func (pod *Pod) Verify(manifest *Manifest, authPolicy auth.Policy) error {
for _, stanza := range manifest.LaunchableStanzas {
if stanza.DigestLocation == "" {
continue
}
launchable, err := pod.getLaunchable(stanza, manifest.RunAsUser())
if err != nil {
return err
}
// Retrieve the digest data
launchableDigest, err := digest.ParseUris(
launchable.Fetcher,
stanza.DigestLocation,
stanza.DigestSignatureLocation,
)
if err != nil {
return err
}
// Check that the digest is certified
err = authPolicy.CheckDigest(launchableDigest)
if err != nil {
return err
}
// Check that the installed files match the digest
err = launchableDigest.VerifyDir(launchable.InstallDir())
if err != nil {
return err
}
}
return nil
}
func (pod *Pod) Verify(manifest manifest.Manifest, authPolicy auth.Policy) error {
for launchableID, stanza := range manifest.GetLaunchableStanzas() {
if stanza.DigestLocation == "" {
continue
}
launchable, err := pod.getLaunchable(launchableID, stanza, manifest.RunAsUser())
if err != nil {
return err
}
digestLocationURL, err := url.Parse(stanza.DigestLocation)
if err != nil {
return util.Errorf("Couldn't parse digest location '%s' as a url: %s", stanza.DigestLocation, err)
}
digestSignatureLocationURL, err := url.Parse(stanza.DigestSignatureLocation)
if err != nil {
return util.Errorf("Couldn't parse digest signature location '%s' as a url: %s", stanza.DigestSignatureLocation, err)
}
// Retrieve the digest data
launchableDigest, err := digest.ParseUris(
uri.DefaultFetcher,
digestLocationURL,
digestSignatureLocationURL,
)
if err != nil {
return err
}
// Check that the digest is certified
err = authPolicy.CheckDigest(launchableDigest)
if err != nil {
return err
}
// Check that the installed files match the digest
err = launchableDigest.VerifyDir(launchable.InstallDir())
if err != nil {
return err
}
}
return nil
}