schema/digest: include characters urlsafe base64 encoding

Signed-off-by: Stephen J Day <stephen.day@docker.com>
opencontainers · May 4, 2017 · 7637741 · 7637741
1 parent d75e562
commit 7637741
Show file tree

Hide file tree

Showing 4 changed files with 52 additions and 41 deletions.
diff --git a/descriptor.md b/descriptor.md
@@ -57,7 +57,7 @@ The following field keys are reserved and MUST NOT be used by other specificatio
 All other fields may be included in other OCI specifications.
 Extended _Descriptor_ field additions proposed in other OCI specifications SHOULD first be considered for addition into this specification.
 
-## Digests and Verification
+## Digests
 
 The _digest_ property of a Descriptor acts as a content identifier, enabling [content addressability](http://en.wikipedia.org/wiki/Content-addressable_storage).
 It uniquely identifies content by taking a [collision-resistant hash](https://en.wikipedia.org/wiki/Cryptographic_hash_function) of the bytes.
@@ -71,26 +71,30 @@ A digest string MUST match the following grammar:
 ```
 digest      := algorithm ":" encoded
 algorithm   := /[a-z0-9]+(?:[+._-][a-z0-9]+)*/
-encoded     := /[a-zA-Z0-9]+/
+encoded     := /[a-zA-Z0-9_-]+/
 ```
-Some example digests include the following:
+
+Some example digest strings include the following:
 
 digest                                                                  | algorithm           | Supported |
 ------------------------------------------------------------------------|---------------------|-----------|
 sha256:6c3c624b58dbbcd3c0dd82b4c53f04194d1247c6eebdaab7c610cf7d66709b3b | [SHA-256](#sha-256) | Yes       |
 sha512:401b09eab3c013d4ca54922bb802bec8fd5318192b0a75f201d8b3727429080fb337591abd3e44453b954555b7a0812e1081c39b740293f765eae731f5a65ed1 | [SHA-256](#sha-512) | Yes      |
 multihash+base58:QmRZxt2b1FVZPNqd8hsiykDL3TdBDeTSPX9Kv46HmX4Gx8`        | Multihash           | No        |
+sha256+b64:LCa0a2j_xo_5m0U8HTBBNBNCLXBkg7-g-YpeiGJm564                  | SHA-256 with base64 | No        |
 
 Please see [Registered Algorithms](#registered-identifiers) for a list of supported algorithms.
 
 Implementations SHOULD allow digests that are unsupported to pass validation if they comply with the above grammar.
 While `sha256` will only use hex encoded digests, support for separators in _algorithm_ and alpha numeric in _encoded_ is included to allow for future extension of digest support.
 As an example, we can paramterize the encoding and algorithm as `multihash+base58:QmRZxt2b1FVZPNqd8hsiykDL3TdBDeTSPX9Kv46HmX4Gx8`, which would be considered valid but unsupported by this specification.
 
-* Before consuming content targeted by a descriptor from untrusted sources, the byte content SHOULD be verified against the digest string.
-* Before calculating the digest, the size of the content SHOULD be verified to reduce hash collision space.
-* Heavy processing before calculating a hash SHOULD be avoided.
-* Implementations MAY employ [canonicalization](canonicalization.md) of the underlying content to ensure stable content identifiers.
+### Verification
+
+Before consuming content targeted by a descriptor from untrusted sources, the byte content SHOULD be verified against the digest string.
+Before calculating the digest, the size of the content SHOULD be verified to reduce hash collision space.
+Heavy processing before calculating a hash SHOULD be avoided.
+Implementations MAY employ [canonicalization](canonicalization.md) of the underlying content to ensure stable content identifiers.
 
