|
|
@@ -623,6 +623,13 @@ func PullModel(name, username, password string, fn func(api.ProgressResponse)) e
|
|
|
completed += layer.Size
|
|
|
}
|
|
|
|
|
|
+ fn(api.ProgressResponse{Status: "verifying sha256 digest"})
|
|
|
+ for _, layer := range layers {
|
|
|
+ if err := verifyBlob(layer.Digest); err != nil {
|
|
|
+ return err
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
fn(api.ProgressResponse{Status: "writing manifest"})
|
|
|
|
|
|
manifestJSON, err := json.Marshal(manifest)
|
|
|
@@ -917,3 +924,23 @@ func makeRequest(method, url string, headers map[string]string, body io.Reader,
|
|
|
|
|
|
return resp, nil
|
|
|
}
|
|
|
+
|
|
|
+func verifyBlob(digest string) error {
|
|
|
+ fp, err := GetBlobsPath(digest)
|
|
|
+ if err != nil {
|
|
|
+ return err
|
|
|
+ }
|
|
|
+
|
|
|
+ f, err := os.Open(fp)
|
|
|
+ if err != nil {
|
|
|
+ return err
|
|
|
+ }
|
|
|
+ defer f.Close()
|
|
|
+
|
|
|
+ fileDigest, _ := GetSHA256Digest(f)
|
|
|
+ if digest != fileDigest {
|
|
|
+ return fmt.Errorf("digest mismatch: want %s, got %s", digest, fileDigest)
|
|
|
+ }
|
|
|
+
|
|
|
+ return nil
|
|
|
+}
|
Michael Yang