[PATCH v4] erofs-utils: oci: add support for indexing by layer digest
hudsonZhu
hudson at cyzhu.com
Tue Sep 23 13:35:55 AEST 2025
Sure. I’ll make these changes.
Thanks,
Chengyu
> 2025年9月23日 11:19,Gao Xiang <hsiangkao at linux.alibaba.com> 写道:
>
>
>
> On 2025/9/23 10:55, ChengyuZhu6 wrote:
>> From: Chengyu Zhu <hudsonzhu at tencent.com>
>> Add support for indexing by layer_digest string for more precise
>> and reliable OCI layer identification. This change affects both mkfs.erofs
>> and mount.erofs tools.
>> Signed-off-by: Chengyu Zhu <hudsonzhu at tencent.com>
>> ---
>> lib/liberofs_oci.h | 6 +-
>> lib/remotes/oci.c | 87 +++++++++++++++++++-------
>> mkfs/main.c | 78 ++++++++++++++---------
>> mount/main.c | 153 ++++++++++++++++++++++++++++++++-------------
>> 4 files changed, 228 insertions(+), 96 deletions(-)
>> diff --git a/lib/liberofs_oci.h b/lib/liberofs_oci.h
>> index aa41141..621eb2b 100644
>> --- a/lib/liberofs_oci.h
>> +++ b/lib/liberofs_oci.h
>> @@ -21,7 +21,8 @@ struct erofs_importer;
>> * @platform: target platform in "os/arch" format (e.g., "linux/amd64")
>> * @username: username for authentication (optional)
>> * @password: password for authentication (optional)
>> - * @layer_index: specific layer to extract (-1 for all layers)
>> + * @layer_digest: specific layer digest to extract (NULL for all layers)
>
> blob_digest?
>
>> + * @layer_index: specific layer index to extract (negative for all layers)
>> *
>> * Configuration structure for OCI image parameters including registry
>> * location, image identification, platform specification, and authentication
>> @@ -32,6 +33,7 @@ struct ocierofs_config {
>> char *platform;
>> char *username;
>> char *password;
>> + char *layer_digest;
>
> blob_digest?
>
>> int layer_index;
>> };
>> @@ -51,7 +53,7 @@ struct ocierofs_ctx {
>> char *tag;
>> char *manifest_digest;
>> struct ocierofs_layer_info **layers;
>> - int layer_index;
>> + char *layer_digest;
>
> blob_digest?
>
>> int layer_count;
>> };
>> diff --git a/lib/remotes/oci.c b/lib/remotes/oci.c
>> index 26aec27..b6118da 100644
>> --- a/lib/remotes/oci.c
>> +++ b/lib/remotes/oci.c
>> @@ -898,6 +898,20 @@ static int ocierofs_prepare_auth(struct ocierofs_ctx *ctx,
>> return 0;
>> }
>> +static int ocierofs_find_layer_by_digest(struct ocierofs_ctx *ctx, const char *digest)
>> +{
>> + int i;
>> +
>> + for (i = 0; i < ctx->layer_count; i++) {
>> + DBG_BUGON(!ctx->layers[i]);
>> + DBG_BUGON(!ctx->layers[i]->digest);
>> +
>> + if (!strcmp(ctx->layers[i]->digest, digest))
>> + return i;
>> + }
>> + return -1;
>> +}
>> +
>> static int ocierofs_prepare_layers(struct ocierofs_ctx *ctx,
>> const struct ocierofs_config *config)
>> {
>> @@ -925,16 +939,34 @@ static int ocierofs_prepare_layers(struct ocierofs_ctx *ctx,
>> goto out_manifest;
>> }
>> - if (ctx->layer_index >= ctx->layer_count) {
>> - erofs_err("layer index %d exceeds available layers (%d)",
>> - ctx->layer_index, ctx->layer_count);
>> - ret = -EINVAL;
>> - goto out_layers;
>> + if (!ctx->layer_digest && config->layer_index >= 0) {
>> + if (config->layer_index >= ctx->layer_count) {
>> + erofs_err("layer index %d out of range (0..%d)",
>> + config->layer_index, ctx->layer_count - 1);
>> + ret = -EINVAL;
