Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

genpolicy: Update oci_distribution to 0.10.0 #129

Merged
merged 2 commits into from
Dec 21, 2023
Merged

genpolicy: Update oci_distribution to 0.10.0 #129

merged 2 commits into from
Dec 21, 2023

Conversation

Redent0r
Copy link

@Redent0r Redent0r commented Dec 20, 2023
edited
Loading

  • Bring back remaining changes from cc-msft-prototypes (Only da40e41)

  • Update oci_distribution and support alternative layer media type. These 2 things add back support for images like docker.io/library/busybox:latest

test run: 100% pass

@Redent0r Redent0r marked this pull request as ready for review December 20, 2023 21:26
danmihai1
danmihai1 requested changes Dec 20, 2023
View reviewed changes
Copy link

@danmihai1 danmihai1 left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please port the remaining genpolicy commits from cc-msft-prototypes into msft-main, before making these oher changes - to make sure we don't leave useful changes behind, in cc-msft-prototypes.

@danmihai1
Copy link

Update oci_distribution client and support alternative layer media type. This adds back support for images like docker.io/library/busybox:latest

test run: https://dev.azure.com/mariner-org/mariner/_build/results?buildId=472233&view=results (100% pass)

Please don't include MSFT private links in public PRs.

@danmihai1 @Redent0r
genpolicy: deny UpdateEphemeralMountsRequest (#126)
9a78063 
* genpolicy: deny UpdateEphemeralMountsRequest

Deny UpdateEphemeralMountsRequest by default, because paths to
critical Guest components can be redirected using such request.

Signed-off-by: Dan Mihai <[email protected]>

* policy: update samples

Signed-off-by: Dan Mihai <[email protected]>

---------

Signed-off-by: Dan Mihai <[email protected]>
@danmihai1
Copy link

I believe the crate name is oci_distribution, not oci_distribution_client

@Redent0r Redent0r changed the title genpolicy: Update oci_distribution_client to 0.10.0 genpolicy: Update oci_distribution to 0.10.0 Dec 20, 2023
danmihai1
danmihai1 requested changes Dec 20, 2023
View reviewed changes
src/tools/genpolicy/src/registry.rs Outdated
@@ -232,7 +232,10 @@ async fn get_image_layers(
for layer in &manifest.layers {
if layer
.media_type
.eq(manifest::IMAGE_DOCKER_LAYER_GZIP_MEDIA_TYPE)
.eq(manifest::IMAGE_DOCKER_LAYER_GZIP_MEDIA_TYPE) ||
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please format this code using rust-analyzer. It looks like it wants to format it as:

    if layer
        .media_type
        .eq(manifest::IMAGE_DOCKER_LAYER_GZIP_MEDIA_TYPE)
        || layer.media_type.eq(manifest::IMAGE_LAYER_GZIP_MEDIA_TYPE)

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for highlighting this. I had rust-analyzer, but didn't have formatOnSave toggled on my vs code settings

@Redent0r Redent0r force-pushed the saulparedes/update_oci_distribution branch from 04db7a8 to 74a3ba5 Compare December 20, 2023 22:56
@Redent0r
Copy link
Author

Please port the remaining genpolicy commits from cc-msft-prototypes into msft-main, before making these oher changes - to make sure we don't leave useful changes behind, in cc-msft-prototypes.

Ported only change missing from cc-msft-prototypes (da40e41) and rebased my changes on top of it to preserve chronological order

@Redent0r Redent0r requested a review from danmihai1 December 20, 2023 23:08
@Redent0r
genpolicy: Update oci_distribution to 0.10.0
d794f38 
Also support alternative media type and update samples

Signed-off-by: Saul Paredes <[email protected]>
@Redent0r Redent0r force-pushed the saulparedes/update_oci_distribution branch from 37552e3 to d794f38 Compare December 20, 2023 23:27
@Redent0r Redent0r merged commit 2780493 into msft-main Dec 21, 2023
42 of 94 checks passed
@Redent0r Redent0r deleted the saulparedes/update_oci_distribution branch December 21, 2023 03:48
@sprt sprt added the upstream/missing PRs that are yet to be upstreamed label Jan 22, 2024
@Redent0r Redent0r added upstream/merged PRs that have been merged upstream and removed upstream/missing PRs that are yet to be upstreamed labels Jul 25, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@danmihai1 danmihai1 danmihai1 approved these changes

@ms-mahuber ms-mahuber ms-mahuber approved these changes

Assignees
No one assigned
Labels
upstream/merged PRs that have been merged upstream
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@Redent0r @danmihai1 @ms-mahuber @sprt