Skip to content

Validating successor descriptor during copy #958

New issue
New issue
Open
Open
Validating successor descriptor during copy#958
Labels
enhancementNew feature or request
Milestone
v2.7.0
@Wwwsylvia

Description

@Wwwsylvia
Wwwsylvia
opened on May 19, 2025

Problem

When copying a manifest, it's possible for the manifest to reference a malformed descriptor. For example, the following manifest includes a subject descriptor that is missing the required size field:

{
  "artifactType": "application/vnd.dev.sigstore.bundle.v0.3+json",
  "config": {
    "digest": "sha256:b198fd23d763339899149b9d9c96bf43d4ba9fa97e6c81d502c9fbbb58eb319f",
    "mediaType": "application/vnd.oci.image.config.v1+json",
    "size": 233
  },
  "layers": [
    {
      "digest": "sha256:eb14f1aeeecfb76481f4ff70b2d523fe065d947932768317bb7469581cd0a0a5",
      "mediaType": "application/vnd.dev.cosign.simplesigning.v1+json",
      "size": 432
    }
  ],
  "mediaType": "application/vnd.oci.image.manifest.v1+json",
  "schemaVersion": 2,
"subject": {
    "digest": "sha256:60ac88fe91aee1a990c7f89f8003e391ac80c847321ccf697986320a6e9717c8",
    "mediaType": "application/vnd.oci.image.manifest.v1+json"
  }
}

The relationship between the manifest and its subject can be visualized as:

graph TD;

Manifest--subject-->Subject["Subject (sha256:60ac88...)"]
Loading

During the copy process, the Successors method is invoked on the manifest. This returns the subject descriptor, which is then passed to a goroutine responsible for copying the subject:

{
    "digest": "sha256:60ac88fe91aee1a990c7f89f8003e391ac80c847321ccf697986320a6e9717c8",
    "mediaType": "application/vnd.oci.image.manifest.v1+json"
}

When processing the subject, since this descriptor lacks a size field, it may fail subsequent validation, especially when compared against the Content-Length header from a remote registry. This results in an error like:

Error: GET "https://{registry}/v2/{repo}/manifests/sha256:60ac88fe91aee1a990c7f89f8003e391ac80c847321ccf697986320a6e9717c8": mismatch Content-Length

This error is not intuitive and makes it difficult for users to identify the root cause.

Proposal

To address this, we could consider validating the successor descriptors earlier in the copy process and returning a clear error message when issues are detected.

One possible error message could be:

invalid successor descriptor for {manifest_digest}: successor media type: application/vnd.oci.image.manifest.v1+json; successor size: 0; successor digest: sha256:60ac88fe91aee1a990c7f89f8003e391ac80c847321ccf697986320a6e9717c8

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions