Merge pull request #1444 from crazy-max/inspect-attest

imagetools inspect: handle provenance and sboms
pull/830/merge
Tõnis Tiigi 2 years ago committed by GitHub
commit 332dfb4b92
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

@ -72,7 +72,6 @@ unset. Following fields are available:
* `.Name`: provides the reference of the image * `.Name`: provides the reference of the image
* `.Manifest`: provides the manifest or manifest list * `.Manifest`: provides the manifest or manifest list
* `.Image`: provides the image config * `.Image`: provides the image config
* `.BuildInfo`: provides [build info from image config](https://github.com/moby/buildkit/blob/master/docs/build-repro.md#image-config)
#### `.Name` #### `.Name`
@ -122,39 +121,6 @@ Manifests:
Platform: linux/riscv64 Platform: linux/riscv64
``` ```
#### `.BuildInfo`
```console
$ docker buildx imagetools inspect crazymax/buildx:buildinfo --format "{{.BuildInfo}}"
Name: docker.io/crazymax/buildx:buildinfo
Frontend: dockerfile.v0
Attrs:
filename: Dockerfile
source: docker/dockerfile-upstream:master-labs
build-arg:bar: foo
build-arg:foo: bar
Sources:
Type: docker-image
Ref: docker.io/docker/buildx-bin:0.6.1@sha256:a652ced4a4141977c7daaed0a074dcd9844a78d7d2615465b12f433ae6dd29f0
Pin: sha256:a652ced4a4141977c7daaed0a074dcd9844a78d7d2615465b12f433ae6dd29f0
Type: docker-image
Ref: docker.io/library/alpine:3.13
Pin: sha256:026f721af4cf2843e07bba648e158fb35ecc876d822130633cc49f707f0fc88c
Type: docker-image
Ref: docker.io/moby/buildkit:v0.9.0
Pin: sha256:8dc668e7f66db1c044aadbed306020743516a94848793e0f81f94a087ee78cab
Type: docker-image
Ref: docker.io/tonistiigi/xx@sha256:21a61be4744f6531cb5f33b0e6f40ede41fa3a1b8c82d5946178f80cc84bfc04
Pin: sha256:21a61be4744f6531cb5f33b0e6f40ede41fa3a1b8c82d5946178f80cc84bfc04
Type: http
Ref: https://raw.githubusercontent.com/moby/moby/master/README.md
Pin: sha256:419455202b0ef97e480d7f8199b26a721a417818bc0e2d106975f74323f25e6c
```
#### JSON output #### JSON output
A `json` go template func is also available if you want to render fields as A `json` go template func is also available if you want to render fields as
@ -166,7 +132,7 @@ $ docker buildx imagetools inspect crazymax/loop --format "{{json .Manifest}}"
```json ```json
{ {
"mediaType": "application/vnd.docker.distribution.manifest.v2+json", "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
"digest": "sha256:08602e7340970e92bde5e0a2e887c1fde4d9ae753d1e05efb4c8ef3b609f97f1", "digest": "sha256:a9ca35b798e0b198f9be7f3b8b53982e9a6cf96814cb10d78083f40ad8c127f1",
"size": 949 "size": 949
} }
``` ```
@ -177,23 +143,23 @@ $ docker buildx imagetools inspect moby/buildkit:master --format "{{json .Manife
```json ```json
{ {
"schemaVersion": 2, "schemaVersion": 2,
"mediaType": "application/vnd.docker.distribution.manifest.list.v2+json", "mediaType": "application/vnd.oci.image.index.v1+json",
"digest": "sha256:79d97f205e2799d99a3a8ae2a1ef17acb331e11784262c3faada847dc6972c52", "digest": "sha256:d895e8fdcf5e2bb39acb5966f97fc4cd87a2d13d27c939c320025eb4aca5440c",
"size": 2010, "size": 4654,
"manifests": [ "manifests": [
{ {
"mediaType": "application/vnd.docker.distribution.manifest.v2+json", "mediaType": "application/vnd.oci.image.manifest.v1+json",
"digest": "sha256:bd1e78f06de26610fadf4eb9d04b1a45a545799d6342701726e952cc0c11c912", "digest": "sha256:ac9dd4fbec9e36b562f910618975a2936533f8e411a3fea2858aacc0ac972e1c",
"size": 1158, "size": 1054,
"platform": { "platform": {
"architecture": "amd64", "architecture": "amd64",
"os": "linux" "os": "linux"
} }
}, },
{ {
"mediaType": "application/vnd.docker.distribution.manifest.v2+json", "mediaType": "application/vnd.oci.image.manifest.v1+json",
"digest": "sha256:d37dcced63ec0965824fca644f0ac9efad8569434ec15b4c83adfcb3dcfc743b", "digest": "sha256:0f4dc6797db467372cbf52c7236816203654a839f64a6542c9135d1973c9d744",
"size": 1158, "size": 1054,
"platform": { "platform": {
"architecture": "arm", "architecture": "arm",
"os": "linux", "os": "linux",
@ -201,260 +167,404 @@ $ docker buildx imagetools inspect moby/buildkit:master --format "{{json .Manife
} }
}, },
{ {
"mediaType": "application/vnd.docker.distribution.manifest.v2+json", "mediaType": "application/vnd.oci.image.manifest.v1+json",
"digest": "sha256:ce142eb2255e6af46f2809e159fd03081697c7605a3de03b9cbe9a52ddb244bf", "digest": "sha256:d62bb533d95afe17c4a9caf1e7c57a3b0a7a67409ccfa7af947aeb0f670ffb87",
"size": 1158, "size": 1054,
"platform": { "platform": {
"architecture": "arm64", "architecture": "arm64",
"os": "linux" "os": "linux"
} }
}, },
{ {
"mediaType": "application/vnd.docker.distribution.manifest.v2+json", "mediaType": "application/vnd.oci.image.manifest.v1+json",
"digest": "sha256:f59bfb5062fff76ce464bfa4e25ebaaaac887d6818238e119d68613c456d360c", "digest": "sha256:b4944057e0c68203cdcc3dceff3b2df3c7d9e3dd801724fa977b01081da7771e",
"size": 1158, "size": 1054,
"platform": { "platform": {
"architecture": "s390x", "architecture": "s390x",
"os": "linux" "os": "linux"
} }
}, },
{ {
"mediaType": "application/vnd.docker.distribution.manifest.v2+json", "mediaType": "application/vnd.oci.image.manifest.v1+json",
"digest": "sha256:cc96426e0c50a78105d5637d31356db5dd6ec594f21b24276e534a32da09645c", "digest": "sha256:825702a51eb4234904fc9253d8b0bf0a584787ffd8fc3fd6fa374188233ce399",
"size": 1159, "size": 1054,
"platform": { "platform": {