>> + goto out_layers;
>> + }
>> + DBG_BUGON(!ctx->layers[config->layer_index]);
>> + DBG_BUGON(!ctx->layers[config->layer_index]->digest);
>> + ctx->layer_digest = strdup(ctx->layers[config->layer_index]->digest);
>> + if (!ctx->layer_digest) {
>> + ret = -ENOMEM;
>> + goto out_layers;
>> + }
>> + }
>> +
>> + if (ctx->layer_digest) {
>> + if (ocierofs_find_layer_by_digest(ctx, ctx->layer_digest) < 0) {
>> + erofs_err("layer digest %s not found in image layers",
>> + ctx->layer_digest);
>> + ret = -ENOENT;
>> + goto out_layers;
>> + }
>> }
>> return 0;
>> out_layers:
>> - free(ctx->layers);
>> + ocierofs_free_layers_info(ctx->layers, ctx->layer_count);
>> ctx->layers = NULL;
>> out_manifest:
>> free(ctx->manifest_digest);
>> @@ -1054,10 +1086,10 @@ static int ocierofs_init(struct ocierofs_ctx *ctx, const struct ocierofs_config
>> if (ocierofs_curl_setup_common_options(ctx->curl))
>> return -EIO;
>> - if (config->layer_index >= 0)
>> - ctx->layer_index = config->layer_index;
>> + if (config->layer_digest)
>> + ctx->layer_digest = strdup(config->layer_digest);
>> else
>> - ctx->layer_index = -1;
>> + ctx->layer_digest = NULL;
>> ctx->registry = strdup("registry-1.docker.io");
>> ctx->tag = strdup("latest");
>> if (config->platform)
>> @@ -1190,6 +1222,7 @@ static void ocierofs_ctx_cleanup(struct ocierofs_ctx *ctx)
>> free(ctx->tag);
>> free(ctx->platform);
>> free(ctx->manifest_digest);
>> + free(ctx->layer_digest);
>> }
>> int ocierofs_build_trees(struct erofs_importer *importer,
>> @@ -1204,8 +1237,13 @@ int ocierofs_build_trees(struct erofs_importer *importer,
>> return ret;
>> }
>> - if (ctx.layer_index >= 0) {
>> - i = ctx.layer_index;
>> + if (ctx.layer_digest) {
>> + i = ocierofs_find_layer_by_digest(&ctx, ctx.layer_digest);
>> + if (i < 0) {
>> + erofs_err("layer digest %s not found", ctx.layer_digest);
>> + ret = -ENOENT;
>> + goto out;
>> + }
>> end = i + 1;
>> } else {
>> i = 0;
>> @@ -1215,25 +1253,26 @@ int ocierofs_build_trees(struct erofs_importer *importer,
>> while (i < end) {
>> char *trimmed = erofs_trim_for_progressinfo(ctx.layers[i]->digest,
>> sizeof("Extracting layer ...") - 1);
>> - erofs_update_progressinfo("Extracting layer %d: %s ...", i,
>> - trimmed);
>> + erofs_update_progressinfo("Extracting layer %s ...", trimmed);
>> free(trimmed);
>> fd = ocierofs_extract_layer(&ctx, ctx.layers[i]->digest,
>> ctx.auth_header);
>> if (fd < 0) {
>> - erofs_err("failed to extract layer %d: %s", i,
>> - erofs_strerror(fd));
>> + erofs_err("failed to extract layer %s: %s",
>> + ctx.layers[i]->digest, erofs_strerror(fd));
>> + ret = fd;
>> break;
>> }
>> ret = ocierofs_process_tar_stream(importer, fd);
>> close(fd);
>> if (ret) {
>> - erofs_err("failed to process tar stream for layer %d: %s", i,
>> - erofs_strerror(ret));
>> + erofs_err("failed to process tar stream for layer %s: %s",
>> + ctx.layers[i]->digest, erofs_strerror(ret));
>> break;
>> }
>> i++;
>> }
>> +out:
>> ocierofs_ctx_cleanup(&ctx);
>> return ret;
>> }
>> @@ -1246,12 +1285,18 @@ static int ocierofs_download_blob_range(struct ocierofs_ctx *ctx, off_t offset,
>> const char *api_registry;
>> char rangehdr[64];
>> long http_code = 0;
>> - int ret;
>> - int index = ctx->layer_index;