 ### Digest calculations
 

diff --git a/schema/defs-descriptor.json b/schema/defs-descriptor.json
@@ -9,7 +9,7 @@
     "digest": {
       "description": "the cryptographic checksum digest of the object, in the pattern '<algorithm>:<encoded>'",
       "type": "string",
-      "pattern": "^[a-z0-9]+(?:[+._-][a-z0-9]+)*:[a-zA-Z0-9]+$"
+      "pattern": "^[a-z0-9]+(?:[+._-][a-z0-9]+)*:[a-zA-Z0-9_-]+$"
     },
     "urls": {
       "description": "a list of urls from which this object may be downloaded",

diff --git a/schema/descriptor_test.go b/schema/descriptor_test.go
@@ -276,6 +276,13 @@ func TestDescriptor(t *testing.T) {
     }`,
 			fail: true,
 		},
+		{
+			descriptor: `{
+				"digest": "sha256+b64:LCa0a2j_xo_5m0U8HTBBNBNCLXBkg7-g-YpeiGJm564",
+				"size": 1000000,
+				"mediaType": "application/vnd.oci.image.config.v1+json"
+			}`,
+		},
 	} {
 		r := strings.NewReader(tt.descriptor)
 		err := schema.ValidatorMediaTypeDescriptor.Validate(r)

diff --git a/schema/fs.go b/schema/fs.go
@@ -222,32 +222,32 @@ b1D07fCyW0vviMlWxN4UcYpZ/Enjdtf+RQ3SGiZ/vj8oANpKu/UTMV9kR1SDMjPzGZ6y5MQwnZvwWfX7
 
 	"/content-descriptor.json": {
 		local:   "content-descriptor.json",
-		size:    1091,
-		modtime: 1489087148,
+		size:    1085,
+		modtime: 1493147571,
 		compressed: `
-H4sIAAAAAAAA/5yTwW7UMBCG73mKUVqpl27NoeIQVb3AnQPcEAevPY6nJLYZz6oE1HdHjrNsAoiFve2O
-/m/mm2j8vQFoLWbDlIRiaDto3yUMb2IQTQEZyi8MAm+XUGR4n9CQI6Nn4ra0uM7G46gL7kVSp9RTjmFX
-q3eRe2VZO9m9ule1dlU5skckd0rFhMEcJ+cZq2llf06vnEwJCxn3T2ik1hLHhCyEue2gLAbQjmhJf6jh
-Wvp9X/EIc640heigFBgdMgaDFlYzZvya0RXOosu7k9hd2fhKWXQUqPTO6jR9Zl9qizbTt3M+JQIUYD8J
-5v90+oMIBXl9v5Ww1GOWMxqGpySxZ508GTAezed8GKGyR63qclt0y9+kRZAD3Dx4nf1j9+Dxq7ZoaNTD
-Qj7eXPI1F+PNFgce8l920DBQFS1BcBxHePZkPIinvJjDqCfYI9j4HIaoLdpL7GaTjZsOIcr8RjaK/3ry
-NOoeV4ev1v0uEFzj1bNZXFvGLwdiLGIff30365vdnk4D8Kl5aX4EAAD//4LEuuxDBAAA
+H4sIAAAAAAAA/5yTwW7UMBCG73mKUVqpl27NoeIQVb3AnQPcEAevPY6nbGwznlW1oL47mniXJoAo3Vsy
++r+Zz8n4RwfQe6yOqQjl1A/QfyiY3uUklhIy6BMmgffHUGb4WNBRIGdn4lpbXFYXcbKKR5EyGPNQc9q0
+6k3m0Xi2QTZvbk2rXTSO/AmpgzG5YHKnyXXGWtr4X9MbJ4eCSubtAzpptcK5IAth7QfQgwH0E3qyn1q4
+lf48r0SEOadNIQfQAmNAxuTQw2LGjF8yBuU8hrp5FrvRE18Yj4ESae9qnqfP7FNr0Vf6/pKPRoASbA+C
+9ZVOfxGhJG9v1xKeRqzygobjQ5E8si2RHLiI7mvdT9DYk1ZzuVZdfS1WBDnB1Z3djZlJ4nQ/3OmP9ejv
+r875jkfXlf+ed/Uf9hZ21BQ1CIHzBI+RXASJVI/OMNkDbBF8fky7bD36c+xmk5WbTSnLfDtWiv+77DTZ
+ERcrb5b9zhBc4s2zO7r2jN/2xKhin3+/McttXS9NB/Cle+p+BgAA///HjexwPQQAAA==
 `,
 	},
 