"architecture": "ppc64le", "architecture": "ppc64le",
"os": "linux" "os": "linux"
} }
}, },
{ {
"mediaType": "application/vnd.docker.distribution.manifest.v2+json", "mediaType": "application/vnd.oci.image.manifest.v1+json",
"digest": "sha256:39f9c1e2878e6c333acb23187d6b205ce82ed934c60da326cb2c698192631478", "digest": "sha256:dfb27c6acc9b9f3a7c9d47366d137089565062f43c8063c9f5e408d34c87ee4a",
"size": 1158, "size": 1054,
"platform": { "platform": {
"architecture": "riscv64", "architecture": "riscv64",
"os": "linux" "os": "linux"
} }
} },
]
}
```
```console
$ docker buildx imagetools inspect crazymax/buildx:buildinfo --format "{{json .BuildInfo}}"
```
```json
{
"frontend": "dockerfile.v0",
"attrs": {
"build-arg:bar": "foo",
"build-arg:foo": "bar",
"filename": "Dockerfile",
"source": "crazymax/dockerfile:buildattrs"
},
"sources": [
{ {
"type": "docker-image", "mediaType": "application/vnd.oci.image.manifest.v1+json",
"ref": "docker.io/docker/buildx-bin:0.6.1@sha256:a652ced4a4141977c7daaed0a074dcd9844a78d7d2615465b12f433ae6dd29f0", "digest": "sha256:f2fe69bccc878e658caf21dfc99eaf726fb20d28f17398c1d66a90e62cc019f9",
"pin": "sha256:a652ced4a4141977c7daaed0a074dcd9844a78d7d2615465b12f433ae6dd29f0" "size": 1113,
"annotations": {
"vnd.docker.reference.digest": "sha256:ac9dd4fbec9e36b562f910618975a2936533f8e411a3fea2858aacc0ac972e1c",
"vnd.docker.reference.type": "attestation-manifest"
},
"platform": {
"architecture": "unknown",
"os": "unknown"
}
}, },
{ {
"type": "docker-image", "mediaType": "application/vnd.oci.image.manifest.v1+json",
"ref": "docker.io/library/alpine:3.13@sha256:026f721af4cf2843e07bba648e158fb35ecc876d822130633cc49f707f0fc88c", "digest": "sha256:9e112f8d4e383186f36369fba7b454e246d2e9ca5def797f1b84ede265e9f3ca",
"pin": "sha256:026f721af4cf2843e07bba648e158fb35ecc876d822130633cc49f707f0fc88c" "size": 1113,
"annotations": {
"vnd.docker.reference.digest": "sha256:0f4dc6797db467372cbf52c7236816203654a839f64a6542c9135d1973c9d744",
"vnd.docker.reference.type": "attestation-manifest"
},
"platform": {
"architecture": "unknown",
"os": "unknown"
}
}, },
{ {
"type": "docker-image", "mediaType": "application/vnd.oci.image.manifest.v1+json",
"ref": "docker.io/moby/buildkit:v0.9.0@sha256:8dc668e7f66db1c044aadbed306020743516a94848793e0f81f94a087ee78cab", "digest": "sha256:09d593587f8665269ec6753eaed7fbdb09968f71587dd53e06519502cbc16775",
"pin": "sha256:8dc668e7f66db1c044aadbed306020743516a94848793e0f81f94a087ee78cab" "size": 1113,
"annotations": {
"vnd.docker.reference.digest": "sha256:d62bb533d95afe17c4a9caf1e7c57a3b0a7a67409ccfa7af947aeb0f670ffb87",
"vnd.docker.reference.type": "attestation-manifest"
},
"platform": {
"architecture": "unknown",
"os": "unknown"
}
}, },
{ {
"type": "docker-image", "mediaType": "application/vnd.oci.image.manifest.v1+json",
"ref": "docker.io/tonistiigi/xx@sha256:21a61be4744f6531cb5f33b0e6f40ede41fa3a1b8c82d5946178f80cc84bfc04", "digest": "sha256:985a3f4544dfb042db6a8703f5f76438667dd7958aba14cb04bebe3b4cbd9307",
"pin": "sha256:21a61be4744f6531cb5f33b0e6f40ede41fa3a1b8c82d5946178f80cc84bfc04" "size": 1113,
"annotations": {
"vnd.docker.reference.digest": "sha256:b4944057e0c68203cdcc3dceff3b2df3c7d9e3dd801724fa977b01081da7771e",
"vnd.docker.reference.type": "attestation-manifest"
},
"platform": {
"architecture": "unknown",
"os": "unknown"
}
},
{
"mediaType": "application/vnd.oci.image.manifest.v1+json",
"digest": "sha256:cfccb6afeede7dc29bf8abef4815d56f2723fa482ea63c9cd519cd991c379294",
"size": 1113,
"annotations": {
"vnd.docker.reference.digest": "sha256:825702a51eb4234904fc9253d8b0bf0a584787ffd8fc3fd6fa374188233ce399",
"vnd.docker.reference.type": "attestation-manifest"
},
"platform": {
"architecture": "unknown",
"os": "unknown"
}
}, },
{ {
"type": "http", "mediaType": "application/vnd.oci.image.manifest.v1+json",
"ref": "https://raw.githubusercontent.com/moby/moby/master/README.md", "digest": "sha256:2e93733432c6a14cb57db33928b3a17d7ca298b3babe24d9f56dca2754dbde3b",
"pin": "sha256:419455202b0ef97e480d7f8199b26a721a417818bc0e2d106975f74323f25e6c" "size": 1113,
"annotations": {
"vnd.docker.reference.digest": "sha256:dfb27c6acc9b9f3a7c9d47366d137089565062f43c8063c9f5e408d34c87ee4a",
"vnd.docker.reference.type": "attestation-manifest"
},
"platform": {
"architecture": "unknown",
"os": "unknown"
}
} }
] ]
} }
``` ```
Following command provides [SLSA](https://github.com/moby/buildkit/blob/master/docs/attestations/slsa-provenance.md) JSON output:
```console ```console
$ docker buildx imagetools inspect crazymax/buildx:buildinfo --format "{{json .}}" $ docker buildx imagetools inspect crazymax/buildkit:attest --format "{{json .SLSA}}"
``` ```
```json ```json
{ {
"name": "crazymax/buildx:buildinfo", "Provenance": {
"_type": "https://in-toto.io/Statement/v0.1",
"predicateType": "https://slsa.dev/provenance/v0.2",
"subject": [
{
"name": "pkg:docker/crazymax/buildkit@attest?platform=linux%2Famd64",
"digest": {
"sha256": "fbd10fe50b4b174bb9ea273e2eb9827fa8bf5c88edd8635a93dc83e0d1aecb55"
}
}
],
"predicate": {
"builder": {
"id": ""
},
"buildType": "https://mobyproject.org/buildkit@v1",
"materials": [
{
"uri": "pkg:docker/docker/buildkit-syft-scanner@stable-1",
"digest": {
"sha256": "b45f1d207e16c3a3a5a10b254ad8ad358d01f7ea090d382b95c6b2ee2b3ef765"
}
},
{
"uri": "pkg:docker/alpine@latest?platform=linux%2Famd64",
"digest": {
"sha256": "8914eb54f968791faf6a8638949e480fef81e697984fba772b3976835194c6d4"
