gtristan commented on code in PR #87:
URL:
https://github.com/apache/buildstream-plugins/pull/87#discussion_r2070324765
##########
src/buildstream_plugins/sources/docker.py:
##########
@@ -57,13 +57,44 @@
#
# **Since**: 2.0.1
+ # Specify the version to be reported as the *guess_version* when reporting
+ # SourceInfo
+ #
+ # Since: 2.5
+ #
+ version: 1.2
+
Note that Docker images may contain device nodes. BuildStream elements cannot
contain device nodes so those will be dropped. Any regular files in the /dev
directory will also be dropped.
See `built-in functionality doumentation
<https://docs.buildstream.build/master/buildstream.source.html#core-source-builtins>`_
for
details on common configuration options for sources.
+
+
+Reporting `SourceInfo
<https://docs.buildstream.build/master/buildstream.source.html#buildstream.source.SourceInfo>`_
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+The docker source reports the URL of the docker registry as the *url*.
+
+Further, the docker source reports the ``SourceInfoMedium.OCI_IMAGE`` *medium*
and
+the ``SourceVersionType.DIGEST`` *version_type*, for which it reports the
content
Review Comment:
I sort of feel the opposite in this case.
I've been mulling over this ambiguity, a google search tells me:
> In cryptography, "digest" and "hash" are often used interchangeably, but
technically, a digest is the output of a hash function. SHA-256 is a specific
type of hash function, a cryptographic algorithm that generates a 256-bit
(32-byte) hash value, also known as a message digest
Instead, how about we drop the `SHA256` entirely, since it is just the
*digest* of a more specifically defined hash function ? This was we can still
use `DIGEST` to represent a plugin which might use an `SHA512` algorithm or a
rot 13 hash. Further than this, is it worth understanding *how* the digest of a
docker image or cas digest is produced ?
Docker probably has something to do with accumulatively hashing the later
tarballs. CAS will be more complex and has something to do with cumulatively
hashing a Directory message, or maybe it's the hash of the binary Directory
message... nobody knows until they check. The only obvious digest is the SHA256
digest of a DownloadableFileSource.
This comes down to the same philosophical topic we discussed before...
either the enums are exactly precise and have an exact meaning, or they are
general hints which are descriptive (i.e.: *useless*), and the upstream plugin
documentation **must** be observed.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
