docker: Index | Files

package schema1

import ""


Package Files

config_builder.go manifest.go reference_builder.go sign.go verify.go


const (
    // MediaTypeManifest specifies the mediaType for the current version. Note
    // that for schema version 1, the the media is optionally "application/json".
    MediaTypeManifest = "application/vnd.docker.distribution.manifest.v1+json"
    // MediaTypeSignedManifest specifies the mediatype for current SignedManifest version
    MediaTypeSignedManifest = "application/vnd.docker.distribution.manifest.v1+prettyjws"
    // MediaTypeManifestLayer specifies the media type for manifest layers
    MediaTypeManifestLayer = "application/vnd.docker.container.image.rootfs.diff+x-gtar"


var (
    // SchemaVersion provides a pre-initialized version structure for this
    // packages version of the manifest.
    SchemaVersion = manifest.Versioned{
        SchemaVersion: 1,

func MakeV1ConfigFromConfig Uses

func MakeV1ConfigFromConfig(configJSON []byte, v1ID, parentV1ID string, throwaway bool) ([]byte, error)

MakeV1ConfigFromConfig creates an legacy V1 image config from image config JSON

func NewConfigManifestBuilder Uses

func NewConfigManifestBuilder(bs distribution.BlobService, pk libtrust.PrivateKey, ref reference.Named, configJSON []byte) distribution.ManifestBuilder

NewConfigManifestBuilder is used to build new manifests for the current schema version from an image configuration and a set of descriptors. It takes a BlobService so that it can add an empty tar to the blob store if the resulting manifest needs empty layers.

func NewReferenceManifestBuilder Uses

func NewReferenceManifestBuilder(pk libtrust.PrivateKey, ref reference.Named, architecture string) distribution.ManifestBuilder

NewReferenceManifestBuilder is used to build new manifests for the current schema version using schema1 dependencies.

func Verify Uses

func Verify(sm *SignedManifest) ([]libtrust.PublicKey, error)

Verify verifies the signature of the signed manifest returning the public keys used during signing.

func VerifyChains Uses

func VerifyChains(sm *SignedManifest, ca *x509.CertPool) ([][]*x509.Certificate, error)

VerifyChains verifies the signature of the signed manifest against the certificate pool returning the list of verified chains. Signatures without an x509 chain are not checked.

type FSLayer Uses

type FSLayer struct {
    // BlobSum is the tarsum of the referenced filesystem image layer
    BlobSum digest.Digest `json:"blobSum"`

FSLayer is a container struct for BlobSums defined in an image manifest

type History Uses

type History struct {
    // V1Compatibility is the raw v1 compatibility information
    V1Compatibility string `json:"v1Compatibility"`

History stores unstructured v1 compatibility information

type Manifest Uses

type Manifest struct {

    // Name is the name of the image's repository
    Name string `json:"name"`

    // Tag is the tag of the image specified by this manifest
    Tag string `json:"tag"`

    // Architecture is the host architecture on which this image is intended to
    // run
    Architecture string `json:"architecture"`

    // FSLayers is a list of filesystem layer blobSums contained in this image
    FSLayers []FSLayer `json:"fsLayers"`

    // History is a list of unstructured historical data for v1 compatibility
    History []History `json:"history"`

Manifest provides the base accessible fields for working with V2 image format in the registry.

type Reference Uses

type Reference struct {
    Digest  digest.Digest
    Size    int64 // if we know it, set it for the descriptor.
    History History

Reference describes a manifest v2, schema version 1 dependency. An FSLayer associated with a history entry.

func (Reference) Descriptor Uses

func (r Reference) Descriptor() distribution.Descriptor

Descriptor describes a reference

type SignedManifest Uses

type SignedManifest struct {

    // Canonical is the canonical byte representation of the ImageManifest,
    // without any attached signatures. The manifest byte
    // representation cannot change or it will have to be re-signed.
    Canonical []byte `json:"-"`
    // contains filtered or unexported fields

SignedManifest provides an envelope for a signed image manifest, including the format sensitive raw bytes.

func Sign Uses

func Sign(m *Manifest, pk libtrust.PrivateKey) (*SignedManifest, error)

Sign signs the manifest with the provided private key, returning a SignedManifest. This typically won't be used within the registry, except for testing.

func SignWithChain Uses

func SignWithChain(m *Manifest, key libtrust.PrivateKey, chain []*x509.Certificate) (*SignedManifest, error)

SignWithChain signs the manifest with the given private key and x509 chain. The public key of the first element in the chain must be the public key corresponding with the sign key.

func (*SignedManifest) MarshalJSON Uses

func (sm *SignedManifest) MarshalJSON() ([]byte, error)

MarshalJSON returns the contents of raw. If Raw is nil, marshals the inner contents. Applications requiring a marshaled signed manifest should simply use Raw directly, since the the content produced by json.Marshal will be compacted and will fail signature checks.

func (SignedManifest) Payload Uses

func (sm SignedManifest) Payload() (string, []byte, error)

Payload returns the signed content of the signed manifest.

func (SignedManifest) References Uses

func (sm SignedManifest) References() []distribution.Descriptor

References returns the descriptors of this manifests references

func (*SignedManifest) Signatures Uses

func (sm *SignedManifest) Signatures() ([][]byte, error)

Signatures returns the signatures as provided by (*libtrust.JSONSignature).Signatures. The byte slices are opaque jws signatures.

func (*SignedManifest) UnmarshalJSON Uses

func (sm *SignedManifest) UnmarshalJSON(b []byte) error

UnmarshalJSON populates a new SignedManifest struct from JSON data.

Package schema1 imports 13 packages (graph). Updated 2019-04-10. Refresh now. Tools for package owners.