}
}
],
"invocation": {
"configSource": {},
"parameters": {
"frontend": "dockerfile.v0",
"locals": [
{
"name": "context"
},
{
"name": "dockerfile"
}
]
},
"environment": {
"platform": "linux/amd64"
}
},
"metadata": {
"buildInvocationID": "02tdha2xkbxvin87mz9drhag4",
"buildStartedOn": "2022-12-01T11:50:07.264704131Z",
"buildFinishedOn": "2022-12-01T11:50:08.243788739Z",
"reproducible": false,
"completeness": {
"parameters": true,
"environment": true,
"materials": false
},
"https://mobyproject.org/buildkit@v1#metadata": {}
}
}
}
}
```
Following command provides [SBOM](https://github.com/moby/buildkit/blob/master/docs/attestations/sbom.md) JSON output:
```console
$ docker buildx imagetools inspect crazymax/buildkit:attest --format "{{json .SBOM}}"
```
```json
{
"SPDX": {
"_type": "https://in-toto.io/Statement/v0.1",
"predicateType": "https://spdx.dev/Document",
"subject": [
{
"name": "pkg:docker/crazymax/buildkit@attest?platform=linux%2Famd64",
"digest": {
"sha256": "fbd10fe50b4b174bb9ea273e2eb9827fa8bf5c88edd8635a93dc83e0d1aecb55"
}
}
],
"predicate": {
"SPDXID": "SPDXRef-DOCUMENT",
"creationInfo": {
"created": "2022-12-01T11:46:48.063400162Z",
"creators": [
"Tool: syft-v0.60.3",
"Tool: buildkit-1ace2bb",
"Organization: Anchore, Inc"
],
"licenseListVersion": "3.18"
},
"dataLicense": "CC0-1.0",
"documentNamespace": "https://anchore.com/syft/dir/run/src/core-0a4ccc6d-1a72-4c3a-a40e-3df1a2ffca94",
"files": [...],
"spdxVersion": "SPDX-2.2"
}
}
}
```
```console
$ docker buildx imagetools inspect crazymax/buildkit:attest --format "{{json .}}"
```
```json
{
"name": "crazymax/buildkit:attest",
"manifest": { "manifest": {
"mediaType": "application/vnd.docker.distribution.manifest.v2+json", "schemaVersion": 2,
"digest": "sha256:899d2c7acbc124d406820857bb51d9089717bbe4e22b97eb4bc5789e99f09f83", "mediaType": "application/vnd.oci.image.index.v1+json",
"size": 2628 "digest": "sha256:7007b387ccd52bd42a050f2e8020e56e64622c9269bf7bbe257b326fe99daf19",
"size": 855,
"manifests": [
{
"mediaType": "application/vnd.oci.image.manifest.v1+json",
"digest": "sha256:fbd10fe50b4b174bb9ea273e2eb9827fa8bf5c88edd8635a93dc83e0d1aecb55",
"size": 673,
"platform": {
"architecture": "amd64",
"os": "linux"
}
},
{
"mediaType": "application/vnd.oci.image.manifest.v1+json",
"digest": "sha256:a9de632c16998489fd63fbca42a03431df00639cfb2ecb8982bf9984b83c5b2b",
"size": 839,
"annotations": {
"vnd.docker.reference.digest": "sha256:fbd10fe50b4b174bb9ea273e2eb9827fa8bf5c88edd8635a93dc83e0d1aecb55",
"vnd.docker.reference.type": "attestation-manifest"
},
"platform": {
"architecture": "unknown",
"os": "unknown"
}
}
]
}, },
"image": { "image": {
"created": "2022-02-24T12:27:43.627154558Z", "created": "2022-12-01T11:46:47.713777178Z",
"architecture": "amd64", "architecture": "amd64",
"os": "linux", "os": "linux",
"config": { "config": {
"Env": [ "Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
"DOCKER_TLS_CERTDIR=/certs",
"DOCKER_CLI_EXPERIMENTAL=enabled"
],
"Entrypoint": [
"docker-entrypoint.sh"
], ],
"Cmd": [ "Cmd": [
"sh" "/bin/sh"
] ]
}, },
"rootfs": { "rootfs": {
"type": "layers", "type": "layers",
"diff_ids": [ "diff_ids": [
"sha256:7fcb75871b2101082203959c83514ac8a9f4ecfee77a0fe9aa73bbe56afdf1b4", "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf",
"sha256:d3c0b963ff5684160641f936d6a4aa14efc8ff27b6edac255c07f2d03ff92e82", "sha256:d85d09ab4b4e921666ccc2db8532e857bf3476b7588e52c9c17741d7af14204f"
"sha256:3f8d78f13fa9b1f35d3bc3f1351d03a027c38018c37baca73f93eecdea17f244",
"sha256:8e6eb1137b182ae0c3f5d40ca46341fda2eaeeeb5fa516a9a2bf96171238e2e0",
"sha256:fde4c869a56b54dd76d7352ddaa813fd96202bda30b9dceb2c2f2ad22fa2e6ce",
"sha256:52025823edb284321af7846419899234b3c66219bf06061692b709875ed0760f",
"sha256:50adb5982dbf6126c7cf279ac3181d1e39fc9116b610b947a3dadae6f7e7c5bc",
"sha256:9801c319e1c66c5d295e78b2d3e80547e73c7e3c63a4b71e97c8ca357224af24",
"sha256:dfbfac44d5d228c49b42194c8a2f470abd6916d072f612a6fb14318e94fde8ae",
"sha256:3dfb74e19dedf61568b917c19b0fd3ee4580870027ca0b6054baf239855d1322",
"sha256:b182e707c23e4f19be73f9022a99d2d1ca7bf1ca8f280d40e4d1c10a6f51550e"
] ]
}, },
"history": [ "history": [
{ {
"created": "2021-11-12T17:19:58.698676655Z", "created": "2022-11-22T22:19:28.870801855Z",
"created_by": "/bin/sh -c #(nop) ADD file:5a707b9d6cb5fff532e4c2141bc35707593f21da5528c9e71ae2ddb6ba4a4eb6 in / " "created_by": "/bin/sh -c #(nop) ADD file:587cae71969871d3c6456d844a8795df9b64b12c710c275295a1182b46f630e7 in / "
}, },
{ {
"created": "2021-11-12T17:19:58.948920855Z", "created": "2022-11-22T22:19:29.008562326Z",
"created_by": "/bin/sh -c #(nop) CMD [\"/bin/sh\"]", "created_by": "/bin/sh -c #(nop) CMD [\"/bin/sh\"]",
"empty_layer": true "empty_layer": true
}, },
{ {
"created": "2022-02-24T12:27:38.285594601Z", "created": "2022-12-01T11:46:47.713777178Z",
"created_by": "RUN /bin/sh -c apk --update --no-cache add bash ca-certificates openssh-client \u0026\u0026 rm -rf /tmp/* /var/cache/apk/* # buildkit", "created_by": "RUN /bin/sh -c apk add curl # buildkit",
"comment": "buildkit.dockerfile.v0"
},
{
"created": "2022-02-24T12:27:41.061874167Z",
"created_by": "COPY /opt/docker/ /usr/local/bin/ # buildkit",
"comment": "buildkit.dockerfile.v0"
},
{
"created": "2022-02-24T12:27:41.174098947Z",
"created_by": "COPY /usr/bin/buildctl /usr/local/bin/buildctl # buildkit",