>> - u64 blob_size = ctx->layers[index]->size;
>> + int ret, index;
>> + const char *digest;
>> + u64 blob_size;
>> size_t available;
>> size_t copy_size;
>> + index = ocierofs_find_layer_by_digest(ctx, ctx->layer_digest);
>> + if (index < 0)
>> + return -ENOENT;
>> + digest = ctx->layer_digest;
>> + blob_size = ctx->layers[index]->size;
>> +
>> if (offset < 0)
>> return -EINVAL;
>> @@ -1265,7 +1310,7 @@ static int ocierofs_download_blob_range(struct ocierofs_ctx *ctx, off_t offset,
>> api_registry = ocierofs_get_api_registry(ctx->registry);
>> if (asprintf(&req.url, "https://%s/v2/%s/blobs/%s",
>> - api_registry, ctx->repository, ctx->layers[index]->digest) == -1)
>> + api_registry, ctx->repository, digest) == -1)
>> return -ENOMEM;
>> if (length)
>> diff --git a/mkfs/main.c b/mkfs/main.c
>> index 50e2bdb..6eb4203 100644
>> --- a/mkfs/main.c
>> +++ b/mkfs/main.c
>> @@ -215,9 +215,10 @@ static void usage(int argc, char **argv)
>> #endif
>> #ifdef OCIEROFS_ENABLED
>> " --oci[=platform=X] X=platform (default: linux/amd64)\n"
>> - " [,layer=Y] Y=layer index to extract (0-based; omit to extract all layers)\n"
>> - " [,username=Z] Z=username for authentication (optional)\n"
>> - " [,password=W] W=password for authentication (optional)\n"
>> + " [,layer_index=Y] Y=layer index to extract (0-based; omit to extract all layers)\n"
>> + " [,layer_digest=Z] Z=layer digest to extract (omit to extract all layers)\n"
>
> Can we use
> " [,layer=#] #=layer index to extract (0-based; omit to extract all layers)\n"
> " [,blob=Y] Y=layer digest to extract (omit to extract all layers)\n"
>
> instead?
>
>> + " [,username=W] W=username for authentication (optional)\n"
>> + " [,password=V] V=password for authentication (optional)\n"
>> #endif
>> " --tar=X generate a full or index-only image from a tarball(-ish) source\n"
>> " (X = f|i|headerball; f=full mode, i=index mode,\n"
>> @@ -707,13 +708,14 @@ static int mkfs_parse_s3_cfg(char *cfg_str)
>> * @options_str: comma-separated options string
>> *
>> * Parse OCI options string containing comma-separated key=value pairs.
>> - * Supported options include platform, layer, username, and password.
>> + * Supported options include platform, layer_digest, layer_index, username, and password.
>> *
>> * Return: 0 on success, negative errno on failure
>> */
>> static int mkfs_parse_oci_options(struct ocierofs_config *oci_cfg, char *options_str)
>> {
>> char *opt, *q, *p;
>> + long idx;
>> if (!options_str)
>> return 0;
>> @@ -732,40 +734,57 @@ static int mkfs_parse_oci_options(struct ocierofs_config *oci_cfg, char *options
>> if (!oci_cfg->platform)
>> return -ENOMEM;
>> } else {
>> - p = strstr(opt, "layer=");
>> + p = strstr(opt, "layer_digest=");
>
>
> layer=
>
>> if (p) {
>> - p += strlen("layer=");
>> - {
>> - char *endptr;
>> - unsigned long v = strtoul(p, &endptr, 10);
>> -
>> - if (endptr == p || *endptr != '\0') {
>> - erofs_err("invalid layer index %s",
>> - p);
>> - return -EINVAL;
>> - }
>> - oci_cfg->layer_index = (int)v;
>> + p += strlen("layer_digest=");
>
>
> blob=
>
>> + free(oci_cfg->layer_digest);
>> +
>> + if (oci_cfg->layer_index >= 0) {
>> + erofs_err("invalid --oci: layer_digest and layer_index cannot be set together");
>> + return -EINVAL;