 	"/defs-descriptor.json": {
 		local:   "defs-descriptor.json",
-		size:    918,
-		modtime: 1493145992,
+		size:    921,
+		modtime: 1493324159,
 		compressed: `
-H4sIAAAAAAAA/6STTW/UQAyG7/srzHRFgd1sCgckoqqooncO5dRqW7kTJ3HJfMjjVbVU+99RPprdFoFA
-HBKNLft9/TiTxxmAKSlZ4agcvCnAXFDFnrsoQURRtpsWBTTA10j+S/CK7EngYmwLApeRLFdssddYDqKT
-iimg8wEwjkrGb9tIUwrAcNm5NqoxFXkeInn75JFWQeo82YYc5uywprycXPO92vJJSwdtk1TY1/t8RFWS
-Hu/m+jy7wuzHSfZpvT++Opq/zm5uV4v148ny/YePu/zvyuamt9gNTqbkmpIe0r1YrjYEVrZRQy0YG7Zg
-G7Lf08bB0Auhgq4o3N2T1SWw78MRAI5Psa2DsDburDgdWs6O/3EBI9bizefierG6zdZT5u27ojufZ1d9
-+IJuI236AxtCywNAVwiVBAcPDdsGtOE0EoHDLdwRlOHBtwFLKn8dHkVwu0+zkjv0/T0mgKmCOOy+gNkI
-mzG/e4aB3gfF51fzf+7hod409Fyo6vRKqtLqPgV/lB/8ErnDeNnPPrzHPc+6Zzf7GQAA///h5dXMlgMA
-AA==
+H4sIAAAAAAAA/6STX2/TMBTF3/spLl7FgDZN4QFp0TQ0sXcextOmrrqzb+I74j+yXU1l6ndHTrK0KwKB
+9pDIPro+5/5unKcJgFAUZWCf2FlRgbiimi3nXQSPIbHctBggOfjmyX51NiFbCnA1HHMBrj1Jrlli5zHv
+TUcXUUHOARCGFOP3radRAhCscqpOyceqLJ0nK58z4sKFpoxSk8GSDTZUqjG13LvNn71S7y1iCmybve4x
+JQod3t3tZXGDxc9lcbbaL9+cTN8Wd+vFbPW0nH/89HlX/lvZVHQRuz5JKG4opkO6o+EmTSDD1ifXBPSa
+JUhN8kfcGOjPgqshF7n7B5JpDmy77QAAp+fYNi5w0uaiOs+jUqQuTv9zAgPX7N2X6na2WBerUXn/ocrr
+y+JmWZyti9XsCHAT2vgXPISWe4ZcCHVwBh41Sw1JcxygwOAW7gmUe7StQ0Xq9/YxBNzuZU5kDnP/DAog
+ahcM5o8gNoHFoO9eYKC1LuHL2/maq3joNzY9DVRnP0V1XDxEZ0/Kg7+iNOivu9779zDnSX52k18BAAD/
+/7fEAguZAwAA
 `,
 	},
 