"comment": "buildkit.dockerfile.v0"
},
{
"created": "2022-02-24T12:27:41.320343683Z",
"created_by": "COPY /usr/bin/buildkit* /usr/local/bin/ # buildkit",
"comment": "buildkit.dockerfile.v0"
},
{
"created": "2022-02-24T12:27:41.447149933Z",
"created_by": "COPY /buildx /usr/libexec/docker/cli-plugins/docker-buildx # buildkit",
"comment": "buildkit.dockerfile.v0"
},
{
"created": "2022-02-24T12:27:43.057722191Z",
"created_by": "COPY /opt/docker-compose /usr/libexec/docker/cli-plugins/docker-compose # buildkit",
"comment": "buildkit.dockerfile.v0"
},
{
"created": "2022-02-24T12:27:43.145224134Z",
"created_by": "ADD https://raw.githubusercontent.com/moby/moby/master/README.md / # buildkit",
"comment": "buildkit.dockerfile.v0"
},
{
"created": "2022-02-24T12:27:43.422212427Z",
"created_by": "ENV DOCKER_TLS_CERTDIR=/certs",
"comment": "buildkit.dockerfile.v0",
"empty_layer": true
},
{
"created": "2022-02-24T12:27:43.422212427Z",
"created_by": "ENV DOCKER_CLI_EXPERIMENTAL=enabled",
"comment": "buildkit.dockerfile.v0",
"empty_layer": true
},
{
"created": "2022-02-24T12:27:43.422212427Z",
"created_by": "RUN /bin/sh -c docker --version \u0026\u0026 buildkitd --version \u0026\u0026 buildctl --version \u0026\u0026 docker buildx version \u0026\u0026 docker compose version \u0026\u0026 mkdir /certs /certs/client \u0026\u0026 chmod 1777 /certs /certs/client # buildkit",
"comment": "buildkit.dockerfile.v0"
},
{
"created": "2022-02-24T12:27:43.514320155Z",
"created_by": "COPY rootfs/modprobe.sh /usr/local/bin/modprobe # buildkit",
"comment": "buildkit.dockerfile.v0" "comment": "buildkit.dockerfile.v0"
},
{
"created": "2022-02-24T12:27:43.627154558Z",
"created_by": "COPY rootfs/docker-entrypoint.sh /usr/local/bin/ # buildkit",
"comment": "buildkit.dockerfile.v0"
},
{
"created": "2022-02-24T12:27:43.627154558Z",
"created_by": "ENTRYPOINT [\"docker-entrypoint.sh\"]",
"comment": "buildkit.dockerfile.v0",
"empty_layer": true
},
{
"created": "2022-02-24T12:27:43.627154558Z",
"created_by": "CMD [\"sh\"]",
"comment": "buildkit.dockerfile.v0",
"empty_layer": true
} }
] ]
}, },
"buildinfo": { "SLSA": {
"frontend": "dockerfile.v0", "Provenance": {
"attrs": { "_type": "https://in-toto.io/Statement/v0.1",
"build-arg:bar": "foo", "predicateType": "https://slsa.dev/provenance/v0.2",
"build-arg:foo": "bar", "subject": [
"filename": "Dockerfile", {
"source": "docker/dockerfile-upstream:master-labs" "name": "pkg:docker/crazymax/buildkit@attest?platform=linux%2Famd64",
}, "digest": {
"sources": [ "sha256": "fbd10fe50b4b174bb9ea273e2eb9827fa8bf5c88edd8635a93dc83e0d1aecb55"
{ }
"type": "docker-image", }
"ref": "docker.io/docker/buildx-bin:0.6.1@sha256:a652ced4a4141977c7daaed0a074dcd9844a78d7d2615465b12f433ae6dd29f0", ],
"pin": "sha256:a652ced4a4141977c7daaed0a074dcd9844a78d7d2615465b12f433ae6dd29f0" "predicate": {
}, "builder": {
{ "id": ""
"type": "docker-image", },
"ref": "docker.io/library/alpine:3.13", "buildType": "https://mobyproject.org/buildkit@v1",
"pin": "sha256:026f721af4cf2843e07bba648e158fb35ecc876d822130633cc49f707f0fc88c" "materials": [
}, {
{ "uri": "pkg:docker/docker/buildkit-syft-scanner@stable-1",
"type": "docker-image", "digest": {
"ref": "docker.io/moby/buildkit:v0.9.0", "sha256": "b45f1d207e16c3a3a5a10b254ad8ad358d01f7ea090d382b95c6b2ee2b3ef765"
"pin": "sha256:8dc668e7f66db1c044aadbed306020743516a94848793e0f81f94a087ee78cab" }
}, },
{ {
"type": "docker-image", "uri": "pkg:docker/alpine@latest?platform=linux%2Famd64",
"ref": "docker.io/tonistiigi/xx@sha256:21a61be4744f6531cb5f33b0e6f40ede41fa3a1b8c82d5946178f80cc84bfc04", "digest": {
"pin": "sha256:21a61be4744f6531cb5f33b0e6f40ede41fa3a1b8c82d5946178f80cc84bfc04" "sha256": "8914eb54f968791faf6a8638949e480fef81e697984fba772b3976835194c6d4"
}, }
{ }
"type": "http", ],
"ref": "https://raw.githubusercontent.com/moby/moby/master/README.md", "invocation": {
"pin": "sha256:419455202b0ef97e480d7f8199b26a721a417818bc0e2d106975f74323f25e6c" "configSource": {},
"parameters": {
"frontend": "dockerfile.v0",
"locals": [
{
"name": "context"
},
{
"name": "dockerfile"
}
]
},
"environment": {
"platform": "linux/amd64"
}
},
"metadata": {
"buildInvocationID": "02tdha2xkbxvin87mz9drhag4",
"buildStartedOn": "2022-12-01T11:50:07.264704131Z",
"buildFinishedOn": "2022-12-01T11:50:08.243788739Z",
"reproducible": false,
"completeness": {
"parameters": true,
"environment": true,
"materials": false
},
"https://mobyproject.org/buildkit@v1#metadata": {}
}
} }
] }
},
"SBOM": {
"SPDX": {
"_type": "https://in-toto.io/Statement/v0.1",
"predicateType": "https://spdx.dev/Document",
"subject": [
{
"name": "pkg:docker/crazymax/buildkit@attest?platform=linux%2Famd64",
"digest": {
"sha256": "fbd10fe50b4b174bb9ea273e2eb9827fa8bf5c88edd8635a93dc83e0d1aecb55"
}
}
],
"predicate": {
"SPDXID": "SPDXRef-DOCUMENT",
"creationInfo": {
"created": "2022-12-01T11:46:48.063400162Z",
"creators": [
"Tool: syft-v0.60.3",
"Tool: buildkit-1ace2bb",
"Organization: Anchore, Inc"
],
"licenseListVersion": "3.18"
},
"dataLicense": "CC0-1.0",
"documentNamespace": "https://anchore.com/syft/dir/run/src/core-0a4ccc6d-1a72-4c3a-a40e-3df1a2ffca94",
"files": [...],
"spdxVersion": "SPDX-2.2"
}
}
} }
} }
``` ```
#### Multi-platform #### Multi-platform
Multi-platform images are supported for `.Image` and `.BuildInfo` fields. If Multi-platform images are supported for `.Image`, `.SLSA` and `.SBOM` fields.