>> + }
>> +
>> + if (strncmp(p, "sha256:", 7) != 0) {
>> + if (asprintf(&oci_cfg->layer_digest, "sha256:%s", p) < 0)
>> + return -ENOMEM;
>> + } else {
>> + oci_cfg->layer_digest = strdup(p);
>> + if (!oci_cfg->layer_digest)
>> + return -ENOMEM;
>> }
>> } else {
>> - p = strstr(opt, "username=");
>> + p = strstr(opt, "layer_index=");
>> if (p) {
>> - p += strlen("username=");
>> - free(oci_cfg->username);
>> - oci_cfg->username = strdup(p);
>> - if (!oci_cfg->username)
>> - return -ENOMEM;
>> + p += strlen("layer_index=");
>> + if (oci_cfg->layer_digest) {
>> + erofs_err("invalid --oci: layer_index and layer_digest cannot be set together");
>> + return -EINVAL;
>> + }
>> + idx = strtol(p, NULL, 10);
>> + if (idx < 0)
>> + return -EINVAL;
>> + oci_cfg->layer_index = (int)idx;
>> } else {
>> + p = strstr(opt, "username=");
>> + if (p) {
>> + p += strlen("username=");
>> + free(oci_cfg->username);
>> + oci_cfg->username = strdup(p);
>> + if (!oci_cfg->username)
>> + return -ENOMEM;
>> + }
>> +
>> p = strstr(opt, "password=");
>> if (p) {
>> p += strlen("password=");
>> - free(oci_cfg->password);
>> - oci_cfg->password = strdup(p);
>> - if (!oci_cfg->password)
>> - return -ENOMEM;
>> - } else {
>> - erofs_err("mkfs: invalid --oci value %s", opt);
>> - return -EINVAL;
>> + free(oci_cfg->password);
>> + oci_cfg->password = strdup(p);
>> + if (!oci_cfg->password)
>> + return -ENOMEM;
>> }
>> +
>> + erofs_err("mkfs: invalid --oci value %s", opt);
>> + return -EINVAL;
>> }
>> }
>> }
>> @@ -1850,6 +1869,7 @@ int main(int argc, char **argv)
>> #endif
>> #ifdef OCIEROFS_ENABLED
>> } else if (source_mode == EROFS_MKFS_SOURCE_OCI) {
>> + ocicfg.layer_digest = NULL;
>> ocicfg.layer_index = -1;
>> err = mkfs_parse_oci_options(&ocicfg, mkfs_oci_options);
>> diff --git a/mount/main.c b/mount/main.c
>> index f368746..323d1de 100644
>> --- a/mount/main.c
>> +++ b/mount/main.c
>> @@ -81,51 +81,76 @@ static int erofsmount_parse_oci_option(const char *option)
>> {
>> struct ocierofs_config *oci_cfg = &nbdsrc.ocicfg;
>> char *p;
>> + long idx;
>> - p = strstr(option, "oci.layer=");
>> + if (oci_cfg->layer_index == 0 && !oci_cfg->layer_digest &&
>> + !oci_cfg->platform && !oci_cfg->username && !oci_cfg->password)
>> + oci_cfg->layer_index = -1;
>> +
>> + p = strstr(option, "oci.layer_digest=");
>> if (p != NULL) {
>> - p += strlen("oci.layer=");
>> - {
>> - char *endptr;
>> - unsigned long v = strtoul(p, &endptr, 10);
>> + p += strlen("oci.layer_digest=");
>
> oci.blob=
>
>> + free(oci_cfg->layer_digest);
>> - if (endptr == p || *endptr != '\0')
>> - return -EINVAL;
>> - oci_cfg->layer_index = (int)v;
>> + if (oci_cfg->layer_index >= 0) {
>> + erofs_err("invalid options: oci.layer_digest and oci.layer_index cannot be set together");
>> + return -EINVAL;
>> + }
>> +
>> + if (strncmp(p, "sha256:", 7) != 0) {
>> + if (asprintf(&oci_cfg->layer_digest, "sha256:%s", p) < 0)
>> + return -ENOMEM;
>> + } else {
>> + oci_cfg->layer_digest = strdup(p);
>> + if (!oci_cfg->layer_digest)
>> + return -ENOMEM;
>> }
>> } else {
>> - p = strstr(option, "oci.platform=");
>> + p = strstr(option, "oci.layer_index=");
>
> oci.layer =
>
>
> Thanks,
> Gao Xiang
More information about the Linux-erofs
mailing list