptParamsMissing = errors.New("Necessary DecryptParameters not present") +) + // maxParallelDownloads is used to limit the maxmimum number of parallel // downloads. Let's follow Firefox by limiting it to 6. var maxParallelDownloads = 6 @@ -263,7 +268,7 @@ func (c *copier) copyOneImage(ctx context.Context, policyContext *signature.Poli return nil, errors.Wrapf(err, "Error initializing image from source %s", transports.ImageName(c.rawSource.Reference())) } - if err = src.SupportsEncryption(ctx); err != nil && options.EncryptLayers != nil { + if !src.SupportsEncryption(ctx) && options.EncryptLayers != nil { return nil, errors.Wrap(err, "Encryption requested but not supported by source image type") } @@ -892,7 +897,7 @@ func (c *copier) copyBlobFromStream(ctx context.Context, srcStream io.Reader, sr srcInfo.MediaType == manifest.DockerV2Schema2LayerEncMediaType { if c.decryptConfig == nil { - return types.BlobInfo{}, errors.New("Necessary DecryptParameters not present") + return types.BlobInfo{}, ErrDecryptParamsMissing } dc := c.decryptConfig diff --git a/copy/manifest_test.go b/copy/manifest_test.go index 2d25bf1ff5..467c13c270 100644 --- a/copy/manifest_test.go +++ b/copy/manifest_test.go @@ -71,7 +71,7 @@ func (f fakeImageSource) UpdatedImageNeedsLayerDiffIDs(options types.ManifestUpd func (f fakeImageSource) UpdatedImage(ctx context.Context, options types.ManifestUpdateOptions) (types.Image, error) { panic("Unexpected call to a mock function") } -func (f fakeImageSource) SupportsEncryption(ctx context.Context) error { +func (f fakeImageSource) SupportsEncryption(ctx context.Context) bool { panic("Unexpected call to a mock function") } func (f fakeImageSource) Size() (int64, error) { diff --git a/image/docker_schema1.go b/image/docker_schema1.go index 0092a4eb48..e554f3f1da 100644 --- a/image/docker_schema1.go +++ b/image/docker_schema1.go @@ -201,7 +201,7 @@ func (m *manifestSchema1) convertToManifestSchema2(uploadedLayerInfos []types.Bl return manifestSchema2FromComponents(configDescriptor, nil, configJSON, layers), nil } -// SupportsEncryption returns an error if encryption is not supported for the manifest type -func (m *manifestSchema1) SupportsEncryption(context.Context) error { - return errors.New("Docker Schema v1 does not support encryption") +// SupportsEncryption returns if encryption is supported for the manifest type +func (m *manifestSchema1) SupportsEncryption(context.Context) bool { + return false } diff --git a/image/docker_schema2.go b/image/docker_schema2.go index 1c022a4f90..ed3b2924fb 100644 --- a/image/docker_schema2.go +++ b/image/docker_schema2.go @@ -350,7 +350,7 @@ func v1ConfigFromConfigJSON(configJSON []byte, v1ID, parentV1ID string, throwawa return json.Marshal(rawContents) } -// SupportsEncryption returns an error if encryption is not supported for the manifest type -func (m *manifestSchema2) SupportsEncryption(context.Context) error { - return errors.New("Docker Schema v2 does not support encryption") +// SupportsEncryption returns if encryption is supported for the manifest type +func (m *manifestSchema2) SupportsEncryption(context.Context) bool { + return false } diff --git a/image/manifest.go b/image/manifest.go index 18d7cdeda8..530e4438fb 100644 --- a/image/manifest.go +++ b/image/manifest.go @@ -44,8 +44,8 @@ type genericManifest interface { // UpdatedImage returns a types.Image modified according to options. // This does not change the state of the original Image object. UpdatedImage(ctx context.Context, options types.ManifestUpdateOptions) (types.Image, error) - // SupportsEncryption returns an error if encryption is not supported for the manifest type - SupportsEncryption(ctx context.Context) error + // SupportsEncryption returns if encryption is supported for the manifest type + SupportsEncryption(ctx context.Context) bool } // manifestInstanceFromBlob returns a genericManifest implementation for (manblob, mt) in src. diff --git a/image/oci.go b/image/oci.go index 664c144c4d..c5918d3966 100644 --- a/image/oci.go +++ b/image/oci.go @@ -197,7 +197,7 @@ func (m *manifestOCI1) convertToManifestSchema2() (types.Image, error) { return memoryImageFromManifest(m1), nil } -// SupportsEncryption returns an error if encryption is not supported for the manifest type -func (m *manifestOCI1) SupportsEncryption(context.Context) error { - return nil +// SupportsEncryption returns if encryption is supported for the manifest type +func (m *manifestOCI1) SupportsEncryption(context.Context) bool { + return true } diff --git a/types/types.go b/types/types.go index 0f03a7bdab..9ac04550bd 100644 --- a/types/types.go +++ b/types/types.go @@ -357,8 +357,8 @@ type Image interface { // Everything in options.InformationOnly should be provided, other fields should be set only if a modification is desired. // This does not change the state of the original Image object. UpdatedImage(ctx context.Context, options ManifestUpdateOptions) (Image, error) - // SupportsEncryption errors if the image doesn't support encryption - SupportsEncryption(ctx context.Context) error + // SupportsEncryption returns an indicator that the image supports encryption + SupportsEncryption(ctx context.Context) bool // Size returns an approximation of the amount of disk space which is consumed by the image in its current // location. If the size is not known, -1 will be returned. Size() (int64, error)