you want to pick up a specific platform, you can specify it using the `index` If you want to pick up a specific platform, you can specify it using the `index`
go template function: go template function:
```console ```console
@ -462,7 +572,7 @@ $ docker buildx imagetools inspect --format '{{json (index .Image "linux/s390x")
``` ```
```json ```json
{ {
"created": "2022-02-25T17:13:27.89891722Z", "created": "2022-11-30T17:42:26.414957336Z",
"architecture": "s390x", "architecture": "s390x",
"os": "linux", "os": "linux",
"config": { "config": {
@ -481,8 +591,8 @@ $ docker buildx imagetools inspect --format '{{json (index .Image "linux/s390x")
"diff_ids": [ "diff_ids": [
"sha256:41048e32d0684349141cf05f629c5fc3c5915d1f3426b66dbb8953a540e01e1e", "sha256:41048e32d0684349141cf05f629c5fc3c5915d1f3426b66dbb8953a540e01e1e",
"sha256:2651209b9208fff6c053bc3c17353cb07874e50f1a9bc96d6afd03aef63de76a", "sha256:2651209b9208fff6c053bc3c17353cb07874e50f1a9bc96d6afd03aef63de76a",
"sha256:6741ed7e73039d853fa8902246a4c7e8bf9dd09652fd1b08251bc5f9e8876a7f", "sha256:88577322e65f094ce8ac27435880f1a8a9baadb569258026bb141770451bafcb",
"sha256:92ac046adeeb65c86ae3f0b458dee04ad4a462e417661c04d77642c66494f69b" "sha256:de8f9a790e4ed10ff1f1f8ea923c9da4f97246a7e200add2dc6650eba3f10a20"
] ]
}, },
"history": [ "history": [
@ -501,23 +611,23 @@ $ docker buildx imagetools inspect --format '{{json (index .Image "linux/s390x")
"comment": "buildkit.dockerfile.v0" "comment": "buildkit.dockerfile.v0"
}, },
{ {
"created": "2022-02-24T00:34:00.924540012Z", "created": "2022-08-25T00:39:25.652811078Z",
"created_by": "COPY examples/buildctl-daemonless/buildctl-daemonless.sh /usr/bin/ # buildkit", "created_by": "COPY examples/buildctl-daemonless/buildctl-daemonless.sh /usr/bin/ # buildkit",
"comment": "buildkit.dockerfile.v0" "comment": "buildkit.dockerfile.v0"
}, },
{ {
"created": "2022-02-25T17:13:27.89891722Z", "created": "2022-11-30T17:42:26.414957336Z",
"created_by": "VOLUME [/var/lib/buildkit]", "created_by": "VOLUME [/var/lib/buildkit]",
"comment": "buildkit.dockerfile.v0", "comment": "buildkit.dockerfile.v0",
"empty_layer": true "empty_layer": true
}, },
{ {
"created": "2022-02-25T17:13:27.89891722Z", "created": "2022-11-30T17:42:26.414957336Z",
"created_by": "COPY / /usr/bin/ # buildkit", "created_by": "COPY / /usr/bin/ # buildkit",
"comment": "buildkit.dockerfile.v0" "comment": "buildkit.dockerfile.v0"
}, },
{ {
"created": "2022-02-25T17:13:27.89891722Z", "created": "2022-11-30T17:42:26.414957336Z",
"created_by": "ENTRYPOINT [\"buildkitd\"]", "created_by": "ENTRYPOINT [\"buildkitd\"]",
"comment": "buildkit.dockerfile.v0", "comment": "buildkit.dockerfile.v0",
"empty_layer": true "empty_layer": true
@ -541,24 +651,24 @@ $ docker buildx imagetools inspect --raw crazymax/loop | jq
"schemaVersion": 2, "schemaVersion": 2,
"config": { "config": {
"mediaType": "application/vnd.docker.container.image.v1+json", "mediaType": "application/vnd.docker.container.image.v1+json",
"digest": "sha256:7ace7d324e79b360b2db8b820d83081863d96d22e734cdf297a8e7fd83f6ceb3", "digest": "sha256:a98999183d2c7a8845f6d56496e51099ce6e4359ee7255504174b05430c4b78b",
"size": 2298 "size": 2762
}, },
"layers": [ "layers": [
{ {
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"digest": "sha256:5843afab387455b37944e709ee8c78d7520df80f8d01cf7f861aae63beeddb6b", "digest": "sha256:8663204ce13b2961da55026a2034abb9e5afaaccf6a9cfb44ad71406dcd07c7b",
"size": 2811478 "size": 2818370
}, },
{ {
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"digest": "sha256:726d3732a87e1c430d67e8969de6b222a889d45e045ebae1a008a37ba38f3b1f", "digest": "sha256:f0868a92f8e1e5018ed4e60eb845ed4ff0e2229897f4105e5a4735c1d6fd874f",
"size": 1776812 "size": 1821402
}, },
{ {
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"digest": "sha256:5d7cf9b33148a8f220c84f27dd2cfae46aca019a3ea3fbf7274f6d6dbfae8f3b", "digest": "sha256:d010066dbdfcf7c12fca30cd4b567aa7218eb6762ab53169d043655b7a8d7f2e",
"size": 382855 "size": 404457
} }
] ]
} }
@ -574,7 +684,7 @@ $ docker buildx imagetools inspect --raw moby/buildkit:master | jq
"manifests": [ "manifests": [
{ {
"mediaType": "application/vnd.docker.distribution.manifest.v2+json", "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
"digest": "sha256:667d28c9fb33820ce686887a717a148e89fa77f9097f9352996bbcce99d352b1", "digest": "sha256:f9f41c85124686c2afe330a985066748a91d7a5d505777fe274df804ab5e077e",
"size": 1158, "size": 1158,
"platform": { "platform": {
"architecture": "amd64", "architecture": "amd64",
@ -583,7 +693,7 @@ $ docker buildx imagetools inspect --raw moby/buildkit:master | jq
}, },
{ {
"mediaType": "application/vnd.docker.distribution.manifest.v2+json", "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
"digest": "sha256:71789527b64ab3d7b3de01d364b449cd7f7a3da758218fbf73b9c9aae05a6775", "digest": "sha256:82097c2be19c617aafb3c3e43c88548738d4b2bf3db5c36666283a918b390266",
"size": 1158, "size": 1158,
"platform": { "platform": {
"architecture": "arm", "architecture": "arm",
@ -593,7 +703,7 @@ $ docker buildx imagetools inspect --raw moby/buildkit:master | jq
}, },
{ {
"mediaType": "application/vnd.docker.distribution.manifest.v2+json", "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
"digest": "sha256:fb64667e1ce6ab0d05478f3a8402af07b27737598dcf9a510fb1d792b13a66be", "digest": "sha256:b6b91e6c823d7220ded7d3b688e571ba800b13d91bbc904c1d8053593e3ee42c",
"size": 1158, "size": 1158,
"platform": { "platform": {
"architecture": "arm64", "architecture": "arm64",
@ -602,7 +712,7 @@ $ docker buildx imagetools inspect --raw moby/buildkit:master | jq
}, },
{ {
"mediaType": "application/vnd.docker.distribution.manifest.v2+json", "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
"digest": "sha256:1c3ddf95a0788e23f72f25800c05abc4458946685e2b66788c3d978cde6da92b", "digest": "sha256:797061bcc16778de048b96f769c018ec24da221088050bbe926ea3b8d51d77e8",
"size": 1158, "size": 1158,
"platform": { "platform": {
"architecture": "s390x", "architecture": "s390x",
@ -611,7 +721,7 @@ $ docker buildx imagetools inspect --raw moby/buildkit:master | jq
}, },
{ {
