From ba12ae6e912129bce87d4f0884205d155ac99331 Mon Sep 17 00:00:00 2001 From: Jimmy Zelinskie Date: Fri, 21 Apr 2017 15:38:05 -0400 Subject: [PATCH] clair: add the additional legacy empty layer (#24) This layer was used in docker prior to being able to support truly empty layers. It is a 1k tarball of 0s. --- clair/types.go | 12 ++++++++++++ main.go | 2 +- 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/clair/types.go b/clair/types.go index 980ef604..b24e633a 100644 --- a/clair/types.go +++ b/clair/types.go @@ -1,10 +1,22 @@ package clair +import "github.com/opencontainers/go-digest" + const ( // EmptyLayerBlobSum is the blob sum of empty layers. EmptyLayerBlobSum = "sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4" + + // LegacyEmptyLayerBlobSum is the blob sum of empty layers used by docker + // before it could support a truly empty layer. + LegacyEmptyLayerBlobSum = "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef" ) +// IsEmptyLayer determines whether the blob sum is one of the known empty +// layers. +func IsEmptyLayer(blobSum digest.Digest) bool { + return blobSum == EmptyLayerBlobSum || blobSum == LegacyEmptyLayerBlobSum +} + var ( // Priorities are the vulnerability priority labels. Priorities = []string{"Unknown", "Negligible", "Low", "Medium", "High", "Critical", "Defcon1"} diff --git a/main.go b/main.go index 97d7e1c9..72e4804c 100644 --- a/main.go +++ b/main.go @@ -275,7 +275,7 @@ func main() { // filter out the empty layers var filteredLayers []schema1.FSLayer for _, layer := range m.FSLayers { - if layer.BlobSum != clair.EmptyLayerBlobSum { + if !clair.IsEmptyLayer(layer.BlobSum) { filteredLayers = append(filteredLayers, layer) } }