package digest import ( "crypto/tls" "encoding/base64" "encoding/json" "errors" "fmt" "github.com/containrrr/watchtower/pkg/registry/auth" "github.com/containrrr/watchtower/pkg/registry/manifest" "github.com/containrrr/watchtower/pkg/types" "github.com/sirupsen/logrus" "net/http" "strings" ) // ContentDigestHeader is the key for the key-value pair containing the digest header const ContentDigestHeader = "Docker-Content-Digest" // CompareDigest ... func CompareDigest(container types.Container, registryAuth string) (bool, error) { var digest string registryAuth = TransformAuth(registryAuth) token, err := auth.GetToken(container, registryAuth) if err != nil { return false, err } digestURL, err := manifest.BuildManifestURL(container) if err != nil { return false, err } if digest, err = GetDigest(digestURL, token); err != nil { return false, err } logrus.WithField("remote", digest).Debug("Found a remote digest to compare with") for _, dig := range container.ImageInfo().RepoDigests { localDigest := strings.Split(dig, "@")[1] fields := logrus.Fields{"local": localDigest, "remote": digest} logrus.WithFields(fields).Debug("Comparing") if localDigest == digest { logrus.Debug("Found a match") return true, nil } } return false, nil } // TransformAuth from a base64 encoded json object to base64 encoded string func TransformAuth(registryAuth string) string { b, _ := base64.StdEncoding.DecodeString(registryAuth) credentials := &types.RegistryCredentials{} _ = json.Unmarshal(b, credentials) if credentials.Username != "" && credentials.Password != "" { ba := []byte(fmt.Sprintf("%s:%s", credentials.Username, credentials.Password)) registryAuth = base64.StdEncoding.EncodeToString(ba) } return registryAuth } // GetDigest from registry using a HEAD request to prevent rate limiting func GetDigest(url string, token string) (string, error) { tr := &http.Transport{ TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, } client := &http.Client{Transport: tr} req, _ := http.NewRequest("HEAD", url, nil) if token != "" { logrus.WithField("token", token).Trace("Setting request token") } else { return "", errors.New("could not fetch token") } req.Header.Add("Authorization", token) req.Header.Add("Accept", "application/vnd.docker.distribution.manifest.v2+json") req.Header.Add("Accept", "application/vnd.docker.distribution.manifest.list.v2+json") req.Header.Add("Accept", "application/vnd.docker.distribution.manifest.v1+json") logrus.WithField("url", url).Debug("Doing a HEAD request to fetch a digest") res, err := client.Do(req) if err != nil { return "", err } defer res.Body.Close() if res.StatusCode != 200 { return "", fmt.Errorf("registry responded to head request with %v", res) } return res.Header.Get(ContentDigestHeader), nil }