"mediaType": "application/vnd.docker.distribution.manifest.v2+json", "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
"digest": "sha256:05bcde6d460a284e5bc88026cd070277e8380355de3126cbc8fe8a452708c6b1", "digest": "sha256:b93d3a84d18c4d0b8c279e77343d854d9b5177df7ea55cf468d461aa2523364e",
"size": 1159, "size": 1159,
"platform": { "platform": {
"architecture": "ppc64le", "architecture": "ppc64le",
@ -620,7 +730,7 @@ $ docker buildx imagetools inspect --raw moby/buildkit:master | jq
}, },
{ {
"mediaType": "application/vnd.docker.distribution.manifest.v2+json", "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
"digest": "sha256:c04c57765304ab84f4f9807fff3e11605c3a60e16435c734b02c723680f6bd6e", "digest": "sha256:d5c950dd1b270d437c838187112a0cb44c9258248d7a3a8bcb42fae8f717dc01",
"size": 1158, "size": 1158,
"platform": { "platform": {
"architecture": "riscv64", "architecture": "riscv64",

@ -0,0 +1,357 @@
package imagetools
// TODO: replace with go-imageinspect library when public
import (
"context"
"encoding/json"
"sort"
"strings"
"sync"
"github.com/containerd/containerd/content"
"github.com/containerd/containerd/images"
"github.com/containerd/containerd/platforms"
"github.com/containerd/containerd/remotes"
"github.com/docker/distribution/reference"
"github.com/moby/buildkit/util/contentutil"
"github.com/opencontainers/go-digest"
ocispec "github.com/opencontainers/image-spec/specs-go/v1"
"github.com/pkg/errors"
"golang.org/x/sync/errgroup"
)
const (
annotationReference = "vnd.docker.reference.digest"
)
type contentCache interface {
content.Provider
content.Ingester
}
type loader struct {
resolver remotes.Resolver
cache contentCache
}
type manifest struct {
desc ocispec.Descriptor
manifest ocispec.Manifest
}
type index struct {
desc ocispec.Descriptor
index ocispec.Index
}
type asset struct {
config *ocispec.Image
sbom *sbomStub
slsa *slsaStub
}
type result struct {
mu sync.Mutex
indexes map[digest.Digest]index
manifests map[digest.Digest]manifest
images map[string]digest.Digest
refs map[digest.Digest][]digest.Digest
platforms []string
assets map[string]asset
}
func newLoader(resolver remotes.Resolver) *loader {
return &loader{
resolver: resolver,
cache: contentutil.NewBuffer(),
}
}
func (l *loader) Load(ctx context.Context, ref string) (*result, error) {
named, err := parseRef(ref)
if err != nil {
return nil, err
}
_, desc, err := l.resolver.Resolve(ctx, named.String())
if err != nil {
return nil, err
}
canonical, err := reference.WithDigest(named, desc.Digest)
if err != nil {
return nil, err
}
fetcher, err := l.resolver.Fetcher(ctx, canonical.String())
if err != nil {
return nil, err
}
r := &result{
indexes: make(map[digest.Digest]index),
manifests: make(map[digest.Digest]manifest),
images: make(map[string]digest.Digest),
refs: make(map[digest.Digest][]digest.Digest),
assets: make(map[string]asset),
}
if err := l.fetch(ctx, fetcher, desc, r); err != nil {
return nil, err
}
for platform, dgst := range r.images {
r.platforms = append(r.platforms, platform)
mfst, ok := r.manifests[dgst]
if !ok {
return nil, errors.Errorf("image %s not found", platform)
}
var a asset
annotations := make(map[string]string, len(mfst.manifest.Annotations)+len(mfst.desc.Annotations))
for k, v := range mfst.desc.Annotations {
annotations[k] = v
}
for k, v := range mfst.manifest.Annotations {
annotations[k] = v
}
if err := l.scanConfig(ctx, fetcher, mfst.manifest.Config, &a); err != nil {
return nil, err
}
refs, ok := r.refs[dgst]
if ok {
if err := l.scanSBOM(ctx, fetcher, r, refs, &a); err != nil {
return nil, err
}
}
if err := l.scanProvenance(ctx, fetcher, r, refs, &a); err != nil {
return nil, err
}
r.assets[platform] = a
}
sort.Strings(r.platforms)
return r, nil
}
func (l *loader) fetch(ctx context.Context, fetcher remotes.Fetcher, desc ocispec.Descriptor, r *result) error {
_, err := remotes.FetchHandler(l.cache, fetcher)(ctx, desc)
if err != nil {
return err
}
switch desc.MediaType {
case images.MediaTypeDockerSchema2Manifest, ocispec.MediaTypeImageManifest:
var mfst ocispec.Manifest
dt, err := content.ReadBlob(ctx, l.cache, desc)
if err != nil {
return err
}
if err := json.Unmarshal(dt, &mfst); err != nil {
return err
}
r.mu.Lock()
r.manifests[desc.Digest] = manifest{
desc: desc,
manifest: mfst,
}
r.mu.Unlock()
ref, ok := desc.Annotations[annotationReference]
if ok {
refdgst, err := digest.Parse(ref)
if err != nil {
return err
}
r.mu.Lock()
r.refs[refdgst] = append(r.refs[refdgst], desc.Digest)
r.mu.Unlock()
} else {
p := desc.Platform
if p == nil {
p, err = l.readPlatformFromConfig(ctx, fetcher, mfst.Config)
if err != nil {
return err
}
}
r.mu.Lock()
r.images[platforms.Format(platforms.Normalize(*p))] = desc.Digest
r.mu.Unlock()
}
case images.MediaTypeDockerSchema2ManifestList, ocispec.MediaTypeImageIndex:
var idx ocispec.Index
dt, err := content.ReadBlob(ctx, l.cache, desc)
if err != nil {
return err
}
if err := json.Unmarshal(dt, &idx); err != nil {
return err
}
r.mu.Lock()
r.indexes[desc.Digest] = index{
desc: desc,
index: idx,
}
r.mu.Unlock()
eg, ctx := errgroup.WithContext(ctx)
for _, d := range idx.Manifests {
d := d
eg.Go(func() error {
return l.fetch(ctx, fetcher, d, r)
})
}
if err := eg.Wait(); err != nil {
return err
}
default:
}
return nil
}
func (l *loader) readPlatformFromConfig(ctx context.Context, fetcher remotes.Fetcher, desc ocispec.Descriptor) (*ocispec.Platform, error) {
_, err := remotes.FetchHandler(l.cache, fetcher)(ctx, desc)
if err != nil {
return nil, err
}
dt, err := content.ReadBlob(ctx, l.cache, desc)
if err != nil {
return nil, err
}
var config ocispec.Image
if err := json.Unmarshal(dt, &config); err != nil {
return nil, err
}
return &ocispec.Platform{
OS: config.OS,
Architecture: config.Architecture,
Variant: config.Variant,
}, nil
}
func (l *loader) scanConfig(ctx context.Context, fetcher remotes.Fetcher, desc ocispec.Descriptor, as *asset) error {
_, err := remotes.FetchHandler(l.cache, fetcher)(ctx, desc)
if err != nil {
return err
}
dt, err := content.ReadBlob(ctx, l.cache, desc)
if err != nil {
return err
}
return json.Unmarshal(dt, &as.config)
}
type sbomStub struct {
SPDX json.RawMessage `json:",omitempty"`
}
