fix: Ensure the correct digest is used for docker and podman inspect …

…drivers
blue-build · Oct 6, 2024 · cd0fbfa · cd0fbfa
1 parent d2f3f6f
commit cd0fbfa
Show file tree

Hide file tree

Showing 2 changed files with 42 additions and 2 deletions.
diff --git a/process/drivers/docker_driver.rs b/process/drivers/docker_driver.rs
@@ -66,9 +66,22 @@ impl TryFrom<Vec<DockerImageMetadata>> for ImageMetadata {
             bail!("Metadata requires at least 1 digest:\n{value:#?}");
         }
 
+        let index = value
+            .repo_digests
+            .iter()
+            .enumerate()
+            .find(|(_, repo_digest)| verify_image(repo_digest))
+            .map(|(index, _)| index)
+            .ok_or_else(|| {
+                miette!(
+                    "No repo digest could be verified:\n{:?}",
+                    &value.repo_digests
+                )
+            })?;
+
         let digest: Reference = value
             .repo_digests
-            .swap_remove(0)
+            .swap_remove(index)
             .parse()
             .into_diagnostic()?;
         let digest = digest
@@ -83,6 +96,13 @@ impl TryFrom<Vec<DockerImageMetadata>> for ImageMetadata {
     }
 }
 
+fn verify_image(repo_digest: &str) -> bool {
+    let mut command = cmd!("docker", "pull", repo_digest);
+    trace!("{command:?}");
+
+    command.output().is_ok_and(|out| out.status.success())
+}
+
 #[derive(Debug, Deserialize)]
 struct DockerVerisonJsonClient {
     #[serde(alias = "Version")]

diff --git a/process/drivers/podman_driver.rs b/process/drivers/podman_driver.rs
@@ -54,9 +54,22 @@ impl TryFrom<Vec<PodmanImageMetadata>> for ImageMetadata {
             bail!("Podman Metadata requires at least 1 digest:\n{value:#?}");
         }
 
+        let index = value
+            .repo_digests
+            .iter()
+            .enumerate()
+            .find(|(_, repo_digest)| verify_image(repo_digest))
+            .map(|(index, _)| index)
+            .ok_or_else(|| {
+                miette!(
+                    "No repo digest could be verified:\n{:?}",
+                    &value.repo_digests
+                )
+            })?;
+
         let digest: Reference = value
             .repo_digests
-            .swap_remove(0)
+            .swap_remove(index)
             .parse()
             .into_diagnostic()?;
         let digest = digest
@@ -71,6 +84,13 @@ impl TryFrom<Vec<PodmanImageMetadata>> for ImageMetadata {
     }
 }
 
+fn verify_image(repo_digest: &str) -> bool {
+    let mut command = cmd!("podman", "pull", repo_digest);
+    trace!("{command:?}");
+
+    command.output().is_ok_and(|out| out.status.success())
+}
+
 #[derive(Debug, Deserialize)]
 struct PodmanVersionJsonClient {
     #[serde(alias = "Version")]