@@ -268,21 +268,21 @@ fIvD7in0ryMEy+fK1G6UfmdTE+tvpoL+1wV/AgAA//96IpqyhgYAAA==
 
 	"/image-index-schema.json": {
 		local:   "image-index-schema.json",
-		size:    3157,
-		modtime: 1489087148,
+		size:    3151,
+		modtime: 1493147606,
 		compressed: `
-H4sIAAAAAAAA/7yWz27bOBDG736KgRIglyRcLII9GEEuu5ec9tCglyKHCTmyJrVIlaSTuIXfvSBp2ZIo
-u4lq9GYPOd98vxH//ZgBFIqctNx4NrqYQ/F/Q/pfoz2yJgv3NS4I7rWiN/jUkOSSJcaplyH33MmKagx5
-lffNXIhnZ/RVil4buxDKYumv/roRKXaW8li1KW4uhGlIy7aki2lptuBQXnAonxL9uqGQap6eSfoUa6xp
-yHomV8whIAEUKf8zWZewUjinfajYQcm0VOASHjnwFUGsDLEyJDF4SWqADlADa08LstFCVJ7AJPo2d1It
-ZVajZs31qi7m8Pc+hm9tLIY2aaSoUXNJzrsufquM1uK6491T3Z33YZy22H/b9pq96fGvth2x9G3FlkKt
-L7toME+K8SGkXXbDjr8PIooX5HyxCz12xEcWRibfH8gXSFgLcXZgAFPGxWGpJEtakoIMKYqcWypDtqLS
-XaldT67D7jgTikrWHCo4sXfSUdjk0O/xGSYCa3hae3KTvI4YZO3/uTlsbtv/99iTdt14s7DYVCxBViS/
-ulUNSaG1mzxeBozwt0HvyWq4uK3QVXfz24reUJHkGpfbzLuL6d0frp4h3couh2snZ0NYcgII06G0pobX
-imUFPpwuiQhqXMMTgTKvemlQkZruOro66LlZoi+NrXPfH9vSO52Bz4ObGY5s6DiGVlbsSfqVpUEeQGF6
-TL2dDEd3c66dj0+mF0dNd9rhvGW9KAYTNmOYp7Rn3GlMXb9kd+UpzO1kT2OyJAzf4dQt3Osesdm/Mrtl
-s8vz3ZAAm19iv6Bl1PkRO6mHxxv4h1Fnh/71DzTU2vj46Bw5iz/2zffHquiqTj6JuyKzMZb216b3NBsn
-mvSCHMP4HYBgNNrMT/Ji7LXaeWbOAB5nm9nPAAAA//+x+RVQVQwAAA==
+H4sIAAAAAAAA/7yWP2/bPBDGd3+KgxIgSxK+eBF0MIIs7ZKpQ4MuRQaGPFmXWqR6pJO4hb97QTKyJVF2
+E9XoZh95z/2eE//9mgEUGp1iajxZU8yh+Nyg+WiNl2SQ4baWC4Rbo/EFvjSoqCQl49TzkHvqVIW1DHmV
+981ciEdnzUWKXlpeCM2y9Bf/XYkUO0l5pNsUNxfCNmhUW9LFtDRbUCgvKJRPiX7dYEi1D4+ofIo1bBtk
+T+iKOQRLAEXK/4rskq0Uzt3eVeSgJFxqcMkeOvAVQqwMsTIkMXhKaiAdSANkPC6QI0JUnuBJ9DG3Uq3L
+rEZNhupVXczh/11MvrSxGNqkkaKWhkp03nXtt8qSWa477B7r7rx322mLfXptr91Bj3+11xHGHytiDLW+
+baMBHjXJu5B23g07+jmIaFqg88U2dN8RH1kYmXx/IF8gYS3E2cED2DIuDsYSGY1CDZmlKHLKWIZsjaW7
+0NueXIbdcSI0lmQoVHBiR9JR2OSm38IZJgIZeFh7dJNYRwDJ+A9X++Fe+/8WPMXrxtsFy6YiBapC9d2t
+akgKLW5iPA82wt9Geo9s4OxaLheWyVf1zfw6rEWN+uZset+H62boa8XL4arJXUlYUkIP06FkW8NzRaoC
+H86V5AVquYYHBG2fzdJKjXo6daTay9wspS8t1zn3+zbzVmfAuXcbw4GtHMckq4o8Kr9iHOQBFLbnqbeH
+4eA+zrXz8cnuxUHoTjucZzKLYjBhM2bzmHjWHQfq8im7JY8Bt5U9DmSJMnyHY7dwp3sAs39Zdstm1+ab
+TQJs/mj7STJJkx+uk3p4uIH/2Ops37/+gSaNsT4+N0fO4vd9892xKrqqk0/irshszEv7a9N7lI07mvR2
+HLPxNwYCaMTMT/Ji7J3aeWDOAO5nm9nvAAAA//8Mp+UwTwwAAA==
 `,
 	},