func (l *loader) scanSBOM(ctx context.Context, fetcher remotes.Fetcher, r *result, refs []digest.Digest, as *asset) error {
ctx = remotes.WithMediaTypeKeyPrefix(ctx, "application/vnd.in-toto+json", "intoto")
for _, dgst := range refs {
mfst, ok := r.manifests[dgst]
if !ok {
return errors.Errorf("referenced image %s not found", dgst)
}
for _, layer := range mfst.manifest.Layers {
if layer.MediaType == "application/vnd.in-toto+json" && layer.Annotations["in-toto.io/predicate-type"] == "https://spdx.dev/Document" {
_, err := remotes.FetchHandler(l.cache, fetcher)(ctx, layer)
if err != nil {
return err
}
dt, err := content.ReadBlob(ctx, l.cache, layer)
if err != nil {
return err
}
as.sbom = &sbomStub{
SPDX: dt,
}
}
}
}
return nil
}
type slsaStub struct {
Provenance json.RawMessage `json:",omitempty"`
}
func (l *loader) scanProvenance(ctx context.Context, fetcher remotes.Fetcher, r *result, refs []digest.Digest, as *asset) error {
ctx = remotes.WithMediaTypeKeyPrefix(ctx, "application/vnd.in-toto+json", "intoto")
for _, dgst := range refs {
mfst, ok := r.manifests[dgst]
if !ok {
return errors.Errorf("referenced image %s not found", dgst)
}
for _, layer := range mfst.manifest.Layers {
if layer.MediaType == "application/vnd.in-toto+json" && strings.HasPrefix(layer.Annotations["in-toto.io/predicate-type"], "https://slsa.dev/provenance/") {
_, err := remotes.FetchHandler(l.cache, fetcher)(ctx, layer)
if err != nil {
return err
}
dt, err := content.ReadBlob(ctx, l.cache, layer)
if err != nil {
return err
}
as.slsa = &slsaStub{
Provenance: dt,
}
}
}
}
return nil
}
func (r *result) Configs() map[string]*ocispec.Image {
if len(r.assets) == 0 {
return nil
}
res := make(map[string]*ocispec.Image)
for p, a := range r.assets {
if a.config == nil {
continue
}
res[p] = a.config
}
return res
}
func (r *result) SLSA() map[string]slsaStub {
if len(r.assets) == 0 {
return nil
}
res := make(map[string]slsaStub)
for p, a := range r.assets {
if a.slsa == nil {
continue
}
res[p] = *a.slsa
}
return res
}
func (r *result) SBOM() map[string]sbomStub {
if len(r.assets) == 0 {
return nil
}
res := make(map[string]sbomStub)
for p, a := range r.assets {
if a.sbom == nil {
continue
}
res[p] = *a.sbom
}
return res
}

@ -6,20 +6,15 @@ import (
"fmt" "fmt"
"io" "io"
"os" "os"
"sort"
"strings" "strings"
"sync"
"text/tabwriter" "text/tabwriter"
"text/template" "text/template"
"github.com/containerd/containerd/images" "github.com/containerd/containerd/images"
"github.com/containerd/containerd/platforms" "github.com/containerd/containerd/platforms"
"github.com/docker/distribution/reference" "github.com/docker/distribution/reference"
binfotypes "github.com/moby/buildkit/util/buildinfo/types"
"github.com/moby/buildkit/util/imageutil"
"github.com/opencontainers/go-digest" "github.com/opencontainers/go-digest"
ocispecs "github.com/opencontainers/image-spec/specs-go/v1" ocispecs "github.com/opencontainers/image-spec/specs-go/v1"
"golang.org/x/sync/errgroup"
) )
const defaultPfx = " " const defaultPfx = " "
@ -31,11 +26,10 @@ type Printer struct {
name string name string
format string format string
raw []byte raw []byte
ref reference.Named ref reference.Named
manifest ocispecs.Descriptor manifest ocispecs.Descriptor
index ocispecs.Index index ocispecs.Index
platforms []ocispecs.Platform
} }
func NewPrinter(ctx context.Context, opt Opt, name string, format string) (*Printer, error) { func NewPrinter(ctx context.Context, opt Opt, name string, format string) (*Printer, error) {
@ -46,38 +40,25 @@ func NewPrinter(ctx context.Context, opt Opt, name string, format string) (*Prin
return nil, err return nil, err
} }
dt, manifest, err := resolver.Get(ctx, name) dt, mfst, err := resolver.Get(ctx, ref.String())
if err != nil { if err != nil {
return nil, err return nil, err
} }
var index ocispecs.Index var idx ocispecs.Index
if err = json.Unmarshal(dt, &index); err != nil { if err = json.Unmarshal(dt, &idx); err != nil {
return nil, err return nil, err
} }
var pforms []ocispecs.Platform
switch manifest.MediaType {
case images.MediaTypeDockerSchema2ManifestList, ocispecs.MediaTypeImageIndex:
for _, m := range index.Manifests {
if m.Platform != nil {
pforms = append(pforms, *m.Platform)
}
}
default:
pforms = append(pforms, platforms.DefaultSpec())
}
return &Printer{ return &Printer{
ctx: ctx, ctx: ctx,
resolver: resolver, resolver: resolver,
name: name, name: name,
format: format, format: format,
raw: dt, raw: dt,
ref: ref, ref: ref,
manifest: manifest, manifest: mfst,
index: index, index: idx,
platforms: pforms,
}, nil }, nil
} }
@ -102,6 +83,11 @@ func (p *Printer) Print(raw bool, out io.Writer) error {
return nil return nil
} }
res, err := newLoader(p.resolver.resolver()).Load(p.ctx, p.name)
if err != nil {
return err
}
tpl, err := template.New("").Funcs(template.FuncMap{ tpl, err := template.New("").Funcs(template.FuncMap{
"json": func(v interface{}) string { "json": func(v interface{}) string {
b, _ := json.MarshalIndent(v, "", " ") b, _ := json.MarshalIndent(v, "", " ")
@ -112,46 +98,17 @@ func (p *Printer) Print(raw bool, out io.Writer) error {
return err return err
} }
imageconfigs := make(map[string]*ocispecs.Image) imageconfigs := res.Configs()
imageconfigsMutex := sync.Mutex{} slsas := res.SLSA()
buildinfos := make(map[string]*binfotypes.BuildInfo) sboms := res.SBOM()
buildinfosMutex := sync.Mutex{}
eg, _ := errgroup.WithContext(p.ctx)
for _, platform := range p.platforms {
func(platform ocispecs.Platform) {
eg.Go(func() error {
img, dtic, err := p.getImageConfig(&platform)
if err != nil {
return err
} else if img != nil {
imageconfigsMutex.Lock()
imageconfigs[platforms.Format(platform)] = img
imageconfigsMutex.Unlock()
}
if bi, err := imageutil.BuildInfo(dtic); err != nil {
return err
} else if bi != nil {
buildinfosMutex.Lock()
buildinfos[platforms.Format(platform)] = bi
buildinfosMutex.Unlock()
}
return nil
})
}(platform)
}
if err := eg.Wait(); err != nil {
return err
}
format := tpl.Root.String() format := tpl.Root.String()
var manifest interface{} var mfst interface{}
switch p.manifest.MediaType { switch p.manifest.MediaType {
case images.MediaTypeDockerSchema2Manifest, ocispecs.MediaTypeImageManifest: case images.MediaTypeDockerSchema2Manifest, ocispecs.MediaTypeImageManifest:
