github.com/opencontainers/umoci@v0.4.8-0.20240508124516-656e4836fb0d/oci/casext/verified_blob.go

github.com/opencontainers/umoci@v0.4.8-0.20240508124516-656e4836fb0d/oci/casext/verified_blob.go (about)

     1  /*
     2   * umoci: Umoci Modifies Open Containers' Images
     3   * Copyright (C) 2016-2020 SUSE LLC
     4   *
     5   * Licensed under the Apache License, Version 2.0 (the "License");
     6   * you may not use this file except in compliance with the License.
     7   * You may obtain a copy of the License at
     8   *
     9   *    http://www.apache.org/licenses/LICENSE-2.0
    10   *
    11   * Unless required by applicable law or agreed to in writing, software
    12   * distributed under the License is distributed on an "AS IS" BASIS,
    13   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    14   * See the License for the specific language governing permissions and
    15   * limitations under the License.
    16   */
    17  
    18  package casext
    19  
    20  import (
    21  	"context"
    22  	"io"
    23  
    24  	ispec "github.com/opencontainers/image-spec/specs-go/v1"
    25  	"github.com/opencontainers/umoci/pkg/hardening"
    26  )
    27  
    28  // GetVerifiedBlob returns a VerifiedReadCloser for retrieving a blob from the
    29  // image, which the caller must Close() *and* read-to-EOF (checking the error
    30  // code of both). Returns ErrNotExist if the digest is not found, and
    31  // ErrBlobDigestMismatch on a mismatched blob digest. In addition, the reader
    32  // is limited to the descriptor.Size.
    33  func (e Engine) GetVerifiedBlob(ctx context.Context, descriptor ispec.Descriptor) (io.ReadCloser, error) {
    34  	reader, err := e.GetBlob(ctx, descriptor.Digest)
    35  	return &hardening.VerifiedReadCloser{
    36  		Reader:         reader,
    37  		ExpectedDigest: descriptor.Digest,
    38  		ExpectedSize:   descriptor.Size,
    39  	}, err
    40  }