Documentation
¶
Overview ¶
Package oci hosts shared OCI/Distribution-spec helpers used by more than one Gantry subsystem. The mirror and the transfer endpoint were each carrying their own parseV2Path; this is their canonical home.
Index ¶
Constants ¶
const MaxRepositoryNameLength = 255
MaxRepositoryNameLength bounds a repository name per the OCI Distribution spec (the full <name> must be at most 255 characters).
Variables ¶
This section is empty.
Functions ¶
func ParseV2Path ¶
ParseV2Path matches a Distribution-spec `/v2/<repo>/(manifests|blobs)/<reference>` URL. Returns the repository path (which may itself contain slashes - e.g. `library/nginx`), the resource kind (manifest vs blob), the reference (tag or digest), and ok=false if the path doesn't match.
The kind separator is the RIGHTMOST `/manifests/` or `/blobs/` in the path, not the first one of a fixed kind. A repository path component may itself be named `manifests` or `blobs` (both match the OCI name grammar), so a path like `/v2/acme/manifests/cache/blobs/<digest>` must parse as repo=`acme/manifests/cache`, kind=blob - testing `/manifests/` first would wrongly clip it to repo=`acme`. The reference (tag or digest) never contains a slash, so the last separator of either kind unambiguously splits repo from reference; whichever separator sits further right wins.
The extracted repository is validated against ValidateRepositoryName; a path whose repository component is outside the OCI name grammar (path traversal, query/fragment characters, control characters, empty components, uppercase) returns ok=false so the untrusted value never reaches origin URL construction or the peer endpoint.
Two-package call sites (mirror + transfer) MUST go through this function so they stay byte-for-byte aligned; otherwise a path the mirror accepts could be rejected by the peer endpoint and vice versa, which would manifest as silent peer-fetch 404s.
func ValidateRepositoryName ¶ added in v0.1.17
ValidateRepositoryName reports whether repo is a well-formed OCI Distribution-spec repository name. It rejects empty values, empty path components, names over MaxRepositoryNameLength, and any value outside the name grammar - so `..`, `?`, `#`, whitespace, control characters, and uppercase are all rejected. Callers use it to keep untrusted repository strings from reaching origin URL construction, containerd keys, and logs.
Types ¶
This section is empty.