manifest = p.manifest mfst = p.manifest
case images.MediaTypeDockerSchema2ManifestList, ocispecs.MediaTypeImageIndex: case images.MediaTypeDockerSchema2ManifestList, ocispecs.MediaTypeImageIndex:
manifest = struct { mfst = struct {
SchemaVersion int `json:"schemaVersion"` SchemaVersion int `json:"schemaVersion"`
MediaType string `json:"mediaType,omitempty"` MediaType string `json:"mediaType,omitempty"`
Digest digest.Digest `json:"digest"` Digest digest.Digest `json:"digest"`
@ -170,10 +127,11 @@ func (p *Printer) Print(raw bool, out io.Writer) error {
switch { switch {
// TODO: print formatted config // TODO: print formatted config
case strings.HasPrefix(format, "{{.Manifest"), strings.HasPrefix(format, "{{.BuildInfo"): case strings.HasPrefix(format, "{{.Manifest"):
w := tabwriter.NewWriter(out, 0, 0, 1, ' ', 0) w := tabwriter.NewWriter(out, 0, 0, 1, ' ', 0)
_, _ = fmt.Fprintf(w, "Name:\t%s\n", p.ref.String()) _, _ = fmt.Fprintf(w, "Name:\t%s\n", p.ref.String())
if strings.HasPrefix(format, "{{.Manifest") { switch {
case strings.HasPrefix(format, "{{.Manifest"):
_, _ = fmt.Fprintf(w, "MediaType:\t%s\n", p.manifest.MediaType) _, _ = fmt.Fprintf(w, "MediaType:\t%s\n", p.manifest.MediaType)
_, _ = fmt.Fprintf(w, "Digest:\t%s\n", p.manifest.Digest) _, _ = fmt.Fprintf(w, "Digest:\t%s\n", p.manifest.Digest)
_ = w.Flush() _ = w.Flush()
@ -181,42 +139,47 @@ func (p *Printer) Print(raw bool, out io.Writer) error {
case images.MediaTypeDockerSchema2ManifestList, ocispecs.MediaTypeImageIndex: case images.MediaTypeDockerSchema2ManifestList, ocispecs.MediaTypeImageIndex:
_ = p.printManifestList(out) _ = p.printManifestList(out)
} }
} else if strings.HasPrefix(format, "{{.BuildInfo") {
_ = w.Flush()
_ = p.printBuildInfos(buildinfos, out)
} }
default: default:
if len(p.platforms) > 1 { if len(res.platforms) > 1 {
return tpl.Execute(out, struct { return tpl.Execute(out, struct {
Name string `json:"name,omitempty"` Name string `json:"name,omitempty"`
Manifest interface{} `json:"manifest,omitempty"` Manifest interface{} `json:"manifest,omitempty"`
Image map[string]*ocispecs.Image `json:"image,omitempty"` Image map[string]*ocispecs.Image `json:"image,omitempty"`
BuildInfo map[string]*binfotypes.BuildInfo `json:"buildinfo,omitempty"` SLSA map[string]slsaStub `json:"SLSA,omitempty"`
SBOM map[string]sbomStub `json:"SBOM,omitempty"`
}{ }{
Name: p.name, Name: p.name,
Manifest: manifest, Manifest: mfst,
Image: imageconfigs, Image: imageconfigs,
BuildInfo: buildinfos, SLSA: slsas,
SBOM: sboms,
}) })
} }
var ic *ocispecs.Image var ic *ocispecs.Image
for _, v := range imageconfigs { for _, v := range imageconfigs {
ic = v ic = v
} }
var bi *binfotypes.BuildInfo var slsa slsaStub
for _, v := range buildinfos { for _, v := range slsas {
bi = v slsa = v
}
var sbom sbomStub
for _, v := range sboms {
sbom = v
} }
return tpl.Execute(out, struct { return tpl.Execute(out, struct {
Name string `json:"name,omitempty"` Name string `json:"name,omitempty"`
Manifest interface{} `json:"manifest,omitempty"` Manifest interface{} `json:"manifest,omitempty"`
Image *ocispecs.Image `json:"image,omitempty"` Image *ocispecs.Image `json:"image,omitempty"`
BuildInfo *binfotypes.BuildInfo `json:"buildinfo,omitempty"` SLSA slsaStub `json:"SLSA,omitempty"`
SBOM sbomStub `json:"SBOM,omitempty"`
}{ }{
Name: p.name, Name: p.name,
Manifest: manifest, Manifest: mfst,
Image: ic, Image: ic,
BuildInfo: bi, SLSA: slsa,
SBOM: sbom,
}) })
} }
@ -252,6 +215,7 @@ func (p *Printer) printManifestList(out io.Writer) error {
_, _ = fmt.Fprintf(w, "%sURLs:\t%s\n", defaultPfx, strings.Join(m.URLs, ", ")) _, _ = fmt.Fprintf(w, "%sURLs:\t%s\n", defaultPfx, strings.Join(m.URLs, ", "))
} }
if len(m.Annotations) > 0 { if len(m.Annotations) > 0 {
_, _ = fmt.Fprintf(w, "%sAnnotations:\t\n", defaultPfx)
_ = w.Flush() _ = w.Flush()
w2 := tabwriter.NewWriter(os.Stdout, 0, 0, 1, ' ', 0) w2 := tabwriter.NewWriter(os.Stdout, 0, 0, 1, ' ', 0)
for k, v := range m.Annotations { for k, v := range m.Annotations {
@ -263,83 +227,3 @@ func (p *Printer) printManifestList(out io.Writer) error {
} }
return w.Flush() return w.Flush()
} }
func (p *Printer) printBuildInfos(bis map[string]*binfotypes.BuildInfo, out io.Writer) error {
if len(bis) == 0 {
return nil
} else if len(bis) == 1 {
for _, bi := range bis {
return p.printBuildInfo(bi, "", out)
}
}
var pkeys []string
for _, pform := range p.platforms {
pkeys = append(pkeys, platforms.Format(pform))
}
sort.Strings(pkeys)
for _, platform := range pkeys {
bi := bis[platform]
w := tabwriter.NewWriter(out, 0, 0, 1, ' ', 0)
_, _ = fmt.Fprintf(w, "\t\nPlatform:\t%s\t\n", platform)
_ = w.Flush()
if err := p.printBuildInfo(bi, "", out); err != nil {
return err
}
}
return nil
}
func (p *Printer) printBuildInfo(bi *binfotypes.BuildInfo, pfx string, out io.Writer) error {
w := tabwriter.NewWriter(out, 0, 0, 1, ' ', 0)
_, _ = fmt.Fprintf(w, "%sFrontend:\t%s\n", pfx, bi.Frontend)
if len(bi.Attrs) > 0 {
_, _ = fmt.Fprintf(w, "%sAttrs:\t\n", pfx)
_ = w.Flush()
for k, v := range bi.Attrs {
_, _ = fmt.Fprintf(w, "%s%s:\t%s\n", pfx+defaultPfx, k, *v)
}
}
if len(bi.Sources) > 0 {
_, _ = fmt.Fprintf(w, "%sSources:\t\n", pfx)
_ = w.Flush()
for i, v := range bi.Sources {
if i != 0 {
_, _ = fmt.Fprintf(w, "\t\n")
}
_, _ = fmt.Fprintf(w, "%sType:\t%s\n", pfx+defaultPfx, v.Type)
_, _ = fmt.Fprintf(w, "%sRef:\t%s\n", pfx+defaultPfx, v.Ref)
_, _ = fmt.Fprintf(w, "%sPin:\t%s\n", pfx+defaultPfx, v.Pin)
}
}
if len(bi.Deps) > 0 {
_, _ = fmt.Fprintf(w, "%sDeps:\t\n", pfx)
_ = w.Flush()
firstPass := true
for k, v := range bi.Deps {
if !firstPass {
_, _ = fmt.Fprintf(w, "\t\n")
}
_, _ = fmt.Fprintf(w, "%sName:\t%s\n", pfx+defaultPfx, k)
_ = w.Flush()
_ = p.printBuildInfo(&v, pfx+defaultPfx, out)
firstPass = false
}
}
return w.Flush()
}
func (p *Printer) getImageConfig(platform *ocispecs.Platform) (*ocispecs.Image, []byte, error) {
_, dtic, err := p.resolver.ImageConfig(p.ctx, p.name, platform)
if err != nil {
return nil, nil, err
}
var img *ocispecs.Image
if err = json.Unmarshal(dtic, &img); err != nil {
return nil, nil, err
}
return img, dtic, nil
}

Loading…
Cancel
Save